Load Balanced Web Service: incompatibility when nlb and sidecars are used together

[mygzi]

Specifying nlb with a sidecar generates a cf template with the same ContainerPort in multiple ContainerDefinitions sections, which is an invalid configuration. When attempting to deploy the example service below, the following error is returned:

Resource handler returned message: "Invalid request provided: Create TaskDefinition: TCP container port '9901' is used multiple times in task when networkMode=awsvpc.

name: sidecar-with-nlb
type: Load Balanced Web Service

http: false

nlb:
  port: 80/tcp
  target_container: envoy

# Configuration for your containers and service.
image:
  location: public.ecr.aws/hashicorp/envoy-alpine:latest
  port: 10000

cpu: 256       # Number of CPU units for the task.
memory: 512    # Amount of memory in MiB used by the task.
count: 1       # Number of tasks that should be running in your service.
exec: true     # Enable running commands in your container.

sidecars:
  envoy:
    # envoy admin port
    port: 9901
    image: public.ecr.aws/hashicorp/envoy-alpine:latest

Here is an excerpt from the cf template provided by copilot svc package

      ContainerDefinitions:
        - Name: !Ref WorkloadName
          Image: !Ref ContainerImage

          PortMappings:
            - ContainerPort: !Ref ContainerPort
            - ContainerPort: 9901
              Protocol: tcp

It appears that the cf partial below is not sidecar aware, and assumes that the nlb target is always the main workload container.

copilot-cli/internal/pkg/template/templates/workloads/partials/cf/workload-container.yml

Line 33 in 2ac6b01

{{if ne .NLB.Listener.TargetPort .NLB.MainContainerPort}} {{/*No need to add additional port if the target port is the same as image port*/}}

For now we are working around this with a task override as follows:

taskdef_overrides:
  - path: ContainerDefinitions[0].PortMappings
    value:
      - ContainerPort: !Ref ContainerPort
        Protocol: tcp

[huanjani]

Thanks for bringing this to our attention, and for all the details! We'll look into it!

[huanjani]

I was able to replicate the bug. Thanks for figuring out a workaround to keep you going while we work on fixing this!

[dannyrandall]

This fix is now released in v1.21.0! https://github.com/aws/copilot-cli/releases/tag/v1.21.0 🎉 Thanks for reporting the issue @mygzi!