Allow Ingress Exposed Port Upper Limit to use full port range

[saedx1]

Version

4.0.0

What Kubernetes platforms are you running on?

EKS Amazon

Steps to reproduce

This is straightforward, the maximum exposed port number you can set on an ingress through nginx.org/listen-ports* annotations is 32767.

This is a bug, and it has nothing to do with NodePorts range.

[github-actions]

Hi @saedx1 thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

[saedx1]

@vepatel Here it is.

[saedx1]

@vepatel So, to respond to your comment on the PR. This should have nothing to do with the NodePort. This just adds on the listening ports in an nginx listen directive in a server block. Your examples, code, and tests are not mentioning anything about the NodePort range (nor they should) and they are not using the NodePort range exclusivly.

[vepatel]

Hi @saedx1 thanks for the issue and PR

We'll discuss this in our next triage meeting and prioritise

[saedx1]

Why does a fix for an outstanding bug need to wait that long?

[vepatel]

    customPorts:
      - port: 60000
        targetPort: 60000
        protocol: TCP
        name: customhttp
      - port: 60001
        targetPort: 60001
        protocol: TCP
        name: customhttps

~/nginx/forks/saedx1/kubernetes-ingress/charts/nginx-ingress on patch-2 ● λ echo $IC_HTTP_PORT
60000

~/nginx/forks/saedx1/kubernetes-ingress/charts/nginx-ingress on patch-2 ● λ echo $IC_HTTPS_PORT
60001

~/nginx/forks/saedx1/kubernetes-ingress/charts/nginx-ingress on patch-2 ● λ curl --resolve cafe.example.com:$IC_HTTPS_PORT:$IC_IP https://cafe.example.com:$IC_HTTPS_PORT/coffee --insecure
Server address: 10.116.0.7:8080
Server name: coffee-7dd75bc79b-f6h8h
Date: 20/Jan/2025:16:11:34 +0000
URI: /coffee
Request ID: 6b686a5e6643ed3a2af8659faec64851

~/nginx/forks/saedx1/kubernetes-ingress/charts/nginx-ingress on patch-2 ● λ curl --resolve cafe.example.com:$IC_HTTP_PORT:$IC_IP http://cafe.example.com:$IC_HTTP_PORT/coffee --insecure 
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.27.3</center>
</body>
</html>

~/nginx/forks/saedx1/kubernetes-ingress/charts/nginx-ingress on patch-2 ● λ keti test-release-nginx-ingress-controller-576d878bbb-hjrmd -- bash
nginx@test-release-nginx-ingress-controller-576d878bbb-hjrmd:/$ cat /etc/nginx/conf.d/default-cafe-ingress.conf 
# configuration for default/cafe-ingress
upstream default-cafe-ingress-cafe.example.com-coffee-svc-80 {zone default-cafe-ingress-cafe.example.com-coffee-svc-80 256k;
        random two least_conn;
        server 10.116.0.7:8080 max_fails=1 fail_timeout=10s max_conns=0;
        server 10.116.1.6:8080 max_fails=1 fail_timeout=10s max_conns=0;
}

upstream default-cafe-ingress-cafe.example.com-tea-svc-80 {zone default-cafe-ingress-cafe.example.com-tea-svc-80 256k;
        random two least_conn;
        server 10.116.0.8:8080 max_fails=1 fail_timeout=10s max_conns=0;
        server 10.116.1.7:8080 max_fails=1 fail_timeout=10s max_conns=0;
        server 10.116.2.14:8080 max_fails=1 fail_timeout=10s max_conns=0;
}



server {
        listen 60000;listen [::]:60000;
        listen 60001 ssl;listen [::]:60001 ssl;
        ssl_certificate $secret_dir_path/default-cafe-secret;
        ssl_certificate_key $secret_dir_path/default-cafe-secret;

        server_tokens on;

        server_name cafe.example.com;

        set $resource_type "ingress";
        set $resource_name "cafe-ingress";
        set $resource_namespace "default";
        if ($scheme = http) {
                return 301 https://$host:60001$request_uri;
        }