From d053f7b245573f884f95da3a1ae3a150b7eecd4b Mon Sep 17 00:00:00 2001 From: TJ Horner Date: Sat, 10 Jun 2023 23:55:34 -0700 Subject: [PATCH 1/6] Initial support for NLB UDP listeners --- internal/pkg/manifest/svc.go | 5 +++-- internal/pkg/manifest/validate.go | 2 +- site/content/docs/manifest/backend-service.en.md | 2 +- site/content/docs/manifest/backend-service.ja.md | 2 +- site/content/docs/manifest/lb-web-service.en.md | 2 +- site/content/docs/manifest/lb-web-service.ja.md | 2 +- 6 files changed, 8 insertions(+), 7 deletions(-) diff --git a/internal/pkg/manifest/svc.go b/internal/pkg/manifest/svc.go index 72b62285b9a..c26e6885d7f 100644 --- a/internal/pkg/manifest/svc.go +++ b/internal/pkg/manifest/svc.go @@ -500,7 +500,7 @@ func (cfg NetworkLoadBalancerListener) exposedPorts(exposedPorts []ExposedPort, if cfg.IsEmpty() { return nil, nil } - nlbPort, _, err := ParsePortMapping(cfg.Port) + nlbPort, nlbProtocol, err := ParsePortMapping(cfg.Port) if err != nil { return nil, err } @@ -522,10 +522,11 @@ func (cfg NetworkLoadBalancerListener) exposedPorts(exposedPorts []ExposedPort, if cfg.TargetContainer != nil { targetContainer = aws.StringValue(cfg.TargetContainer) } + targetProtocol := strings.ToLower(aws.StringValue(nlbProtocol)) return []ExposedPort{ { Port: targetPort, - Protocol: "tcp", + Protocol: targetProtocol, ContainerName: targetContainer, }, }, nil diff --git a/internal/pkg/manifest/validate.go b/internal/pkg/manifest/validate.go index 7d4a9713fe8..d99c41759b4 100644 --- a/internal/pkg/manifest/validate.go +++ b/internal/pkg/manifest/validate.go @@ -55,7 +55,7 @@ var ( essentialContainerDependsOnValidStatuses = []string{dependsOnStart, dependsOnHealthy} dependsOnValidStatuses = []string{dependsOnStart, dependsOnComplete, dependsOnSuccess, dependsOnHealthy} - nlbValidProtocols = []string{TCP, TLS} + nlbValidProtocols = []string{TCP, udp, TLS} validContainerProtocols = []string{TCP, udp} tracingValidVendors = []string{awsXRAY} ecsRollingUpdateStrategies = []string{ECSDefaultRollingUpdateStrategy, ECSRecreateRollingUpdateStrategy} diff --git a/site/content/docs/manifest/backend-service.en.md b/site/content/docs/manifest/backend-service.en.md index a3b24cdd31c..b6bcf8f716f 100644 --- a/site/content/docs/manifest/backend-service.en.md +++ b/site/content/docs/manifest/backend-service.en.md @@ -155,7 +155,7 @@ List of all available properties for a `'Backend Service'` manifest. To learn ab http: path: '/' target_port: 8083 # Traffic on "/" is forwarded to the main container, on port 8083. - additional_rules: + additional_listeners: - path: 'customerdb' target_port: 8081 # Traffic on "/customerdb" is forwarded to the main container, on port 8081. - path: 'admin' diff --git a/site/content/docs/manifest/backend-service.ja.md b/site/content/docs/manifest/backend-service.ja.md index f8c8a206e22..ee9a8198c7c 100644 --- a/site/content/docs/manifest/backend-service.ja.md +++ b/site/content/docs/manifest/backend-service.ja.md @@ -155,7 +155,7 @@ http: path: '/' target_port: 8083 # Traffic on "/" is forwarded to the main container, on port 8083. - additional_rules: + additional_listeners: - path: 'customerdb' target_port: 8081 # Traffic on "/customerdb" is forwarded to the main container, on port 8081. - path: 'admin' diff --git a/site/content/docs/manifest/lb-web-service.en.md b/site/content/docs/manifest/lb-web-service.en.md index ac290b0ff96..c3d18d713c4 100644 --- a/site/content/docs/manifest/lb-web-service.en.md +++ b/site/content/docs/manifest/lb-web-service.en.md @@ -241,7 +241,7 @@ List of all available properties for a `'Load Balanced Web Service'` manifest. T nlb: port: 8080/tcp # Traffic on port 8080/tcp is forwarded to the main container, on port 8080. - additional_rules: + additional_listeners: - port: 8084/tcp # Traffic on port 8084/tcp is forwarded to the main container, on port 8084. - port: 8085/tcp # Traffic on port 8085/tcp is forwarded to the sidecar "envoy", on port 3000. target_port: 3000 diff --git a/site/content/docs/manifest/lb-web-service.ja.md