gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-11 22:18:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(deploy/test): f5-mock-icontrol host-port collision (20443 → 20449)

Browse Source 
CI run 25192994486 (deploy-vendor-e2e job) failed with:

  Error response from daemon: failed to set up container networking:
    driver failed programming external connectivity on endpoint
    certctl-test-f5-mock: Bind for 0.0.0.0:20443 failed: port is already
    allocated

apache-test (compose line 491) and f5-mock-icontrol (compose line 619)
both bound host port 20443. The pre-Phase-5 per-vendor matrix only ran
one sidecar at a time, so the collision was structurally hidden. The
ci-pipeline-cleanup Phase 5 collapse brings all 11 sidecars up
simultaneously — the bug surfaces.

This was a pre-existing latent bug in the deploy-hardening II Phase 1
(commit 47af4db) sidecar-matrix design that the matrix collapse
surfaced. Same pattern as the gofmt drift + libest build issues — the
new gates are doing their job, exposing real debt.

Fix: move f5-mock-icontrol from host port 20443 to 20449 (next free
in the 204xx range; 20448 is windows-iis-test, 20443-20447 occupied
by apache/haproxy/traefik/caddy/envoy).

Touched:
  deploy/docker-compose.test.yml — f5-mock-icontrol ports: 20449:443
  deploy/test/vendor_e2e_helpers.go — sidecarMap["f5-mock"].hostPort: 20449

Verified: every host port in deploy/docker-compose.test.yml is now
unique (per-port count == 1 across all 17 mappings).
This commit is contained in:
shankar0123
2026-04-30 23:05:25 +00:00
parent b253fabbb6
commit 13d4fa5589
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/docker-compose.test.yml
+6 -1
View File
@@ -616,7 +616,12 @@ services:
dockerfile: deploy/test/f5-mock-icontrol/Dockerfile dockerfile: deploy/test/f5-mock-icontrol/Dockerfile
container_name: certctl-test-f5-mock container_name: certctl-test-f5-mock
ports: ports:
- "20443:443" # Host port 20449 (NOT 20443 — apache-test owns 20443). The
# ci-pipeline-cleanup Phase 5 vendor-matrix collapse brings up
# all sidecars simultaneously; the original Phase 1 design
# accidentally double-bound 20443 because the per-vendor matrix
# only ever ran one sidecar at a time, hiding the collision.
- "20449:443"
networks: networks:
certctl-test: certctl-test:
ipv4_address: 10.30.50.28 ipv4_address: 10.30.50.28
deploy/test/vendor_e2e_helpers.go
+1 -1
View File
@@ -52,7 +52,7 @@ var sidecarMap = map[string]vendorSidecar{
"postfix": {name: "postfix-test", hostPort: "127.0.0.1:20465"}, "postfix": {name: "postfix-test", hostPort: "127.0.0.1:20465"},
"dovecot": {name: "dovecot-test", hostPort: "127.0.0.1:20993"}, "dovecot": {name: "dovecot-test", hostPort: "127.0.0.1:20993"},
"openssh": {name: "openssh-test", hostPort: "127.0.0.1:20022"}, "openssh": {name: "openssh-test", hostPort: "127.0.0.1:20022"},
"f5-mock": {name: "f5-mock-icontrol", hostPort: "127.0.0.1:20443"}, "f5-mock": {name: "f5-mock-icontrol", hostPort: "127.0.0.1:20449"},
"k8s-kind": {name: "k8s-kind-test", hostPort: ""}, "k8s-kind": {name: "k8s-kind-test", hostPort: ""},
"windows-iis": {name: "windows-iis-test", hostPort: "127.0.0.1:20448"}, "windows-iis": {name: "windows-iis-test", hostPort: "127.0.0.1:20448"},
} }