Closed slootmaekersdirk closed 6 months ago
Thanks for the FR. This is a duplicate of #687 In progress
Hello John,
Sorry for the duplicate, do you have a time frame when it is going to be available?
Thx Dirk
From: John Preston @.> Date: Tuesday, 12 December 2023 at 14:36 To: compose-x/ecs_composex @.> Cc: Dirk Slootmaekers @.>, Author @.> Subject: Re: [compose-x/ecs_composex] Lookup an existing loadbalancer (Issue #728)
Closed #728https://github.com/compose-x/ecs_composex/issues/728 as completed.
— Reply to this email directly, view it on GitHubhttps://github.com/compose-x/ecs_composex/issues/728#event-11223683872, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACNLQBU7FHFLY6JC57FG4YLYJBMXPAVCNFSM6AAAAABARPFJPKVHI2DSMVQWIX3LMV45UABCJFZXG5LFIV3GK3TUJZXXI2LGNFRWC5DJN5XDWMJRGIZDGNRYGM4DOMQ. You are receiving this because you authored the thread.Message ID: @.***>
I don't have a timeframe no, but happy to prioritize :)
PS: it's one of these things that you just dread doing :D
we will be looking forward to this FR, for us it is the missing piece to deploy our infra using compose-x
we will be looking forward to this FR, for us it is the missing piece to deploy our infra using compose-x
No worries. Would you mind describing your use-case (what type of LB? Do you want to add listeners? Listener rules? This ticket or the other one, whichever :)
sure... here is our use-case: In our environment (using compose-ecs) we have 1 ecs cluster, using a VPC and ALB loadbalancer. In the future we want to add an extra ecs cluster, attaching to the same VPC and ALB loadbalancer and adding new listeners for this new cluster. This is how we do it at the moment with compose-ecs. We have some 'default' setup and adapt it on the fly by adding additional clusters when needed
So In short we need to lookup an ALB (application loadbalancer) and add new listener + rules to it. updating existing rules is a nice feature but for the moment we don't need that.
Dirk
Hey :) Thanks for the details :+1: Just for my own clarity, you are using this compose-ecs? https://github.com/docker/compose-ecs
So In short we need to lookup an ALB (application loadbalancer) and add new listener + rules to it. updating existing rules is a nice feature but for the moment we don't need that.
That is very useful thank you. Updating rules is quite a bit of a giant pain TBH even when you evolve them through compose-x due to how the rule ID is generated etc.
I think I might be able to deal with adding a new Listener and its rules quite easily, but time will tell how "not ready" the code is for this.
Yes, that is what we use.Sent from my iPhoneOn 12 Dec 2023, at 21:47, John Preston @.***> wrote: Hey :) Just for my own clarity, you are using this compose-ecs? https://github.com/docker/compose-ecs
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.***>
hello John,
can you give us an update on the progress?
thank you , Dirk
Hi @slootmaekersdirk This is most likely going to be my today/tomorrow next thing :)
Hello John,
As I need to start our deployment (UAT), when can we expect this fix?
and if available, how should I use it?
thx Dirk
@slootmaekersdirk Hey Assuming you are going to create new listeners, the code in the branch for #734 If you could please git it a try and provide some feedback as to the workings? Thanks,
Hello John,
thx,
I installed it but can you give me an example on how to use it? I have something like this: is this correct? (I receive errors)
x-elbv2: lbA: Lookup: Name: existing_name_of_loadbalancer Services:
so to recap:
with the above config i get : UserWarning: x-elbv2 - Lookup not supported. You can only create new resources
I have been this, with my own real domain names though. This would work to add a new listener. You need to install it from git from the branch of the PR
pip install git+https://github.com/compose-x/ecs_composex@feature/x-elbv2-lookup
services:
proxy:
image: nginx
ports:
- 6969
deploy:
labels:
ecs.task.family: proxy
x-elbv2:
public-ingress:
DnsAliases:
- Route53Zone: x-route53::PublicZone
Names:
- "proxy.tld"
Lookup:
loadbalancer:
Tags:
Name: proxy-publicingress
Listeners:
- Port: 6969
Protocol: TCP
Targets:
- name: proxy:proxy:6969
access: /
Services:
- name: proxy:proxy
port: 6969
protocol: TCP
healthcheck: 6969:TCP:2:2:15:5
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: "15"
- Key: deregistration_delay.connection_termination.enabled
Value: "false"
- Key: preserve_client_ip.enabled
Value: "true"
x-route53:
PublicZone:
Name: proxy
Lookup: true
Hello John,
after some testing (Lookup works !, add Listeners works) I saw that there is no inbound rule added to the Existing security group of the existing loadbalancer (in the below case there is no inbound rule added for port 82):
with the below example (2nd part) I see a new SG ( lbA: ) but I just want to reuse the existing LB SG for that (the new SG is not linked to the existing LB).
is this the correct syntax in the yml file? ? I just want to lookup an existing LB add some listeners and that's it (no other stuff)
This is how I created the original (first) LB: -> creates SG lbA attached to LB x-elbv2: lbA: Properties: Scheme: internet-facing Type: application MacroParameters: Ingress: ExtSources:
and this is how I want to link the new services to the exsting LB: -> creates another SG "LBA" not linked to the existing LB
x-vpc: Lookup: VpcId: Tags:
x-cluster: Lookup: ClusterName: modev02
networks: application: x-vpc: AppSubnets
x-elbv2: lbA: Properties: Scheme: internet-facing Type: application MacroParameters: Ingress: ExtSources:
thx Dirk
Interesting conflicts on the dependencies. Bizarre really.