b/site/content/docs/manifest/lb-web-service.ja.md index 62095c47e49..008ac2da21e 100644 --- a/site/content/docs/manifest/lb-web-service.ja.md +++ b/site/content/docs/manifest/lb-web-service.ja.md @@ -241,7 +241,7 @@ nlb: port: 8080/tcp # Traffic on port 8080/tcp is forwarded to the main container, on port 8080. - additional_rules: + additional_listeners: - port: 8084/tcp # Traffic on port 8084/tcp is forwarded to the main container, on port 8084. - port: 8085/tcp # Traffic on port 8085/tcp is forwarded to the sidecar "envoy", on port 3000. target_port: 3000 From cb15323bf70c9aa55bf5a806f9af1068a859524d Mon Sep 17 00:00:00 2001 From: TJ Horner Date: Tue, 13 Jun 2023 08:50:40 -0700 Subject: [PATCH 2/6] Fix (NetworkLoadBalancerListener).exposedPorts for TLS listeners and TCP defaults --- internal/pkg/manifest/svc.go | 12 ++++++++++-- internal/pkg/manifest/validate_test.go | 14 ++++++-------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/internal/pkg/manifest/svc.go b/internal/pkg/manifest/svc.go index c26e6885d7f..0528a024a4d 100644 --- a/internal/pkg/manifest/svc.go +++ b/internal/pkg/manifest/svc.go @@ -513,8 +513,16 @@ func (cfg NetworkLoadBalancerListener) exposedPorts(exposedPorts []ExposedPort, if cfg.TargetPort != nil { targetPort = uint16(aws.IntValue(cfg.TargetPort)) } + targetProtocol := strings.ToLower(TCP) + if nlbProtocol != nil { + protocol := strings.ToLower(aws.StringValue(nlbProtocol)) + // Use TCP for TLS listeners. + if protocol != strings.ToLower(TLS) { + targetProtocol = protocol + } + } for _, exposedPort := range exposedPorts { - if targetPort == exposedPort.Port { + if targetPort == exposedPort.Port && targetProtocol == exposedPort.Protocol { return nil, nil } } @@ -522,7 +530,7 @@ func (cfg NetworkLoadBalancerListener) exposedPorts(exposedPorts []ExposedPort, if cfg.TargetContainer != nil { targetContainer = aws.StringValue(cfg.TargetContainer) } - targetProtocol := strings.ToLower(aws.StringValue(nlbProtocol)) + return []ExposedPort{ { Port: targetPort, diff --git a/internal/pkg/manifest/validate_test.go b/internal/pkg/manifest/validate_test.go index 1aaef362b05..3de60455039 100644 --- a/internal/pkg/manifest/validate_test.go +++ b/internal/pkg/manifest/validate_test.go @@ -1767,7 +1767,7 @@ func TestNetworkLoadBalancerConfiguration_validate(t *testing.T) { }, }, wantedErrorMsgPrefix: `validate "nlb": `, - wantedError: fmt.Errorf(`validate "port": invalid protocol tps; valid protocols include TCP and TLS`), + wantedError: fmt.Errorf(`validate "port": invalid protocol tps; valid protocols include TCP, UDP and TLS`), }, "fail if protocol is not recognized in additional listeners": { nlb: NetworkLoadBalancerConfiguration{ @@ -1781,7 +1781,7 @@ func TestNetworkLoadBalancerConfiguration_validate(t *testing.T) { }, }, wantedErrorMsgPrefix: `validate "nlb": `, - wantedError: fmt.Errorf(`validate "additional_listeners[0]": validate "port": invalid protocol tps; valid protocols include TCP and TLS`), + wantedError: fmt.Errorf(`validate "additional_listeners[0]": validate "port": invalid protocol tps; valid protocols include TCP, UDP and TLS`), }, "success if tcp": { nlb: NetworkLoadBalancerConfiguration{ @@ -1790,15 +1790,14 @@ func TestNetworkLoadBalancerConfiguration_validate(t *testing.T) { }, }, }, - "error if udp": { + "success if udp": { nlb: NetworkLoadBalancerConfiguration{ Listener: NetworkLoadBalancerListener{ Port: aws.String("161/udp"), }, }, - wantedError: fmt.Errorf(`validate "port": invalid protocol udp; valid protocols include TCP and TLS`), }, - "error if udp in additional listeners": { + "success if udp in additional listeners": { nlb: NetworkLoadBalancerConfiguration{ Listener: NetworkLoadBalancerListener{ Port: aws.String("161/tcp"), @@ -1809,7 +1808,6 @@ func TestNetworkLoadBalancerConfiguration_validate(t *testing.T) { }, }, }, - wantedError: fmt.Errorf(`validate "additional_listeners[0]": validate "port": invalid protocol udp; valid protocols include TCP and TLS`), }, "error if additional listeners are defined