✨ (helm/v2-alpha): Make webhook and metrics ports configurable

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml

@@ -24,7 +24,7 @@ spec:
             containers:
                 - args:
                     {{- if .Values.metrics.enable }}
-                    - --metrics-bind-address=:8443
+                    - --metrics-bind-address=:{{ .Values.metrics.port }}
                     {{- else }}
                     # Bind to :0 to disable the controller-runtime managed metrics server
                     - --metrics-bind-address=0
@@ -51,7 +51,7 @@ spec:
                     periodSeconds: 20
                   name: manager
                   ports:
-                    - containerPort: 9443
+                    - containerPort: {{ .Values.webhook.port }}
                       name: webhook-server
                       protocol: TCP
                   readinessProbe:

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/metrics/controller-manager-metrics-service.yaml

@@ -11,9 +11,9 @@ metadata:
 spec:
     ports:
         - name: https
-          port: 8443
+          port: {{ .Values.metrics.port }}
           protocol: TCP
-          targetPort: 8443
+          targetPort: {{ .Values.metrics.port }}
     selector:
         app.kubernetes.io/name: project
         control-plane: controller-manager

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/webhook/webhook-service.yaml

@@ -10,7 +10,7 @@ spec:
     ports:
         - port: 443
           protocol: TCP
-          targetPort: 9443
+          targetPort: {{ .Values.webhook.port }}
     selector:
         app.kubernetes.io/name: project
         control-plane: controller-manager

docs/book/src/cronjob-tutorial/testdata/project/dist/chart/values.yaml

@@ -56,12 +56,18 @@ crd:
 # Enable to expose /metrics endpoint with RBAC protection.
 metrics:
   enable: true
+  port: 8443  # Metrics server port
 
 # Cert-manager integration for TLS certificates.
 # Required for webhook certificates and metrics endpoint certificates.
 certManager:
   enable: true
 
+# Webhook server configuration
+webhook:
+  enable: true
+  port: 9443  # Webhook server port
+
 # Prometheus ServiceMonitor for metrics scraping.
 # Requires prometheus-operator to be installed in the cluster.
 prometheus:

docs/book/src/getting-started/testdata/project/dist/chart/templates/manager/manager.yaml

@@ -24,7 +24,7 @@ spec:
             containers:
                 - args:
                     {{- if .Values.metrics.enable }}
-                    - --metrics-bind-address=:8443
+                    - --metrics-bind-address=:{{ .Values.metrics.port }}
                     {{- else }}
                     # Bind to :0 to disable the controller-runtime managed metrics server
                     - --metrics-bind-address=0

docs/book/src/getting-started/testdata/project/dist/chart/templates/metrics/controller-manager-metrics-service.yaml

@@ -11,9 +11,9 @@ metadata:
 spec:
     ports:
         - name: https
-          port: 8443
+          port: {{ .Values.metrics.port }}
           protocol: TCP
-          targetPort: 8443
+          targetPort: {{ .Values.metrics.port }}
     selector:
         app.kubernetes.io/name: project
         control-plane: controller-manager

docs/book/src/getting-started/testdata/project/dist/chart/values.yaml

@@ -56,6 +56,12 @@ crd:
 # Enable to expose /metrics endpoint with RBAC protection.
 metrics:
   enable: true
+  port: 8443  # Metrics server port
+
+# Cert-manager integration for TLS certificates.
+# Required for webhook certificates and metrics endpoint certificates.
+certManager:
+  enable: false
 
 # Prometheus ServiceMonitor for metrics scraping.
 # Requires prometheus-operator to be installed in the cluster.

docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/manager/manager.yaml

@@ -24,7 +24,7 @@ spec:
             containers:
                 - args:
                     {{- if .Values.metrics.enable }}
-                    - --metrics-bind-address=:8443
+                    - --metrics-bind-address=:{{ .Values.metrics.port }}
                     {{- else }}
                     # Bind to :0 to disable the controller-runtime managed metrics server
                     - --metrics-bind-address=0
@@ -51,7 +51,7 @@ spec:
                     periodSeconds: 20
                   name: manager
                   ports:
-                    - containerPort: 9443
+                    - containerPort: {{ .Values.webhook.port }}
                       name: webhook-server
                       protocol: TCP
                   readinessProbe:

docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/metrics/controller-manager-metrics-service.yaml

@@ -11,9 +11,9 @@ metadata:
 spec:
     ports:
         - name: https
-          port: 8443
+          port: {{ .Values.metrics.port }}
           protocol: TCP
-          targetPort: 8443
+          targetPort: {{ .Values.metrics.port }}
     selector:
         app.kubernetes.io/name: project
         control-plane: controller-manager

docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/webhook/webhook-service.yaml