Try again with creating a new venv first maybe?. python3 -m venv compose-x-dev; source compose-x-dev/bin/activate
then re run the pip install from git branch
Interesting conflicts on the dependencies. Bizarre really. Try again with creating a new venv first maybe?.
python3 -m venv compose-x-dev; source compose-x-dev/bin/activate
then re run the pip install from git branch
indeed; that fixes the issue. after wards I did additional tests (see latest comment on the creation of the SG when performing a lookup) (I have updated the existing comment a few times, so you should receive some emails on that, just look at the latest one)
Hey John,
just to summarize:
issue is that a new SG is created without any inbound rules and that it is not linked to the LB.
I suggest that the existing security group of the LB is used and add the inbound rules to open up the ports to that one
Dirk
Oh okay. Interesting. I tried with a NLB mostly so far so I need to check on the ALB to create the ingress rules indeed. Thanks a lot for the feedback. Thoughts on maybe what could be done differently? Thanks
Hello John,
I suggest that when a lookup of an LB is done, in stead of the default creation of the SG, you lookup the associated SG of the LB as well and add the additional ingress rules to that one
Dirk
Yeah already do find the SG. Need to re-use it :)
Hello John,
Do you have an update on this?
Thx Dirk
Yes, so I can either release it as-is with only adding new listeners, or add listeners. I have need for existing listeners myself, but happy to split the work into two. Thoughts?
Hello John,
unfortunately I'm not a python programmer, so I can't help you on this one. The only part missing for me is to use the existing SG of the LB and add the ingress rules to that one.
can you add this functionality?
Dirk
unfortunately I'm not a python programmer, so I can't help you on this one.
No worries, wasn't what I meant ;)
The only part missing for me is to use the existing SG of the LB and add the ingress rules to that one.
I'll do that and make a release, add more functionalities later I suppose.
@slootmaekersdirk I just tested with ALB and ports, and I can see in the CFN template of the service itself that is has the Security Group ingress rules already. Did that not appear from your tests? Are you trying with a NLB or ALB? Thanks,
Hello,
I'm also trying with ALB but when I open the SG of the LB then no new ports are added.
In the below example it should add port 82 to the existing group of the LB. What I see is that a new SG is created, not linked to the LB and not containing port 82
x-vpc: Lookup: VpcId: Tags:
x-cluster: Lookup: ClusterName: modev02
networks: application: x-vpc: AppSubnets
x-elbv2: modevLB: Properties: Scheme: internet-facing Type: application MacroParameters: Ingress: ExtSources:
services: modev02-apigateway: x-iam: ManagedPolicyArns:
Oh I see, my bad. I thought you meant LB -> Service
@slootmaekersdirk That's done in the latest commit of the feature branch. Let me know if that works for you too :)
Hello John,
I did pip install git+https://github.com/compose-x/ecs_composex@feature/x-elbv2-lookup
Still a new SG (also here no ports are added) is created and the SG attached to the LB does not have the new ingress ports
So the fix didn't make any difference Dirk
sorry, my mistake.
it is adding the ingress port to the SG attached to the LB ! but it also creates a new one, which is not used.
So the fix works
Thx
I will perform some additional tests
Let me fix that new SG created. This might be a good feature though :thinking: For now, will take it out.
EDIT: I pushed the change to not create the SG when looking up.
ok, thanks for the support. You can merge it with the trunk
Dirk
Hello John,
when are you performing the merge ?
thx Dirk
Hey @slootmaekersdirk I have worked on the lookup for listeners this weekend, it's nearly done. I need to do actual tests. Then I will merge the branch in.
In the meantime installing it from git+https://@branch
should work. I will make sure not to delete the branch until I have updated you in case you have that somewhere in your CICD process.
@slootmaekersdirk new version will be released this week :) Sorry for the delay, it has been a very busy start of the year, but my biggest deliveries are now done, I will be able to give my projects some love again :)
@slootmaekersdirk I published 0.25.0-rc1 today This has the lookup changes including re-using existing listeners (ALB only, NLBs don't have rules)
Hello John,
it seems this is broke in in the latest version. I don't want to lookup any Listeners for an existing LB, but just look it up and add new onces. this is my yml -> x-elbv2: modevLB: Properties: Scheme: internet-facing Type: application MacroParameters: Ingress: ExtSources:
services: modev03-apigateway: ....
but it fails with the error -> ('You must specify at least one Listener for a LB.', 'modevLB')
this was not the case in the RC
what am i doing wrong here?
Dirk
when I look at the rule, you are obliged to enter a 'Listener' under the Lookup ! that is not what I want, I don't want to lookup listners
-> or (self.lookup and not keyisset("Listeners", self.lookup))
Dirk
Hello John,
did you find time to give some feedback?
thx Dirk
Hello @slootmaekersdirk Sorry this totally flew under the radar. Let me open up an issue for it.
Is your feature request related to a problem? Please describe. I have a setup where I create a compose-x stack 1 and in my compose-x stack 2 I want to reuse the VPC and loadbalancer I created with compose-x stack 1
Describe the solution you'd like We should be able to lookup a x-elbv2 (in my case application lb) the same way as we can lookup a x-vpc