Security Rule with port number 1 not created when targetPort is not a number

[da3mon-01]

Describe the bug
The backend security rule does not contain the port 1 when a targetPort with a string is deployed.

Steps to reproduce

• Deploy dex/dex helm chart where the service has targetPort: http https://github.com/dexidp/helm-charts/blob/master/charts/dex/templates/service.yaml#L22C7-L22C17
• Enable Ingress rule

❯ k get ing -n mpro-dex -o yaml
apiVersion: v1
items:
- apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    annotations:
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:eu-west-1:2redacted
      alb.ingress.kubernetes.io/group.name: mpro-var
      alb.ingress.kubernetes.io/healthcheck-path: /healthz/live
      alb.ingress.kubernetes.io/healthcheck-port: "5558"
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/ssl-redirect: "443"
      alb.ingress.kubernetes.io/target-type: ip
      external-dns.alpha.kubernetes.io/hostname: mpro-redactedio
      meta.helm.sh/release-name: dex
      meta.helm.sh/release-namespace: mpro-dex
    creationTimestamp: "2024-10-30T11:04:07Z"
    finalizers:
    - group.ingress.k8s.aws/mpro-var
    generation: 3
    labels:
      app.kubernetes.io/instance: dex
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: dex
      app.kubernetes.io/version: 2.41.1
      helm.sh/chart: dex-0.19.1
    name: dex
    namespace: mpro-dex
    resourceVersion: "17155290"
    uid: da44692e-a111-4ff3-a21f-aa35ef26930d
  spec:
    ingressClassName: alb
    rules:
    - host: mpro-dex.redacted.io
      http:
        paths:
        - backend:
            service:
              name: dex
              port:
                number: 5556
          path: /*
          pathType: ImplementationSpecific
  status:
    loadBalancer:
      ingress:
      - hostname: redacted.elb.amazonaws.com
kind: List
metadata:
  resourceVersion: ""

❯ k get svc -n mpro-dex -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      meta.helm.sh/release-name: dex
      meta.helm.sh/release-namespace: mpro-dex
    creationTimestamp: "2024-10-30T11:02:52Z"
    labels:
      app.kubernetes.io/instance: dex
      app.kubernetes.io/managed-by: Helm
      app.kubernetes.io/name: dex
      app.kubernetes.io/version: 2.41.1
      helm.sh/chart: dex-0.19.1
    name: dex
    namespace: mpro-dex
    resourceVersion: "17133168"
    uid: c0d026d4-5824-43cd-86fe-6d0de789fa81
  spec:
    clusterIP: 172.20.171.29
    clusterIPs:
    - 172.20.171.29
    internalTrafficPolicy: Cluster
    ipFamilies:
    - IPv4
    ipFamilyPolicy: SingleStack
    ports:
    - appProtocol: http
      name: http
      port: 5556
      protocol: TCP
      targetPort: http
    - appProtocol: http
      name: telemetry
      port: 5558
      protocol: TCP
      targetPort: telemetry
    selector:
      app.kubernetes.io/instance: dex
      app.kubernetes.io/name: dex
    sessionAffinity: None
    type: ClusterIP
  status:
    loadBalancer: {}
kind: List
metadata:
  resourceVersion: ""

With this the cluster creates a TargetGroup with the Port 1 as described.

However the security group rule managed by ALBC contains the original dex port, not 1. When adding the manual rule 1 to the NodeGroup Security group, you can access dex.

Expected outcome
Either:

• Rule with port is added to security group
• An annotation exists where I can manually override the TargetGroup Port

Environment

• AWS Load Balancer controller version: 2.9.2
• Kubernetes version: 1.29
• Using EKS (yes/no), if so version? eks.13

Additional Context: