Kubernetes App Auto Discovery: improve protocol detection

[marcoandredinis]

Kubernetes App Auto Discovery iterates over all Services and tries to auto enroll them as Teleport Applications.

During this process, it tries to guess the Service's port protocol to ensure we add the application only if it's either an HTTP or HTTPS capable Service.

When there's not annotation configuration (which are teleport specific), we try to infer from the Service's ports.

When that doesn't work out, the teleport-agent issues an HTTP HEAD request against the port. This way we detect whether the service can answer HTTP or HTTPS.

This PR changes the way teleport infers the protocol using the Service's Port.
It was checking for HTTPS (checking for port number and port name), then it did a HTTP HEAD request and then it was checking for HTTP (checking port number and port name).

This PR changes 4 things:

• checks the port, the node port and the target port against well known ports (443, 80, 8080)
• checks the name of the port in bother Port.Name and Port.TargetPort
• tries to do HTTPS and HTTP checks before trying an HTTP request
• decreases the HTTP request timeout from 5s to 500ms

With a demo cluster with 2700+ Services, the reconciliation time decreased from 2m to something very close to 0s.

Demo
A new fetch/reconcile loop happens 5 minutes after the previous finishes.

With master, the reconcile loop happens after 7 minutes, so it's 5 minutes spent waiting for the new iteration and 2 minutes doing fetch/reconcile:

2024-12-13T14:54:08Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T15:00:50Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T15:07:28Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T15:14:05Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116

With this PR, the reconcile loop happens almost exactly after 5 minutes, which means less than a second is spent on fetch/reconcile:

2024-12-13T17:17:08Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T17:22:08Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T17:27:08Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T17:32:08Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T17:37:08Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T17:42:09Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T17:47:09Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116
2024-12-13T17:52:09Z DEBU  Reconciling current resources with new resources kind:app current_resource_count:2768 new_resource_count:2768 services/reconciler.go:116

changelog: Improve performance of Kubernetes App Auto Discover

[aws-amplify-us-west-2]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-50223.d3pp5qlev8mo18.amplifyapp.com

[public-teleport-github-review-bot]

@marcoandredinis See the table below for backport results.

Branch	Result
branch/v15	Create PR
branch/v16	Create PR
branch/v17	Create PR