@@ -10,7 +10,7 @@ spec:
     ports:
         - port: 443
           protocol: TCP
-          targetPort: 9443
+          targetPort: {{ .Values.webhook.port }}
     selector:
         app.kubernetes.io/name: project
         control-plane: controller-manager

docs/book/src/multiversion-tutorial/testdata/project/dist/chart/values.yaml

@@ -56,12 +56,18 @@ crd:
 # Enable to expose /metrics endpoint with RBAC protection.
 metrics:
   enable: true
+  port: 8443  # Metrics server port
 
 # Cert-manager integration for TLS certificates.
 # Required for webhook certificates and metrics endpoint certificates.
 certManager:
   enable: true
 
+# Webhook server configuration
+webhook:
+  enable: true
+  port: 9443  # Webhook server port
+
 # Prometheus ServiceMonitor for metrics scraping.
 # Requires prometheus-operator to be installed in the cluster.
 prometheus:

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/chart_converter.go

@@ -18,6 +18,7 @@ package kustomize
 
 import (
 	"fmt"
+	"strconv"
 	"strings"
 
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -113,6 +114,7 @@ func (c *ChartConverter) ExtractDeploymentConfig() map[string]interface{} {
 	extractContainerEnv(container, config)
 	extractContainerImage(container, config)
 	extractContainerArgs(container, config)
+	extractContainerPorts(container, config)
 	extractContainerResources(container, config)
 	extractContainerSecurityContext(container, config)
 
@@ -228,11 +230,21 @@ func extractContainerArgs(container map[string]interface{}, config map[string]in
 			continue
 		}
 
-		// The following arguments should not be exposed under args
-		// manager because they are not independently customizable
-		if strings.Contains(strArg, "--metrics-bind-address") ||
-			strings.Contains(strArg, "--health-probe-bind-address") ||
-			strings.Contains(strArg, "--webhook-cert-path") ||
+		// Extract port values from bind-address arguments and store them
+		// These arguments should not be exposed under args because they will be
+		// reconstructed from the port values in values.yaml
+		if strings.Contains(strArg, "--metrics-bind-address") {
+			if port := extractPortFromArg(strArg); port > 0 {
+				if _, exists := config["metricsPort"]; !exists {
+					config["metricsPort"] = port
+				}
+			}
+			continue
+		}
+		if strings.Contains(strArg, "--health-probe-bind-address") {
+			continue
+		}
+		if strings.Contains(strArg, "--webhook-cert-path") ||
 			strings.Contains(strArg, "--metrics-cert-path") {
 			continue
 		}
@@ -244,6 +256,67 @@ func extractContainerArgs(container map[string]interface{}, config map[string]in
 	}
 }
 
+// extractPortFromArg extracts port number from arguments like "--metrics-bind-address=:8443"
+func extractPortFromArg(arg string) int {
+	// Handle formats: --flag=:8443, --flag=0.0.0.0:8443, etc.
+	parts := strings.Split(arg, "=")
+	if len(parts) != 2 {
+		return 0
+	}
+
+	portPart := parts[1]
+	// Remove leading : or host part
+	if idx := strings.LastIndex(portPart, ":"); idx != -1 {
+		portPart = portPart[idx+1:]
+	}
+
+	port, err := strconv.Atoi(portPart)
+	if err != nil || port <= 0 || port > 65535 {
+		return 0
+	}
+	return port
+}
+
+// extractContainerPorts extracts port configurations from container ports
+func extractContainerPorts(container map[string]interface{}, config map[string]interface{}) {
+	// Use NestedFieldNoCopy to avoid deep copy issues with int values
+	portsField, found, err := unstructured.NestedFieldNoCopy(container, "ports")
+	if !found || err != nil {
+		return
+	}
+
+	ports, ok := portsField.([]interface{})
+	if !ok {
+		return
+	}
+
+	for _, p := range ports {
+		portMap, ok := p.(map[string]interface{})
+		if !ok {
+			continue
+		}
+
+		name, _ := portMap["name"].(string)
+		var containerPort int
+
+		// Try int64 first (from YAML unmarshaling)
+		if cp, ok := portMap["containerPort"].(int64); ok {
+			containerPort = int(cp)
+		} else if cp, ok := portMap["containerPort"].(int); ok {
+			containerPort = cp
+		} else {
+			continue
+		}
+
+		// Look for webhook-server port
+		if name == "webhook-server" || strings.Contains(name, "webhook") {
+			if _, exists := config["webhookPort"]; !exists {
+				config["webhookPort"] = containerPort
+			}
+		}
+	}
+}
+
 func extractContainerResources(container map[string]interface{}, config map[string]interface{}) {
 	resources, found, err := unstructured.NestedFieldNoCopy(container, "resources")
 	if !found || err != nil {

pkg/plugins/optional/helm/v2alpha/scaffolds/internal/kustomize/chart_converter_test.go

