ConfigMap for sshd in gitlab-shell does not allow for appropriate port override
Summary
The port for which gitlab-shell listens to is currently hard coded to port 2222: https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/gitlab/charts/gitlab-shell/templates/configmap-sshd.yml#L23
However, we allow this port to be configured in other locations, including the Service that would send traffic to this port: https://gitlab.com/gitlab-org/charts/gitlab/-/blob/master/charts/gitlab/charts/gitlab-shell/templates/service.yaml#L16
This would seem we leave the users with a partial configuration breakage if this gitlab.gitlab-shell.service.internalPort were to be configured differently than default.
Steps to reproduce
Configure gitlab.gitlab-shell.service.internalPort to something other than default.
Observe that traffic is unable to reach the gitlab-shell service. Even worse, the livenessProbe doesn't check for network connectivity, only the the fact that the sshd service is running, so the end user won't immediately know what is wrong until they do a deep dive into the various configurations and network connectivity between the ingress, service, and the pod configurations.
Example:
Via minikube:
gitlab:
gitlab-shell:
enabled: true
logging:
format: json
minReplicas: 1
maxReplicas: 1
service:
internalPort: 2323
type: NodePort
nodePort: 32022The Pod will be running and ready:
10m19s projects % kubectl get pods -l app=gitlab-shell
NAME READY STATUS RESTARTS AGE
a-gitlab-shell-6b47f9945d-f9xj5 1/1 Running 0 9m35sHowever upon attempting to access the Pod would fail. Using a port-forward:
projects % k port-forward svc/a-gitlab-shell 32022:32022
Forwarding from 127.0.0.1:32022 -> 2323
Forwarding from [::1]:32022 -> 2323
Handling connection for 32022
E1113 09:34:09.055697 327566 portforward.go:400] an error occurred forwarding 32022 -> 2323: error forwarding port 2323 to pod 60262ead562a7a30ca84d3ba381615bf24be3b10b0473b8ec799094898e76fdb, uid : exit status 1: 2020/11/13 14:34:09 socat[21279] E connect(5, AF=2 127.0.0.1:2323, 16): Connection refusedIf we perform some debugging on the container, we'll see our hardcoded port 2222 continuing to exist, and the service will listen as instructed
root@a-gitlab-shell-6b47f9945d-f9xj5:/# netstat -plant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 13/sshdInstead the configuration should have configured the listening port to 2323, and we should see that reflected in the above output.
Current behavior
Unable to access gitlab-shell's service if the gitlab.gitlab-shell.service.internalPort is modified.
Expected behavior
git ssh operations succeed if the gitlab.gitlab-shell.service.internalPort is modified.
Versions
- Chart: 352c7da0
- Platform:
- Minikube used for testing the above issue recreation, but this would be present for all installations