fix(chart): Don't use unauthenticated webhook port for health probe

charts/external-dns/CHANGELOG.md

@@ -23,6 +23,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed `provider.webhook.resources` behavior to correctly leverage resource limits ([#4560](https://github.com/kubernetes-sigs/external-dns/pull/4560))
 - Fixed `provider.webhook.imagePullPolicy` behavior to correctly leverage pull policy ([#4643](https://github.com/kubernetes-sigs/external-dns/pull/4643)) _@kimsondrup_
 - Add correct webhook metric port to `Service` and `ServiceMonitor` ([#4643](https://github.com/kubernetes-sigs/external-dns/pull/4643)) _@kimsondrup_
+- No longer require the unauthenticated webhook provider port to be exposed for health probes ([#4691](https://github.com/kubernetes-sigs/external-dns/pull/4691)) _@kimsondrup_ _@hatrx_
 
 ## [v1.14.5] - 2023-06-10
 

charts/external-dns/README.md

@@ -134,7 +134,7 @@ If `namespaced` is set to `true`, please ensure that `sources` my only contains
 | provider.webhook.readinessProbe | object | See _values.yaml_ | [Readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) configuration for the `webhook` container. |
 | provider.webhook.resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the `webhook` container. |
 | provider.webhook.securityContext | object | See _values.yaml_ | [Pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the `webhook` container. |
-| provider.webhook.service.metricsPort | int | `8080` | Webhook metrics port for the service. |
+| provider.webhook.service.port | int | `8080` | Webhook exposed HTTP port for the service. |
 | provider.webhook.serviceMonitor | object | See _values.yaml_ | Optional [Service Monitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) configuration for the `webhook` container. |
 | rbac.additionalPermissions | list | `[]` | Additional rules to add to the `ClusterRole`. |
 | rbac.create | bool | `true` | If `true`, create a `ClusterRole` & `ClusterRoleBinding` with access to the Kubernetes API. |

charts/external-dns/templates/deployment.yaml

@@ -157,10 +157,10 @@ spec:
             {{- toYaml . | nindent 12 }}
           {{- end }}
           ports:
-            - name: http-webhook
+            - name: http-wh-private
               protocol: TCP
               containerPort: 8888
-            - name: http-wh-metrics
+            - name: http-webhook
               protocol: TCP
               containerPort: 8080
           livenessProbe:

charts/external-dns/templates/service.yaml

@@ -28,9 +28,9 @@ spec:
       protocol: TCP
     {{- if eq $providerName "webhook" }}
     {{- with .Values.provider.webhook.service }}
-    - name: http-wh-metrics
-      port: {{ .metricsPort }}
-      targetPort: http-wh-metrics
+    - name: http-webhook
+      port: {{ .port }}
+      targetPort: http-webhook
       protocol: TCP
     {{- end }}
     {{- end }}

charts/external-dns/templates/servicemonitor.yaml

@@ -51,7 +51,7 @@ spec:
       {{- end }}
     {{- if eq $providerName "webhook" }}
     {{- with .Values.provider.webhook.serviceMonitor }}
-    - port: http-wh-metrics
+    - port: http-webhook
       path: /metrics
       {{- with .interval }}
       interval: {{ . }}

charts/external-dns/values.yaml

@@ -270,8 +270,8 @@ provider:
       failureThreshold: 6
       successThreshold: 1
     service:
-      # -- Webhook metrics port for the service.
-      metricsPort: 8080
+      # -- Webhook exposed HTTP port for the service.
+      port: 8080
     # -- Optional [Service Monitor](https://prometheus-operator.dev/docs/operator/design/#servicemonitor) configuration for the `webhook` container.
     # @default -- See _values.yaml_
     serviceMonitor: