UncheckedIOException: Failed to bind to /0.0.0.0:8443 when using HTTPS behind an Ingress

[andrey-kondratov]

Summary

Cannot use TLS encryption b/w Ingress controller and the Service.

Steps to reproduce

server:
  config:
    https:
      enabled: true
service: 
  type: ClusterIP
  port: 8443
ingress:
  enabled: true
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS

Expected result

The service created would be mapped to 8443 port of the pods, thus facilitating the TLS encryption between the Ingress controller and the Trino Coordinator Pod.

Actual result

The port 8443 is assigned to http-server.http.port, which makes the process attempt to listen on the port twice, and ends up in an exception:

UncheckedIOException: Failed to bind to /0.0.0.0:8443

[andrey-kondratov]

A workaround is to disable HTTP server:

  coordinatorExtraConfig: |
    http-server.http.enabled=false
  workerExtraConfig: | 
    http-server.http.enabled=false

However, the liveness and readiness probes will still be trying to check containers using HTTP scheme, and there is no parameter in the Helm chart to override it to HTTPS.