@@ -183,9 +183,136 @@ var _ = Describe("ChartConverter", func() {
 			Expect(args).NotTo(ContainElement("--health-probe-bind-address=:8081"))
 		})
 
+		It("should extract port configurations from args", func() {
+			// Set up deployment with port-related args
+			containers := []interface{}{
+				map[string]interface{}{
+					"name":  "manager",
+					"image": "controller:latest",
+					"args": []interface{}{
+						"--metrics-bind-address=:8443",
+						"--health-probe-bind-address=:8081",
+						"--leader-elect",
+					},
+				},
+			}
+
+			err := unstructured.SetNestedSlice(
+				resources.Deployment.Object,
+				containers,
+				"spec", "template", "spec", "containers",
+			)
+			Expect(err).NotTo(HaveOccurred())
+
+			config := converter.ExtractDeploymentConfig()
+
+			Expect(config).To(HaveKey("metricsPort"))
+			Expect(config["metricsPort"]).To(Equal(8443))
+			Expect(config).NotTo(HaveKey("healthPort"))
+		})
+
+		It("should extract webhook port from container ports", func() {
+			// Set up deployment with webhook container port
+			containers := []interface{}{
+				map[string]interface{}{
+					"name":  "manager",
+					"image": "controller:latest",
+					"ports": []interface{}{
+						map[string]interface{}{
+							"containerPort": int64(9443),
+							"name":          "webhook-server",
+							"protocol":      "TCP",
+						},
+					},
+				},
+			}
+
+			err := unstructured.SetNestedSlice(
+				resources.Deployment.Object,
+				containers,
+				"spec", "template", "spec", "containers",
+			)
+			Expect(err).NotTo(HaveOccurred())
+
+			config := converter.ExtractDeploymentConfig()
+
+			Expect(config).To(HaveKey("webhookPort"))
+			Expect(config["webhookPort"]).To(Equal(9443))
+		})
+
+		It("should extract custom port values", func() {
+			// Set up deployment with custom ports
+			containers := []interface{}{
+				map[string]interface{}{
+					"name":  "manager",
+					"image": "controller:latest",
+					"args": []interface{}{
+						"--metrics-bind-address=:9090",
+						"--health-probe-bind-address=:9091",
+					},
+					"ports": []interface{}{
+						map[string]interface{}{
+							"containerPort": int64(9444),
+							"name":          "webhook-server",
+							"protocol":      "TCP",
+						},
+					},
+				},
+			}
+
+			err := unstructured.SetNestedSlice(
+				resources.Deployment.Object,
+				containers,
+				"spec", "template", "spec", "containers",
+			)
+			Expect(err).NotTo(HaveOccurred())
+
+			config := converter.ExtractDeploymentConfig()
+
+			Expect(config["metricsPort"]).To(Equal(9090))
+			Expect(config["healthPort"]).To(BeNil())
+			Expect(config["webhookPort"]).To(Equal(9444))
+		})
+
 		It("should handle deployment without containers", func() {
 			config := converter.ExtractDeploymentConfig()
 			Expect(config).To(BeEmpty())
 		})
 	})
+
+	Context("extractPortFromArg", func() {
+		It("should extract port from :PORT format", func() {
+			port := extractPortFromArg("--metrics-bind-address=:8443")
+			Expect(port).To(Equal(8443))
+		})
+
+		It("should extract port from 0.0.0.0:PORT format", func() {
+			port := extractPortFromArg("--metrics-bind-address=0.0.0.0:8443")
+			Expect(port).To(Equal(8443))
+		})
+
+		It("should extract port from HOST:PORT format", func() {
+			port := extractPortFromArg("--health-probe-bind-address=localhost:8081")
+			Expect(port).To(Equal(8081))
+		})
+
+		It("should return 0 for invalid formats", func() {
+			port := extractPortFromArg("--invalid-arg")
+			Expect(port).To(Equal(0))
+
+			port = extractPortFromArg("--no-equals:8443")
+			Expect(port).To(Equal(0))
+
+			port = extractPortFromArg("--port=invalid")
+			Expect(port).To(Equal(0))
+		})
+
+		It("should return 0 for out-of-range ports", func() {
+			port := extractPortFromArg("--port=:0")
+			Expect(port).To(Equal(0))
+
+			port = extractPortFromArg("--port=:99999")
+			Expect(port).To(Equal(0))
+		})
+	})
 })