Remove http port 80 from LB service

[Miciah]

• pkg/manifests/assets/router/service-cloud.yaml: Remove http port.

---

This is just a test PR to see what breaks.

[Miciah]

/test e2e-aws-operator

[Miciah]

/test e2e-aws-ovn

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

@Miciah: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn	0fce1e8	link	true	/test e2e-aws-ovn
ci/prow/e2e-aws-operator	0fce1e8	link	true	/test e2e-aws-operator

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[Miciah]

e2e-aws-operator failed because TestAWSELBConnectionIdleTimeout, TestManagedDNSToUnmanagedDNSIngressController, TestUnmanagedDNSToManagedDNSInternalIngressController, TestUnmanagedDNSToManagedDNSIngressController, and TestCanaryRoute failed.

• TestAWSELBConnectionIdleTimeout, TestManagedDNSToUnmanagedDNSIngressController, TestUnmanagedDNSToManagedDNSInternalIngressController, and TestUnmanagedDNSToManagedDNSIngressController use HTTP requests to connect to test routes and servers that the tests themselves set up, but the tests could just as well use edge-terminated routes and HTTPS requests.
• TestCanaryRoute likewise uses an HTTP request, because the canary route originally used an insecure route but was later changed to use an edge-terminated TLS route with insecureEdgeTerminationPolicy: Redirect (see Bug 1932401: Canary: Add edge termination to canary route #556). Although the canary route is intended for internal diagnostics only, there is a risk that someone is using it for unintended purposes and expects it to remain available via HTTP request from outside the cluster. For that reason, it makes sense to test that it is reachable using HTTP when HTTP ingress is enabled. However, it is perfectly reasonable to say that one can block HTTP but must then accept the consequence that the canary route will only be available by HTTPS.

(On an unrelated note, the helper function verifyInternalIngressController is missing a call to t.Helper(), which makes the test output a little confusing when one tries to determine the point of the test failure.)

[Miciah]

e2e-aws-ovn failed because the following 4 tests failed:

• [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [Skipped:Disconnected] [Suite:openshift/conformance/parallel/minimal]
• [sig-network][Feature:Router][apigroup:operator.openshift.io] The HAProxy router should serve routes that were created from an ingress [apigroup:route.openshift.io] [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
• [sig-network][Feature:Router][apigroup:operator.openshift.io] The HAProxy router should set Forwarded headers appropriately [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
• [sig-network][Feature:Router][apigroup:operator.openshift.io] The HAProxy router should respond with 503 to unrecognized hosts [Skipped:Disconnected] [Suite:openshift/conformance/parallel]

The idling test and unrecognized-hosts test could be rewritten to use HTTPS requests instead of HTTP. The "Forwarded headers" test probably should be using HTTPS requests anyway to ensure that using TLS doesn't prevent the router from putting the actual client IP address in the forwarded header value (possible test gap). The routes-created-from-ingress test highlights that blocking HTTP affects the Ingress API as well as the Route API; this isn't a surprising fact, but it may be worth noting calling it out explicitly in documentation.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale