Problems with Mender Helm Chart on OpenShift: privileged ports

I’m using the GitHub - mendersoftware/mender-helm: Mender Helm charts chart to install Mender, and want to say “thank you” because it’s such an easy way to install Mender!

I did run into some issues, though, that are very particular to deploying on Red Hat OpenShift. The problem is that the api-gateway and gui containers want to listen on port 80 and/or 443, but those privileged ports cannot be opened in OpenShift since the processes do not run as root. For the most part it is a case of changing the ports in the Helm files - they could even be changed so that they’re configurable as settings.

The bigger problem, though, is that the image for the gui container does a listen on port 80 in /etc/nginx/nginx.conf. I can get around this by building a new image that changes the port to something else. There are some other problems with the GUI image, like trying to write to readonly filesystems, and permissions problems when creating tempfile directories and pids - again these can be solved in the build of a custom image and other workarounds.

So the question is: what’s the best way to get some changes into the Helm Chart and the GUI image, so that I have less manual work every time there is an update? Making the ports a setting in the Helm Chart is easy enough, but it’s the image side of things that I think is going to be a lot more complicated and have potentially breaking changes for other types of Kubernetes systems.

I’d love to hear thoughts from the developers and community, thank you.