From 0e62270f544a57337e7ab50c3518ca7fdb2de322 Mon Sep 17 00:00:00 2001
From: jianglai <jianglai@google.com>
Date: Fri, 27 Jul 2018 20:06:26 -0700
Subject: [PATCH] Set up GCLB to router web WHOIS traffic

We need to support web WHOIS on the same IP addresses that we use for port 43 whois. [] added support for HTTP(S) traffic on the proxy, which simply redirects to another website that actually hosts the web WHOIS service. This cl sets up the GCLB to route port 80 and port 443 traffic to the proxy.

We were using the TCP proxy load balancer for other protocols that we support (EPP and WHOIS), but the TCP proxy LB only exposes port 443, not port 80. For port 443, we simply follow the same pattern and add another TCP proxy LB. For port 80, we had to use the HTTP LB which exposes port 80 (on the same external IP addresses). This requires a different HTTP health check and a URL map. The added URL map is a dummy one that routes all paths to the same backend service that supports HTTP redirect.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=206409007
---
 .../proxy/kubernetes/proxy-deployment-alpha.yaml       |  4 ++++
 .../kubernetes/proxy-deployment-production-canary.yaml |  4 ++++
 .../proxy/kubernetes/proxy-deployment-production.yaml  |  4 ++++
 .../kubernetes/proxy-deployment-sandbox-canary.yaml    |  4 ++++
 .../proxy/kubernetes/proxy-deployment-sandbox.yaml     |  4 ++++
 .../proxy/kubernetes/proxy-service-canary.yaml         | 10 ++++++++++
 .../registry/proxy/kubernetes/proxy-service.yaml       | 10 ++++++++++
 java/google/registry/proxy/terraform/modules/input.tf  |  4 ++++
 .../registry/proxy/terraform/update_named_ports.sh     |  9 ++++++---
 9 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/java/google/registry/proxy/kubernetes/proxy-deployment-alpha.yaml b/java/google/registry/proxy/kubernetes/proxy-deployment-alpha.yaml
index 23020fd75..cc2294c4f 100644
--- a/java/google/registry/proxy/kubernetes/proxy-deployment-alpha.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-deployment-alpha.yaml
@@ -25,6 +25,10 @@ spec:
           name: whois
         - containerPort: 30002
           name: epp
+        - containerPort: 30010
+          name: http-whois
+        - containerPort: 30011
+          name: https-whois
         readinessProbe:
           tcpSocket:
             port: health-check
diff --git a/java/google/registry/proxy/kubernetes/proxy-deployment-production-canary.yaml b/java/google/registry/proxy/kubernetes/proxy-deployment-production-canary.yaml
index 922d6a5fa..f17202c2f 100644
--- a/java/google/registry/proxy/kubernetes/proxy-deployment-production-canary.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-deployment-production-canary.yaml
@@ -25,6 +25,10 @@ spec:
           name: whois
         - containerPort: 30002
           name: epp
+        - containerPort: 30010
+          name: http-whois
+        - containerPort: 30011
+          name: https-whois
         readinessProbe:
           tcpSocket:
             port: health-check
diff --git a/java/google/registry/proxy/kubernetes/proxy-deployment-production.yaml b/java/google/registry/proxy/kubernetes/proxy-deployment-production.yaml
index 084b4f174..200ac6c17 100644
--- a/java/google/registry/proxy/kubernetes/proxy-deployment-production.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-deployment-production.yaml
@@ -25,6 +25,10 @@ spec:
           name: whois
         - containerPort: 30002
           name: epp
+        - containerPort: 30010
+          name: http-whois
+        - containerPort: 30011
+          name: https-whois
         readinessProbe:
           tcpSocket:
             port: health-check
diff --git a/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox-canary.yaml b/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox-canary.yaml
index 715810933..796bd0b9e 100644
--- a/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox-canary.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox-canary.yaml
@@ -25,6 +25,10 @@ spec:
           name: whois
         - containerPort: 30002
           name: epp
+        - containerPort: 30010
+          name: http-whois
+        - containerPort: 30011
+          name: https-whois
         readinessProbe:
           tcpSocket:
             port: health-check
diff --git a/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox.yaml b/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox.yaml
index f53a19e59..069d04898 100644
--- a/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-deployment-sandbox.yaml
@@ -25,6 +25,10 @@ spec:
           name: whois
         - containerPort: 30002
           name: epp
+        - containerPort: 30010
+          name: http-whois
+        - containerPort: 30011
+          name: https-whois
         readinessProbe:
           tcpSocket:
             port: health-check
diff --git a/java/google/registry/proxy/kubernetes/proxy-service-canary.yaml b/java/google/registry/proxy/kubernetes/proxy-service-canary.yaml
index 5b413cf98..80b149489 100644
--- a/java/google/registry/proxy/kubernetes/proxy-service-canary.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-service-canary.yaml
@@ -22,6 +22,16 @@ spec:
     nodePort: 31002
     targetPort: epp
     name: epp
+  - protocol: TCP
+    port: 30010
+    nodePort: 31010
+    targetPort: http-whois
+    name: http-whois
+  - protocol: TCP
+    port: 30011
+    nodePort: 31011
+    targetPort: https-whois
+    name: https-whois
   type: NodePort
 ---
 apiVersion: autoscaling/v2beta1
diff --git a/java/google/registry/proxy/kubernetes/proxy-service.yaml b/java/google/registry/proxy/kubernetes/proxy-service.yaml
index 57caf4d01..34f37b3fb 100644
--- a/java/google/registry/proxy/kubernetes/proxy-service.yaml
+++ b/java/google/registry/proxy/kubernetes/proxy-service.yaml
@@ -22,6 +22,16 @@ spec:
     nodePort: 30002
     targetPort: epp
     name: epp
+  - protocol: TCP
+    port: 30010
+    nodePort: 30010
+    targetPort: http-whois
+    name: http-whois
+  - protocol: TCP
+    port: 30011
+    nodePort: 30011
+    targetPort: https-whois
+    name: https-whois
   type: NodePort
 ---
 apiVersion: autoscaling/v2beta1
diff --git a/java/google/registry/proxy/terraform/modules/input.tf b/java/google/registry/proxy/terraform/modules/input.tf
index a573fd297..758ce8ab0 100644
--- a/java/google/registry/proxy/terraform/modules/input.tf
+++ b/java/google/registry/proxy/terraform/modules/input.tf
@@ -28,6 +28,8 @@ variable "proxy_ports" {
     health_check = 30000
     whois        = 30001
     epp          = 30002
+    http-whois   = 30010
+    https-whois  = 30011
   }
 }
 
