search

hashicorp / terraform-aws-consul-ecs

Consul Service Mesh on AWS ECS (Elastic Container Service)
https://www.consul.io/docs/ecs
Mozilla Public License 2.0
52 stars 30 forks source link

conflict when setting different upstreams with the same port in mesh-task #154

Closed v-rosa closed 1 year ago

v-rosa commented 1 year ago

Currently when a service-a needs to communicate with a upstream, let's say service-b:1234 the following mesh-task is needed:

module "service-a" {
  source = "../../modules/mesh-task"
  upstreams = [
    {
      destinationName = "service-b"
      localBindPort   = 1234
    }
  ]

  container_definitions = [{
    environment = [
      {
        name  = "UPSTREAM_URI_B"
        value = "http://localhost:1234"
      }
    ]

Now if service-a needs to have a new upstream (service-c) using the same port, wouldn't this create a conflict? 

module "service-a" {
  source = "../../modules/mesh-task"
  upstreams = [
    {
      destinationName = "service-b"
      localBindPort   = 1234
    },
    {
      destinationName = "service-c"
      localBindPort   = 1234
    }
  ],
  container_definitions = [{
    environment = [
      {
        name  = "UPSTREAM_URI_B"
        value = "http://localhost:1234"
      },
      {
        name  = "UPSTREAM_URI_C"
        value = "http://localhost:1234" ## this doesn't make sense for me
      },
    ]
...
}

Would be possible to allow to set the upstreams like http://<consul-service-name>:<binding-port>, I tried this but apparently it doesn't work.

lkysow commented 1 year ago

Hi @v-rosa thanks for the issue! The key thing to note is that the localBindPort isn't the port that the actual upstream service has to listen on. For example, if service-b is listening on port 8080, you can still set localBindPort = 1234 for service-a. What's happening is that the Envoy sidecar proxy is listening within service-a's task on port 1234 and then will forward the request over to service-b on its port 8080.

Now given your example, each upstream service will need to have its own localBindPort set but this doesn't have to match the port it actually is listening on.

Regarding http://<consul-service-name>:<binding-port> this isn't possible right now due to some limitations within ECS itself (at least on fargate).

v-rosa commented 1 year ago

Hello @lkysow thanks for the clarification! So this means this would work:

module "service-a" {
  source = "../../modules/mesh-task"
  upstreams = [
    {
      destinationName = "service-b"
      localBindPort   = 1111
    },
    {
      destinationName = "service-c"
      localBindPort   = 2222
    }
  ],
  container_definitions = [{
    environment = [
      {
        name  = "UPSTREAM_URI_B"
        value = "http://localhost:1111"
      },
      {
        name  = "UPSTREAM_URI_C"
        value = "http://localhost:2222"
      },
    ]
...
}

Indeed the config name localBindPort is clear enough :) Sorry for the noise this issue might have created! Have a nice weekend!

lkysow commented 1 year ago

Yep exactly!