Accept probe port exposed via container args or command

[arpitjain099]

Fixes #1086

Problem

The liveness-port, readiness-port and startup-port checks resolve the probe port only against the container's declared containerPort list. A containerPort entry is informational: a process can listen on any port regardless of whether it is declared. When the probe port is wired up through a flag instead of a declared port, the checks report a false positive for a port that is actually being served.

The opentelemetry-operator chart (0.100.0) hits this. The manager container passes its health-probe address purely through args and only declares the metrics port:

containers:
  - name: manager
    args:
      - --metrics-addr=0.0.0.0:8080
      - --health-probe-addr=:8081
    ports:
      - containerPort: 8080
        name: metrics
        protocol: TCP
    livenessProbe:
      httpGet:
        path: /healthz
        port: 8081

Before

8081 is not in the declared ports, so the check fires even though the process listens on it:

container "manager" does not expose port 8081 for the HTTPGet
(check: liveness-port)

After

CheckProbePort now also looks for a numeric probe port as a standalone integer token in the container args and command before flagging it. With the change above the container no longer fires, which matches the expected behavior in the issue.

Because all three checks share CheckProbePort, the fix covers liveness-port, readiness-port and startup-port at once.

Scope and limitations

• The match is intentionally conservative. Only a numeric probe port is matched against args/command; a named (string) port still has to resolve against a declared containerPort exactly as before.
• The port number is matched as a standalone integer token, so searching for 8081 does not match 18081, 80818, or a port that only appears as a substring of an image tag or version. Those cases still fire.
• This is a textual presence check on the args, not a parse of every CLI flag convention. It accepts the common case where the port number appears in the args (for example --health-probe-addr=:8081, --addr=0.0.0.0:8081, --port 8081). It does not attempt to confirm which flag the port belongs to.

Tests

• pkg/templates/util/check_probe_port_test.go (new): direct unit tests for CheckProbePort and argContainsPort, including the issue [BUG] - Liveness probe port exposed in args is being ignored #1086 args case, the command case, the string-port no-match, and the substring regression guards (18081, 80818 still fire).
• pkg/templates/livenessport/template_test.go: added a PortExposedViaArgs case to the existing suite.
• tests/checks/liveness-port.yml: added a dont-fire-deployment-port-in-args container reproducing the chart scenario end to end. The existing four fire-cases and their assertions are unchanged.

go build ./..., go vet, and go test ./pkg/templates/... ./pkg/lintcontext/... all pass.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: dcc2cdda-fd37-4285-a0d3-e7b94a13a0f8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 87.09677% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 31.17%. Comparing base (dbd7529) to head (d79bb28).
⚠️ Report is 311 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/templates/util/check_probe_port.go	87.09%	3 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1197       +/-   ##
===========================================
- Coverage   62.36%   31.17%   -31.19%     
===========================================
  Files         197      239       +42     
  Lines        4854     6562     +1708     
===========================================
- Hits         3027     2046      -981     
- Misses       1439     4336     +2897     
+ Partials      388      180      -208     

Flag	Coverage Δ
unit	31.17% <87.09%> (-31.19%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.