fix(helm): make helm service port configurable to port 80

[dbirks]

Description

This makes the Service port able to be configured to a normally privileged port like port 80.

To do so, I'm pinning the containerPort to 4954 to match what trivy server runs on by default, and am making the service.port to not be "overloaded" to be the container port as well.

I took a quick look at other charts like prometheus and grafana, to see if they allow containerPort to be configurable in the values.yml, but it looks like they don't, so I'm thinking it's not so common. I can't think of a use-case for configuring it at least, since all traffic to the Pod comes from the Service. I can make it configurable if you would like though.

To test locally:

Set up a test cluster:

kind create cluster
# and to clean up after the test:
# kind delete cluster

Before

Confirm that setting the Service port to 80 causes the pod to crash:

git checkout main
helm install trivy-main ./helm/trivy --set service.port=80
kubectl logs trivy-main-0

After

Try the same from this branch, and confirm that pod isn't crashing:

gh pr checkout 3013
helm install trivy-patched ./helm/trivy --set service.port=80
kubectl logs trivy-patched-0

And confirm that we can access the Service on port 80:

kubectl run -it --rm --image alpine test
# in the test alpine pod now...
apk add curl
curl -i http://trivy-patched/healthz

Related issues

• Close feat(helm): configure service port independent of container port #2957

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[knqyf263]

@krol3 Do you have a chance to review this PR?

[chen-keinan]

@dbirks sorry coming late on this , could you please make the port configurable (as you suggested) with default: 4954 I think its the best not to have hardcoded values

[github-actions]

This PR is stale because it has been labeled with inactivity.