Skip to content
This repository has been archived by the owner on Jan 18, 2022. It is now read-only.

CORE-1340 Change locator port 444 -> 443 #1220

Merged
merged 5 commits into from
Nov 19, 2019
Merged

CORE-1340 Change locator port 444 -> 443 #1220

merged 5 commits into from
Nov 19, 2019

Conversation

tomhjp
Copy link
Contributor

@tomhjp tomhjp commented Nov 18, 2019
edited
Loading

Description

As part of protecting the platform from DDoS attacks, we will be moving locator (xavier) behind a Google Global Load Balancer. These GLBs only support serving TLS traffic on port 443. Locator already supports serving gRPC traffic on port 443, so we can make this patch immediately, and it will be a seamless transition when the DNS for locator starts pointing to the GLB (which exposes port 443) instead of our current load balancer (which exposes port 443 and 444).

Tests

I have manually confirmed that Xavier is serving on 443 and 444 just like all other base servers. I have also confirmed that no additional steps are required to serve gRPC TLS on HTTP TLS ports for our base servers.

I have also run the QA pipeline on this branch and successfully connected to the resulting deployment: https://buildkite.com/improbable/gdk-for-unity-release-qa/builds/75

Documentation

Internal release note in the changelog.

Primary reviewers

If your change will take a long time to review, you can name at most two primary reviewers who are ultimately responsible for reviewing this request. @ mention them.

@tomhjp
CORE-1340 Change locator port 444 -> 443
a40748e 
As part of protecting the platform from DDoS attacks, we will be moving locator (xavier) behind a Google Global Load Balancer. These GLBs only support serving TLS traffic on port 443. Locator already supports serving gRPC traffic on port 443, so we can make this patch immediately, and it will be a seamless transition when the DNS for locator starts pointing to the GLB (which exposes port 443) instead of our current load balancer (which exposes port 443 and 444).

```
$ imp-kubectl h-eu1 a get services | grep xavier
infra         xavier-lb                  10.218.254.177   35.187.123.237   443:31656/TCP,444:30616/TCP,80:30101/TCP                           2y
webtools      xavier                     10.218.254.124   <none>           8080/TCP,8081/TCP,80/TCP,443/TCP,444/TCP                           1y
webtools      xavier-lb-temp             10.218.254.101   35.195.46.155    443:30518/TCP,444:31296/TCP,80:30144/TCP                           2y
webtools      xavier-pod                 None             <none>           8080/TCP,8081/TCP,444/TCP,443/TCP,80/TCP                           63d
```

```
$ imp-kubectl h-us1 a get services | grep xavier
infra         xavier-lb                  10.217.254.219   104.198.212.81    443:30582/TCP,444:30740/TCP,80:30337/TCP                           2y
webtools      xavier                     10.217.254.152   <none>            8080/TCP,8081/TCP,80/TCP,443/TCP,444/TCP                           1y
webtools      xavier-lb-temp             10.217.254.106   104.154.59.178    443:32388/TCP,444:31196/TCP,80:30687/TCP                           2y
webtools      xavier-pod                 None             <none>            8080/TCP,8081/TCP,444/TCP,443/TCP,80/TCP                           63d
```
@improbable-prow-robot
Copy link

Corresponding JIRA ticket: https://improbableio.atlassian.net/browse/CORE-1340

@improbable-prow-robot improbable-prow-robot added jira/CORE Indicates a PR has a corresponding JIRA CORE ticket A: core Area: Core GDK labels Nov 18, 2019
@improbable-prow-robot improbable-prow-robot added the size/XS Denotes a PR that changes 0-14 lines, ignoring generated files. label Nov 18, 2019
@tomhjp tomhjp changed the base branch from master to develop November 18, 2019 17:00
jamiebrynes7
jamiebrynes7 approved these changes Nov 18, 2019
View reviewed changes
Copy link
Contributor

@jamiebrynes7 jamiebrynes7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

CHANGELOG.md Outdated Show resolved Hide resolved
@tomhjp @jamiebrynes7
Update CHANGELOG.md
458e2df 
Co-Authored-By: Jamie Brynes <[email protected]>
@tomhjp
Copy link
Contributor Author

tomhjp commented Nov 19, 2019

Thanks for the reviews - I don't have write access so can't hit the merge button, please can someone land this for me?

@jamiebrynes7
Copy link
Contributor

Thanks for the reviews - I don't have write access so can't hit the merge button, please can someone land this for me?

Sure thing 😄

@jamiebrynes7 jamiebrynes7 merged commit 5bdbc9c into spatialos:develop Nov 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jamiebrynes7 jamiebrynes7 jamiebrynes7 approved these changes

@zeroZshadow zeroZshadow zeroZshadow approved these changes

@jessicafalk jessicafalk Awaiting requested review from jessicafalk

@paulbalaji paulbalaji Awaiting requested review from paulbalaji

Assignees
No one assigned
Labels
A: core Area: Core GDK jira/CORE Indicates a PR has a corresponding JIRA CORE ticket size/XS Denotes a PR that changes 0-14 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tomhjp @improbable-prow-robot @jamiebrynes7 @zeroZshadow