Expose the router's port 9090 in order to enable its use as a healthcheck on an AWS NLB

[kayneb]

Is your feature request related to a problem? Please describe. Right now, one can only use a general TCP connection healthcheck on an AWS NLB -> the router, since the router on ports 55671 and 45671 does not speak http/https. This results in a bunch of excess log noise, due to missing amqps protocol headers etc.

Describe the solution you'd like Update the router Service to also expose port 9090, so that it can be used for healthchecks - I believe there's already a healthcheck endpoint there? If not, we should add it.

Describe alternatives you've considered Continue using a TCP connection healthcheck on ports 55671 and 45671, and do not ship the logs to our expensive log collector (limiting our ability to diagnose issues)

Additional context Add any other context or screenshots about the feature request here.

[c-kruse]

@kayneb I've got what may be kind of a naive question about this: I don't have much experience with the cloud provider managed k8s controllers and LoadBalancers.

Why configure a healthcheck on the NLB at all when pod readiness should be correctly set up to remove unhealthy pods from the Service EndpointSlice? Is there something specific to the way AWS NLBs work that indicates this additional configuration?

[kayneb]

@c-kruse apologies about the delay in response.

AWS NLBs are configured with a target group for each port, and then each target group is automatically updated by the AWS Load Balancer Controller to point to all EC2 instances in the cluster. I believe the kubelet exposes these ports and will route to the appropriate service and pod.

The NLB needs to know which nodes are healthy in order to know which ones it can route traffic to.