@@ -39,5 +41,7 @@ variable "proxy_ports_canary" {
     health_check = 31000
     whois        = 31001
     epp          = 31002
+    http-whois   = 31010
+    https-whois  = 31011
   }
 }
diff --git a/java/google/registry/proxy/terraform/update_named_ports.sh b/java/google/registry/proxy/terraform/update_named_ports.sh
index 1e368fe30..238417e37 100755
--- a/java/google/registry/proxy/terraform/update_named_ports.sh
+++ b/java/google/registry/proxy/terraform/update_named_ports.sh
@@ -18,10 +18,13 @@
 # the project, zone and instance group names, and then call gcloud to add the
 # named ports.
 
+PROD_PORTS="whois:30001,epp:30002,http-whois:30010,https-whois:30011"
+CANARY_PORTS="whois-canary:31001,epp-canary:31002,"\
+"http-whois-canary:31010,https-whois-canary:31011"
+
 while read line
 do
-  gcloud compute instance-groups set-named-ports \
-    --named-ports whois:30001,epp:30002,whois-canary:31001,epp-canary:31002 \
-    $line
+  gcloud compute instance-groups set-named-ports --named-ports \
+    ${PROD_PORTS},${CANARY_PORTS} $line
 done < <(terraform output proxy_instance_groups | awk '{print $3}' | \
   awk -F '/' '{print "--project", $7, "--zone", $9, $11}')