before main listener": { nlb: NetworkLoadBalancerConfiguration{ @@ -1846,7 +1844,7 @@ func TestNetworkLoadBalancerConfiguration_validate(t *testing.T) { Port: aws.String("443/TCP_udp"), }, }, - wantedError: fmt.Errorf(`validate "port": invalid protocol TCP_udp; valid protocols include TCP and TLS`), + wantedError: fmt.Errorf(`validate "port": invalid protocol TCP_udp; valid protocols include TCP, UDP and TLS`), }, "error if tcp_udp in additional listeners": { nlb: NetworkLoadBalancerConfiguration{ @@ -1859,7 +1857,7 @@ func TestNetworkLoadBalancerConfiguration_validate(t *testing.T) { }, }, }, - wantedError: fmt.Errorf(`validate "additional_listeners[0]": validate "port": invalid protocol TCP_udp; valid protocols include TCP and TLS`), + wantedError: fmt.Errorf(`validate "additional_listeners[0]": validate "port": invalid protocol TCP_udp; valid protocols include TCP, UDP and TLS`), }, "error if hosted zone is set": { nlb: NetworkLoadBalancerConfiguration{ From 5c4523b15d7d792fc55ee2d286708e5d7711a6bb Mon Sep 17 00:00:00 2001 From: TJ Horner Date: Tue, 13 Jun 2023 08:56:37 -0700 Subject: [PATCH 3/6] Additional tests; revert erroneous documentation change --- internal/pkg/manifest/lb_web_svc_test.go | 9 +++++++++ site/content/docs/manifest/backend-service.en.md | 2 +- site/content/docs/manifest/backend-service.ja.md | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/internal/pkg/manifest/lb_web_svc_test.go b/internal/pkg/manifest/lb_web_svc_test.go index 7e2d5fc1d4b..27f2b49153e 100644 --- a/internal/pkg/manifest/lb_web_svc_test.go +++ b/internal/pkg/manifest/lb_web_svc_test.go @@ -2641,6 +2641,9 @@ func TestLoadBalancedWebService_ExposedPorts(t *testing.T) { TargetPort: aws.Int(8083), TargetContainer: aws.String("xray"), }, + { + Port: aws.String("8084/udp"), + }, }, }, }, @@ -2653,6 +2656,12 @@ func TestLoadBalancedWebService_ExposedPorts(t *testing.T) { Protocol: "tcp", isDefinedByContainer: true, }, + { + Port: 8084, + ContainerName: "frontend", + Protocol: "udp", + isDefinedByContainer: false, + }, }, "xray": { { diff --git a/site/content/docs/manifest/backend-service.en.md b/site/content/docs/manifest/backend-service.en.md index b6bcf8f716f..a3b24cdd31c 100644 --- a/site/content/docs/manifest/backend-service.en.md +++ b/site/content/docs/manifest/backend-service.en.md @@ -155,7 +155,7 @@ List of all available properties for a `'Backend Service'` manifest. To learn ab http: path: '/' target_port: 8083 # Traffic on "/" is forwarded to the main container, on port 8083. - additional_listeners: + additional_rules: - path: 'customerdb' target_port: 8081 # Traffic on "/customerdb" is forwarded to the main container, on port 8081. - path: 'admin' diff --git a/site/content/docs/manifest/backend-service.ja.md b/site/content/docs/manifest/backend-service.ja.md index ee9a8198c7c..f8c8a206e22 100644 --- a/site/content/docs/manifest/backend-service.ja.md +++ b/site/content/docs/manifest/backend-service.ja.md @@ -155,7 +155,7 @@ http: path: '/' target_port: 8083 # Traffic on "/" is forwarded to the main container, on port 8083. - additional_listeners: + additional_rules: - path: 'customerdb' target_port: 8081 # Traffic on "/customerdb" is forwarded to the main container, on port 8081. - path: 'admin' From 163bce376385928dbf71161d5b8aa65798348162 Mon Sep 17 00:00:00 2001 From: TJ Horner Date: Tue, 13 Jun 2023 08:57:18 -0700 Subject: [PATCH 4/6] More descriptive comment --- internal/pkg/manifest/svc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/manifest/svc.go b/internal/pkg/manifest/svc.go index 0528a024a4d..c0c2d26d8ad 100644 --- a/internal/pkg/manifest/svc.go +++ b/internal/pkg/manifest/svc.go @@ -516,7 +516,7 @@ func (cfg NetworkLoadBalancerListener) exposedPorts(exposedPorts []ExposedPort, targetProtocol := strings.ToLower(TCP) if nlbProtocol != nil { protocol := strings.ToLower(aws.StringValue(nlbProtocol)) - // Use TCP for TLS listeners. + // Expose TCP port for TLS listeners. if protocol != strings.ToLower(TLS) { targetProtocol = protocol } From 283440688b55bfefc12e468b144a113d0f2358b7 Mon Sep 17 00:00:00 2001 From: TJ Horner Date: Tue, 13 Jun 2023 09:16:07 -0700 Subject: [PATCH 5/6] Add UDP listener docs --- site/content/docs/include/nlb-additionallisteners.en.md | 2 +- site/content/docs/include/nlb.en.