[helm] Support custom port configuration for internal service

[jkroepke]

What this PR does / why we need it:

I have to implement Azure Private Link service on my setup. I have to support proxy_protocol in additional to the normal listeners to gain the client ip addresses from the Private Link Services. All my ingress services should be exposed through the public and the internal loadbalancer (which will be exposed to customers through Private Link Services). Setup a 2nd ingress controller and duplicate all ingress objects feel like unnecessary overhead. I'm currently trying to handle both if one ingress-nginx installation.

At least I could archive a working configuration:

defaultBackend:
  enabled: true

controller:
  containerPort:
    http: 80
    https: 443
    http-proxy: 5080
    https-proxy: 5443
  config:
    use-proxy-protocol: false
    http-snippet: |
      server {
        server_name _ ;

        listen 5080 default_server reuseport backlog=4096;
        listen 5443 default_server reuseport backlog=4096 ssl http2;
      
        deny all;
      }
    server-snippet: |
      listen 5080;
      listen 5443 ssl http2;
      real_ip_header proxy_protocol;
  service:
    type: ClusterIP
    external:
      enabled: true
    internal:
      enabled: true
      annotations:
        service.beta.kubernetes.io/azure-load-balancer-internal: "true"
        service.beta.kubernetes.io/azure-pls-create: "true"
        service.beta.kubernetes.io/azure-pls-proxy-protocol: "true"
      # needs to be implemented
      targetPorts:
        http: http-proxy
        https: https-proxy

At the moment, the internal and external service maps the the same port. In my use case, I would like to remap the http port of the internal service to 5080.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• CVE Report (Scanner found CVE and adding report)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation only

Which issue/s this PR fixes

How Has This Been Tested?

Minikube, lokal developement and curl

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I've read the CONTRIBUTION guide
• I have added unit and/or e2e tests to cover my changes.
• All new and existing tests passed.
• Added Release Notes.

Does my pull request need a release note?

Any user-visible or operator-visible change qualifies for a release note. This could be a:

• CLI change
• API change
• UI change
• configuration schema change
• behavioral change
• change in non-functional attributes such as efficiency or availability, availability of a new platform
• a warning about a deprecation
• fix of a previous Known Issue
• fix of a vulnerability (CVE)

No release notes are required for changes to the following:

• Tests
• Build infrastructure
• Fixes for unreleased bugs

For more tips on writing good release notes, check out the Release Notes Handbook

[helm] Support custom port configuration for internal service

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

Hi @jkroepke. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[tao12345666333]

/ok-to-test

[jkroepke]

Hey, is there anything where I could help here to push forward this PR?

[cpanato]

/lgtm
/hold to check with @strongjz if need to update the chart version or any other thing

[strongjz]

new tests, docs, and CI is passing

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, jkroepke, strongjz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• charts/ingress-nginx/OWNERS [cpanato,strongjz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cpanato]

/unhold