UncheckedIOException: Failed to bind to /0.0.0.0:8443 when using HTTPS behind an Ingress
andrey-kondratov opened this issue · comments
Summary
Cannot use TLS encryption b/w Ingress controller and the Service.
Steps to reproduce
server:
config:
https:
enabled: true
service:
type: ClusterIP
port: 8443
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
Expected result
The service created would be mapped to 8443 port of the pods, thus facilitating the TLS encryption between the Ingress controller and the Trino Coordinator Pod.
Actual result
The port 8443 is assigned to http-server.http.port
, which makes the process attempt to listen on the port twice, and ends up in an exception:
UncheckedIOException: Failed to bind to /0.0.0.0:8443
A workaround is to disable HTTP server:
coordinatorExtraConfig: |
http-server.http.enabled=false
workerExtraConfig: |
http-server.http.enabled=false
However, the liveness and readiness probes will still be trying to check containers using HTTP scheme, and there is no parameter in the Helm chart to override it to HTTPS.