Merge pull request #1645 from consideRatio/use-port-names

Refactor: reference ports by name instead of repeating the number

doc/source/administrator/security.md

@@ -281,10 +281,8 @@ singleuser:
             protocol: UDP
       - ports:
           - port: 80
-            protocol: TCP
       - ports:
           - port: 443
-            protocol: TCP
 ```
 
 See the [Kubernetes

jupyterhub/templates/hub/deployment.yaml

@@ -216,8 +216,8 @@ spec:
             {{- end }}
             {{- end }}
           ports:
-            - containerPort: 8081
-              name: hub
+            - name: http
+              containerPort: 8081
           {{- if .Values.hub.livenessProbe.enabled }}
           # livenessProbe notes:
           # We don't know how long hub database upgrades could take
@@ -231,13 +231,13 @@ spec:
             periodSeconds: {{ .Values.hub.livenessProbe.periodSeconds }}
             httpGet:
               path: {{ .Values.hub.baseUrl | trimSuffix "/" }}/hub/health
-              port: hub
+              port: http
           {{- end }}
           {{- if .Values.hub.readinessProbe.enabled }}
           readinessProbe:
             initialDelaySeconds: {{ .Values.hub.readinessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.hub.readinessProbe.periodSeconds }}
             httpGet:
               path: {{ .Values.hub.baseUrl | trimSuffix "/" }}/hub/health
-              port: hub
+              port: http
           {{- end }}

jupyterhub/templates/hub/netpol.yaml

@@ -18,8 +18,7 @@ spec:
             matchLabels:
               hub.jupyter.org/network-access-hub: "true"
       ports:
-        - protocol: TCP
-          port: 8081
+        - port: http
     {{- /* Useful if you want to give hub access to pods from other namespaces */}}
     {{- if .Values.hub.networkPolicy.ingress}}
     {{- .Values.hub.networkPolicy.ingress| toYaml | trimSuffix "\n" | nindent 4 }}

jupyterhub/templates/hub/service.yaml

@@ -22,9 +22,8 @@ spec:
   selector:
     {{- include "jupyterhub.matchLabels" . | nindent 4 }}
   ports:
-    - protocol: TCP
-      port: 8081
-      targetPort: 8081
+    - port: 8081
+      targetPort: http
       {{- if .Values.hub.service.ports.nodePort }}
       nodePort: {{ .Values.hub.service.ports.nodePort }}
       {{- end }}

jupyterhub/templates/proxy/autohttps/deployment.yaml

@@ -64,10 +64,8 @@ spec:
           ports:
             - name: http
               containerPort: 80
-              protocol: TCP
             - name: https
               containerPort: 443
-              protocol: TCP
           volumeMounts:
             - name: traefik-config
               mountPath: /etc/traefik

jupyterhub/templates/proxy/autohttps/service.yaml

@@ -17,7 +17,6 @@ spec:
     {{- $_ := merge (dict "componentLabel" "proxy") . }}
     {{- include "jupyterhub.matchLabels" $_ | nindent 4 }}
   ports:
-    - protocol: TCP
-      port: 8000
-      targetPort: 8000
+    - port: 8000
+      targetPort: http
 {{- end }}

jupyterhub/templates/proxy/deployment.yaml

@@ -102,24 +102,24 @@ spec:
           {{- end }}
           ports:
             {{- if or $manualHTTPS $manualHTTPSwithsecret }}
-            - containerPort: 8443
-              name: proxy-https
+            - name: https
+              containerPort: 8443
             {{- end }}
-            - containerPort: 8000
-              name: proxy-public
-            - containerPort: 8001
-              name: api
+            - name: http
+              containerPort: 8000
+            - name: api
+              containerPort: 8001
           {{- if .Values.proxy.chp.livenessProbe.enabled }}
           livenessProbe:
             initialDelaySeconds: {{ .Values.proxy.chp.livenessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.proxy.chp.livenessProbe.periodSeconds }}
             httpGet:
               path: /_chp_healthz
