feat: allows users to specify host ports when creating a cluster

[leon-inf]

close #9818

[apecloud-bot]

Auto Cherry-pick Instructions

Usage:
  - /nopick: Not auto cherry-pick when PR merged.
  - /pick: release-x.x [release-x.x]: Auto cherry-pick to the specified branch when PR merged.

Example:
  - /nopick
  - /pick release-1.0

[leon-inf]

/pick release-1.0

[dudizimber]

@leon-inf can you please clarify why the kbagent ports must also be defined? in theory they could be randomly assigned, no?

[leon-inf]

It may conflict with the host ports used by the database service. (It occupies the host ports assigned to the database service if it starts up first.)

[dudizimber]

If we can remove those predefined host ports from the DefaultPortManager it wouldn't conflict, and you wouldn't have to define them manually.
Additionally, there's no actual need for the kbagent to use a HostPort, right? The database has the need of latency, but that is not true for the kbagent. Hence, if we could selectively expose only the database, the kbagent wouldn't need a hostport at all.

[leon-inf]

What you actually expect is the node-port service. The database service can use the host ports while other services still run in the container network.

When the host-network is enabled, pods will share the host network's namespace, and there will inevitably be port conflict issues and management requirements.

[dudizimber]

Yes, but pods sharing the host network's namespace make sense when it comes to the database service. That's the only thing that should require "manual" port management on the user side.

The other sidecars running on the same pod shouldn't by default be exposed by HostPort. Meaning that the hostPort configuration should be at the container level, not pod level.

For example:

spec:
  containers:
    - name: database
      ports:
        - containerPort: 8080
          hostPort: 8080    # this will be bound to the node’s network namespace

    - name: kbagent
      ports:
        - containerPort: 9000   # no hostPort

[dudizimber]

I think the first one.
In my mind the first version gives me control to expose only the database container in a HostPort, while the second forces me to have all containers in the HostNetwork, which will require more ports than actually necessary.

[leon-inf]

I see. What the system provides currently is the second one, while what you want is a completely different feature, the cost is that there will be a DNAT for the traffic of all data requests.

[leon-inf]

I'll update this PR later to support it.

[leon-inf]

@dudizimber Please review the updated API again to check if the behavior meets your requirements.

[dudizimber]

Looks good. Thanks!

[codecov]

Codecov Report

❌ Patch coverage is 62.86550% with 127 lines in your changes missing coverage. Please review.
✅ Project coverage is 51.13%. Comparing base (6e1e349) to head (5626c80).
⚠️ Report is 8 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/controllerutil/host_port_manager.go	64.88%	75 Missing and 30 partials ⚠️
...s/apps/component/transformer_component_hostport.go	39.13%	13 Missing and 1 partial ⚠️
...pps/component/transformer_component_hostnetwork.go	0.00%	6 Missing ⚠️
pkg/parameters/config_util.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9892      +/-   ##
==========================================
+ Coverage   50.79%   51.13%   +0.34%     
==========================================
  Files         539      541       +2     
  Lines       58214    58389     +175     
==========================================
+ Hits        29568    29857     +289     
+ Misses      25745    25602     -143     
- Partials     2901     2930      +29     

Flag	Coverage Δ
unittests	51.13% <62.86%> (+0.34%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cjc7373]

Will the HostPort allocated here be conflict with the ports automatically allocated by portmanager?

[leon-inf]

This should be guaranteed by the user. Either turn off the default port manager or assign a separate port range to it.

[cjc7373]

Ok. Another question. What if two containers have defined ports with a same name?

[leon-inf]

K8s requires that each named port in a Pod must have a unique name.

[cjc7373]

This should be guaranteed by the user. Either turn off the default port manager or assign a separate port range to it.

It looks like when using hostNetwork, ports defined in hostPorts spec also won't be managed by portmanager?

[cjc7373]

I suggest mention in the API that user should be aware of the potential port conflict when using both default portmanager and hostPorts.

Other things LGTM.

[apecloud-bot]

/cherry-pick release-1.0

[apecloud-bot]

🤖 says: Error cherry-picking.

Auto-merging apis/apps/v1/types.go
CONFLICT (content): Merge conflict in apis/apps/v1/types.go
Auto-merging apis/apps/v1/zz_generated.deepcopy.go
CONFLICT (content): Merge conflict in apis/apps/v1/zz_generated.deepcopy.go
Auto-merging cmd/manager/main.go
Auto-merging config/crd/bases/apps.kubeblocks.io_clusters.yaml
CONFLICT (content): Merge conflict in config/crd/bases/apps.kubeblocks.io_clusters.yaml
Auto-merging config/crd/bases/apps.kubeblocks.io_components.yaml
CONFLICT (content): Merge conflict in config/crd/bases/apps.kubeblocks.io_components.yaml
Auto-merging controllers/apps/component/component_controller.go
Auto-merging controllers/apps/component/suite_test.go
Auto-merging controllers/apps/component/transformer_component_hostnetwork.go
CONFLICT (content): Merge conflict in controllers/apps/component/transformer_component_hostnetwork.go
Auto-merging controllers/operations/suite_test.go
Auto-merging deploy/helm/crds/apps.kubeblocks.io_clusters.yaml
CONFLICT (content): Merge conflict in deploy/helm/crds/apps.kubeblocks.io_clusters.yaml
Auto-merging deploy/helm/crds/apps.kubeblocks.io_components.yaml
CONFLICT (content): Merge conflict in deploy/helm/crds/apps.kubeblocks.io_components.yaml
Auto-merging docs/developer_docs/api-reference/cluster.md
CONFLICT (content): Merge conflict in docs/developer_docs/api-reference/cluster.md
Auto-merging pkg/controller/component/synthesize_component.go
Auto-merging pkg/controller/component/type.go
Auto-merging pkg/controller/component/utils.go
CONFLICT (content): Merge conflict in pkg/controller/component/utils.go
Auto-merging pkg/controller/component/vars.go
Auto-merging pkg/controller/component/vars_test.go
Auto-merging pkg/controller/configuration/config_utils.go
Auto-merging pkg/controller/configuration/suite_test.go
CONFLICT (content): Merge conflict in pkg/controller/configuration/suite_test.go
error: could not apply d144cac... feat: allows users to specify host ports when creating a cluster (#9892)
hint: After resolving the conflicts, mark them with
hint: "git add/rm ", then run
hint: "git cherry-pick --continue".
hint: You can instead skip this commit with "git cherry-pick --skip".
hint: To abort and get back to the state before "git cherry-pick",
hint: run "git cherry-pick --abort".
hint: Disable this message with "git config set advice.mergeConflict false"

[apecloud-bot]

🤖 says: ‼️ cherry pick action failed.
See: https://github.com/apecloud/kubeblocks/actions/runs/19889093924

[leon-inf]

/nopick