update port names for Services for istio compliance

[avimoondra]

Addresses #144, alternate to #151

Addresses: #155, alternate to #156

Lighter weight approach than #154

https://istio.io/v1.0/docs/setup/kubernetes/spec-requirements/

Named ports: Service ports must be named. The port names must be of the form [-] with http, http2, grpc, mongo, or redis as the in order to take advantage of Istio's routing features. For example, name: http2-foo or name: http are valid port names, but name: http2foo is not. If the port name does not begin with a recognized prefix or if the port is unnamed, traffic on the port will be treated as plain TCP traffic (unless the port explicitly uses Protocol: UDP to signify a UDP port).

https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/, could also use appProtocol if prefix in names is not desirable.

Tested in internal (balloon) instances.

(also fixes #155)

[avimoondra]

Not needed, but just doing for consistency

Non-TCP based protocols, such as UDP, are not proxied. These protocols will continue to function as normal, without any interception by the Istio proxy but cannot be used in proxy-only components such as ingress or egress gateways.

https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/

[avimoondra]

was using this originally to name ports, but port names can be max 15 characters

https://stackoverflow.com/questions/73330773/is-there-any-way-to-disable-or-increase-port-name-length-in-kubernetes

[ryanartecona]

IMO it could just be multiplayer-ws as port name, since it will already be on a Service object which has the retool.fullname namespace in its own name?

[avimoondra]

i think the service portName just had to have http- prefix, but will just keep as is for consistency

and then you can have "retool.name" be longer than 15 chars i suppose 😅

[ryanartecona]

OH I thought this was still being used as port name, but didn't realize you stopped for that reason. good good.

[avimoondra]

there is no service defined here - attempted to add, but wasn't able to get it to compile template w/out error 👀

[roberto-retool]

don't think we need this since this is the pod's port

[roberto-retool]

would change this if also change above comment

[ryanartecona]

does changing it complicate anything? I was wondering the same, but OTOH I don't have the change if only for consistency of naming scheme, if it doesn't hurt anything.

[roberto-retool]

maybe a very minor downtime if service port changes before new pod comes up?
but yeah agree if we make them consistent we should do for all (e.g. the two ports defined above)

[ryanartecona]

oh right, we're using a named targetPort here. good point.

[ryanartecona]

actually I think technically, if this causes minor downtime, it's downtime either way, since we have to update targetPort to match the pod's new port name which comes from the Deployment template. we could choose to or not to update name here on the Service object to match purely for consistency, but I don't think that would have any downtime since the Service port number (port here) doesn't change. I think?

[avimoondra]

it seems like the ports that only need naming are on service and pod

https://istio.io/v1.0/docs/setup/kubernetes/spec-requirements/

I think will stick with the current changes then 👍

[avimoondra]

@alexlo03 Re-visiting this, I think it should work istio compliance requirements?

[alexlo03]

LGTM, I think this is a better/cleaner/clearer approach 🙏

I do not know what the upgrade looks like for existing deployments - renaming a port "should be a no-op" but IDK for sure.