[BUG] Kubernetes service uses http instead of https, causing Istio conflicts #958
Description
What is the bug?
The port name in the service definition is set to http even though the application listens for https. This misconfiguration may lead to issues with protocol selection in service meshes like Istio.
How can one reproduce the bug?
- Deploy the OpenSearch Kubernetes Operator and an Opensearch cluster in an istio enabled namespace.
- Inspect the generated service definition.
- Observe that the port is named
http, while the application actually exposeshttps. - Curl the cluster
What is the expected behavior?
The service definition should correctly reflect that the application is using https by naming the port accordingly.
What is your host/environment?
- Kubernetes Version: 1.31
- OpenSearch Kubernetes Operator Version: 2.7.0
- Cloud Provider or Platform: EKS
Do you have any screenshots?
Not applicable, but YAML snippets are provided below.
Do you have any additional context?
The current service definition incorrectly labels the port as http:
ports:
- name: http
port: 9200
protocol: TCP
targetPort: 9200It should instead be:
ports:
- name: https
port: 9200
protocol: TCP
targetPort: 9200Alternatively, setting the appProtocol field could also resolve the issue, as discussed in Issue #751.
For reference, the Istio documentation on protocol selection explains why proper naming is crucial for service discovery and traffic routing.