[bitnami/nginx] Change default Ingress port to http

[lindhe]

Name and Version

bitnami/nginx 16.0.6

What architecture are you using?

None

What steps will reproduce the bug?

1. Have Nginx Ingress Controller installed as the ingress controller in a cluster (NOTE: this is not the same has the bitnami/nginx chart!)
2. Have cert-manager be configured with a Cluster Issuer to automatically create TLS certificates for Ingress objects.
3. Have the values.yaml indicated below.
4. Install the bitnami/nginx Helm chart: helm install www oci://registry-1.docker.io/bitnamicharts/nginx --version 16.0.6 -f values.yaml

Are you using any custom parameters or values?

values.yaml

service:
  type: ClusterIP

ingress:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
  hostname: foo.example.com
  ingressClassName: nginx
  tls: true

What is the expected behavior?

I would expect the Nginx web server to start serving requests via my Ingress controller, secured via the TLS certificate provided by cert-manager:

What do you see instead?

Additional information

The reason for the app not serving correctly is that the backend port used by default is https:

$ helm template oci://registry-1.docker.io/bitnamicharts/nginx --version 16.0.6 -f values.yaml --show-only templates/ingress.yaml
Pulled: registry-1.docker.io/bitnamicharts/nginx:16.0.6
Digest: sha256:a47c2465ab440368df26b8bc84a9646659e20a4887311234f21f0e6ac758c744

---
# Source: nginx/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: release-name-nginx
  namespace: "debug"
  labels:
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: nginx
    app.kubernetes.io/version: 1.25.5
    helm.sh/chart: nginx-16.0.6
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
  ingressClassName: "nginx"
  rules:
    - host: "foo.example.com"
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              service:
                name: release-name-nginx
                port:
                  name: https  # 👈 This port seems to be the default
  tls:
    - hosts:
        - "foo.example.com"
      secretName: foo.example.com-tls

And since the default backend protocol in Nginx Ingress Controller is HTTP, it cannot use the https port without further configuration of either the application or of the ingress controller. I don't think the bitnami/nginx application need to accommodate every single ingress controller out there, but Nginx is such a common choice that I think this new default setting will be an issue for many users.

This behavior may have been introduced in #20934 but I'm not sure.

I think we should either use http by default or set the nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" annotation when ingress.tls=true is set, so it works "out-of-the-box" for most people. There may be other solutions too, please pitch in.

[kastl-ars]

I ran into a similar issue, only the other way round. I was trying to have a HTTP-only ingress, but the service gets added with a https port.

I was trying to understand the ternary condition in the ingress template and I think the ternary is the wrong way.

[lindhe]

I've also wondered that, but I couldn't find any documentation on what the intention was with that condition. It's a rather complex condition, so no wonder if they got it the wrong way around.