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/site/content/docs/include/nlb-additionallisteners.en.md b/site/content/docs/include/nlb-additionallisteners.en.md index a09ef06dee1..018a87d8a2b 100644 --- a/site/content/docs/include/nlb-additionallisteners.en.md +++ b/site/content/docs/include/nlb-additionallisteners.en.md @@ -2,7 +2,7 @@ nlb.additional_listeners.`port` String Required. The additional port and protocol for the Network Load Balancer to listen on. - Accepted protocols include `tcp` and `tls`. If the protocol is not specified, `tcp` is used by default. + Accepted protocols include `tcp`, `udp` and `tls`. If the protocol is not specified, `tcp` is used by default. nlb.additional_listeners.`healthcheck` Map Specify the health check configuration for your additional listener on the Network Load Balancer. diff --git a/site/content/docs/include/nlb.en.md b/site/content/docs/include/nlb.en.md index f952590d3bb..650337e1764 100644 --- a/site/content/docs/include/nlb.en.md +++ b/site/content/docs/include/nlb.en.md @@ -9,7 +9,7 @@ at least one of Application Load Balancer and Network Load Balancer must be enab nlb.`port` String Required. The port and protocol for the Network Load Balancer to listen on. -Accepted protocols include `tcp` and `tls`. If the protocol is not specified, `tcp` is used by default. For example: +Accepted protocols include `tcp`, `udp` and `tls`. If the protocol is not specified, `tcp` is used by default. For example: ```yaml nlb: port: 80 From 413dbf40165a3905f032ac23dce1fb3f4cff9b5e Mon Sep 17 00:00:00 2001 From: Wanxian Yang Date: Thu, 13 Jul 2023 10:24:30 -0700 Subject: [PATCH 6/6] convert lower case altogether --- internal/pkg/manifest/svc.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/pkg/manifest/svc.go b/internal/pkg/manifest/svc.go index c0c2d26d8ad..4ef0a1af508 100644 --- a/internal/pkg/manifest/svc.go +++ b/internal/pkg/manifest/svc.go @@ -513,14 +513,14 @@ func (cfg NetworkLoadBalancerListener) exposedPorts(exposedPorts []ExposedPort, if cfg.TargetPort != nil { targetPort = uint16(aws.IntValue(cfg.TargetPort)) } - targetProtocol := strings.ToLower(TCP) + targetProtocol := TCP if nlbProtocol != nil { - protocol := strings.ToLower(aws.StringValue(nlbProtocol)) // Expose TCP port for TLS listeners. - if protocol != strings.ToLower(TLS) { + if protocol := aws.StringValue(nlbProtocol); !strings.EqualFold(protocol, TLS) { targetProtocol = protocol } } + targetProtocol = strings.ToLower(targetProtocol) for _, exposedPort := range exposedPorts { if targetPort == exposedPort.Port && targetProtocol == exposedPort.Protocol { return nil, nil @@ -608,7 +608,7 @@ func (rr *RoutingRule) Target(exposedPorts ExposedPortsIndex) (targetContainer s if rrTargetContainer == nil { // when target_container is nil container, port := targetContainerFromTargetPort(exposedPorts, rrTargetPort) targetPort = aws.StringValue(port) - //In general, containers aren't expected to be empty. But this condition is applied for extra safety. + // In general, containers aren't expected to be empty. But this condition is applied for extra safety. if container != nil { targetContainer = aws.StringValue(container) } @@ -699,7 +699,7 @@ func (listener NetworkLoadBalancerListener) Target(exposedPorts ExposedPortsInde if listener.TargetContainer == nil { // when target_container is nil container, port := targetContainerFromTargetPort(exposedPorts, uint16P(uint16(aws.IntValue(listener.TargetPort)))) targetPort = aws.StringValue(port) - //In general, containers aren't expected to be empty. But this condition is applied for extra safety. + // In general, containers aren't expected to be empty. But this condition is applied for extra safety. if container != nil { targetContainer = aws.StringValue(container) }