               {{- if or $manualHTTPS $manualHTTPSwithsecret }}
-              port: proxy-https
+              port: https
               scheme: HTTPS
               {{- else }}
-              port: proxy-public
+              port: http
               scheme: HTTP
               {{- end }}
           {{- end }}
@@ -130,10 +130,10 @@ spec:
             httpGet:
               path: /_chp_healthz
               {{- if or $manualHTTPS $manualHTTPSwithsecret }}
-              port: proxy-https
+              port: https
               scheme: HTTPS
               {{- else }}
-              port: proxy-public
+              port: http
               scheme: HTTP
               {{- end }}
           {{- end }}

jupyterhub/templates/proxy/netpol.yaml

@@ -18,38 +18,22 @@ spec:
     - Egress
   ingress:
     - ports:
-      - protocol: TCP
-        port: 80
-      - protocol: TCP
-        port: 443
-      {{- if not $autoHTTPS }}
-      - protocol: TCP
-        port: 8000
-      {{- end }}
+      - port: http
       {{- if or $manualHTTPS $manualHTTPSwithsecret}}
-      - protocol: TCP
-        port: 8443
+      - port: https
       {{- end }}
-      # kube-lego /healthz
-      - protocol: TCP
-        port: 8080
-      # nginx /healthz
-      - protocol: TCP
-        port: 10254
     - from:
         - podSelector:
             matchLabels:
               hub.jupyter.org/network-access-proxy-http: "true"
       ports:
-        - protocol: TCP
-          port: 8000
+        - port: http
     - from:
         - podSelector:
             matchLabels:
               hub.jupyter.org/network-access-proxy-api: "true"
       ports:
-        - protocol: TCP
-          port: 8001
+        - port: api
     {{- /* Useful if you want to give proxy access to pods from other namespaces */}}
     {{- if .Values.proxy.networkPolicy.ingress}}
     {{- .Values.proxy.networkPolicy.ingress | toYaml | trimSuffix "\n" | nindent 4 }}

jupyterhub/templates/proxy/service.yaml

@@ -14,9 +14,8 @@ spec:
   selector:
     {{- include "jupyterhub.matchLabels" . | nindent 4 }}
   ports:
-    - protocol: TCP
-      port: 8001
-      targetPort: 8001
+    - port: 8001
+      targetPort: api
 ---
 apiVersion: v1
 kind: Service
@@ -44,26 +43,18 @@ spec:
     {{- if $HTTPS }}
     - name: https
       port: 443
-      protocol: TCP
-      {{- if or $manualHTTPS $manualHTTPSwithsecret }}
-      targetPort: 8443
-      {{- else if $offloadHTTPS }}
-      targetPort: 8000
+      {{- if $offloadHTTPS }}
+      targetPort: http
       {{- else }}
-      targetPort: 443
+      targetPort: https
       {{- end }}
       {{- with .Values.proxy.service.nodePorts.https }}
       nodePort: {{ . }}
       {{- end }}
     {{- end }}
     - name: http
       port: 80
-      protocol: TCP
-      {{- if $autoHTTPS }}
-      targetPort: 80
-      {{- else }}
-      targetPort: 8000
-      {{- end }}
+      targetPort: http
       {{- with .Values.proxy.service.nodePorts.http }}
       nodePort: {{ . }}
       {{- end }}

jupyterhub/templates/singleuser/netpol.yaml

@@ -19,8 +19,7 @@ spec:
             matchLabels:
               hub.jupyter.org/network-access-singleuser: "true"
       ports:
-        - protocol: TCP
-          port: 8888
+        - port: 8888
     {{- /* Useful if you want to give user server access to pods from other namespaces */}}
     {{- if .Values.singleuser.networkPolicy.ingress }}
     {{- .Values.singleuser.networkPolicy.ingress | toYaml | trimSuffix "\n" | nindent 4 }}
@@ -36,8 +35,7 @@ spec:
               {{- $_ := merge (dict "componentLabel" "hub") . }}
               {{- include "jupyterhub.matchLabels" $_ | nindent 14 }}
       ports:
-        - protocol: TCP
-          port: 8081
+        - port: 8081
     {{- if .Values.singleuser.networkPolicy.egress }}
     {{- .Values.singleuser.networkPolicy.egress | toYaml | trimSuffix "\n" | nindent 4 }}
     {{- end }}