Specifying load balancer with "service create" failing without error

awslabs / fargatecli

CLI for AWS Fargate

Apache License 2.0

893 stars 114 forks source link

Specifying load balancer with "service create" failing without error #82

Open kolanos opened 5 years ago

kolanos commented 5 years ago

I'm trying to attach a service to a load balancer, but when I do the following no load balancer is being set for the service:

fargate lb create test-service \
          --cluster fargate \
          --certificate ... \
          --port https:443 \
          --region us-east-1

fargate service create test_service \
            --cluster fargate \
            --cpu 1024 \
            --lb test-service \
            --memory 2048 \
            --port http:5000 \
            --region us-east-1 \
            --task-role arn:aws:iam::...:role/test-service

If I attempt to run the second command without the load balancer being present I get an error as expected.

I'm not sure what the problem is here, what could cause attaching a service to a load balancer to fail silently like this?

kolanos commented 5 years ago

The problem appears to be with --port https:443 with the fargate lb create command. This appears to create a target group with the protocol htps and the port 443. And because my service is listening on http:5000 the service isn't added to the load balancer. Unfortunately AWS doesn't error on this state. Would be awesome if this tool would error if it detects such a mismatch, though.

Would it be possible to override the target group protocol and port in the fargate lb create command?

Is there a fargate lb create command that will let me create http:80 and https:443 listeners, but have the target group stick with http? When I attempt to use --port and --certificate multiple times with the fargate lb create command it complains that an http listener doesn't have a certificate.

kolanos commented 5 years ago

Found the error, it is here: https://github.com/jpignata/fargate/blob/master/cmd/service_create.go#L336

A task group name cannot have underscores. So if your service is something like test_service it will fail. This is especially confusing because this tool prepends service_ to the service name, so one is compelled to use underscores to be consistent.

My suggestions:

Replace underscores with hyphens for the target group name.
Handle any errors that arise with this operation since if it fails silently the service will need to be recreated since load balancers can only be added at service creation.