feat: Support UDP listeners in Network Load Balancer #4980
Conversation
tjhorner
changed the title
|
🍕 Here are the new binary sizes!
|
Codecov Report
@@ Coverage Diff @@
## mainline #4980 +/- ##
=============================================
+ Coverage 70.03% 94.41% +24.37%
=============================================
Files 289 13 -276
Lines 42031 1521 -40510
Branches 285 285
=============================================
- Hits 29435 1436 -27999
+ Misses 11176 80 -11096
+ Partials 1420 5 -1415 |
internal/pkg/manifest/svc.go
Outdated
| protocol := strings.ToLower(aws.StringValue(nlbProtocol)) | ||
| // Expose TCP port for TLS listeners. | ||
| if protocol != strings.ToLower(TLS) { | ||
| targetProtocol = protocol | ||
| } |
There was a problem hiding this comment.
Yay thanks for taking care of this case!!
Small nit - strings.EqualFold is case-insensitive, so we can use it for the comparison here
| protocol := strings.ToLower(aws.StringValue(nlbProtocol)) | |
| // Expose TCP port for TLS listeners. | |
| if protocol != strings.ToLower(TLS) { | |
| targetProtocol = protocol | |
| } | |
| // Expose TCP port for TLS listeners. | |
| if !strings.EqualFold(aws.StringValue(nlbProtocol), TLS) | |
| targetProtocol = protocol | |
| } |
There was a problem hiding this comment.
TIL! Will update to use this
| for _, exposedPort := range exposedPorts { | ||
| if targetPort == exposedPort.Port { | ||
| if targetPort == exposedPort.Port && targetProtocol == exposedPort.Protocol { |
There was a problem hiding this comment.
nit:
| if targetPort == exposedPort.Port && targetProtocol == exposedPort.Protocol { | |
| // NOTE: ECS doesn't support exposing the same port twice. | |
| // This is a feature request to support multiple protocols on the same port: https://github.com/aws/containers-roadmap/issues/850. | |
| if targetPort == exposedPort.Port { |
ECS doesn't let you expose the same port twice, even if they are different protocols. Although as a client side tool we don't have to do the same validations as the service, I think I'd prefer erroring out early here.
NLB can listen on a port for TPC_UDP traffic - judging by this design pattern, it is possible that when ECS does support this feature, they will support an "additional protocol" called TCP_UDP, instead of letting people expose the same port twice. This is my own personal intuition though. Here is a related feature request to ECS: aws/containers-roadmap#850.
Anyway, based on this observation, it's likely that we won't need to change this if statement even after they'e supported the feature. So maintenance-wise, this probably won't cause burden in the future anyway.
There was a problem hiding this comment.
Sure, that makes sense. I'll add that note and revert the change there.
Wouldn't this just silently fail? No err is being returned, but I'm not sure if consumers of this method would interpret a nil []ExposedPort as a failure.
There was a problem hiding this comment.
My bad!! I somehow was thinking this code was written in manifest/validate.go, and was trying to point out that the "uniqueness" of a port is determined by the port only, not port + protocol.
Now that I've had my coffee, I realize this comment doesn't make sense for the code here. This function is called after we've done all the manifest validation. At this point, it should be assumed that the manifest is totally valid - that is, no port is exposed twice.
Therefore, I think we can keep it as you have (port + protocol). Since the validation already happened, there is effectively no difference between if targetPort == exposedPort.Port and if targetPort == exposedPort.Port && targetProtocol == exposedPort.Protocol; however, the latter is clearly and makes more sense 😂
The validation code already checks that "no port is exposed twice" - it doesn't take protocol into consideration. So we are good there as well.
Sorry for the confusion!!
There was a problem hiding this comment.
hey there @tjhorner ! Do you want me to take over the code and address the nit, so that this PR can be merged before our next release?
There was a problem hiding this comment.
Sure, that's fine. Thanks!
Lou1415926
force-pushed
the
feature/nlb-udp-ports
branch
from
02f0cdd
to
413dbf4
Compare
| @@ -241,7 +241,7 @@ List of all available properties for a `'Load Balanced Web Service'` manifest. T | |||
|
|
|||
| nlb: | |||
| port: 8080/tcp # Traffic on port 8080/tcp is forwarded to the main container, on port 8080. | |||
| additional_rules: | |||
| additional_listeners: | |||
This PR adds basic UDP support for Network Load Balancers. For example, you can now do this in a
Load Balanced Web Service:Additional listeners are also supported:
I also updated the English documentation to reflect this change, but not the Japanese documentation.
This addresses issue #4767.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.