Handling of unsupported protocols can lead to `source_port_already_used`

[xoxys]

TL;DR

A service definition containing ports for unsupported protocols e.g. UDP can lead to source_port_already_used error if the unsupported protocol port is also used as TCP port.

Expected behavior

Clearly warn the user about the issue (already implemented) but don't try to create the port for unsupported protocols as TCP ports as well.

Observed behavior

  ports:
  - name: http-80
    nodePort: 31257
    port: 80
    protocol: TCP
    targetPort: 10080
  - name: https-443
    nodePort: 32550
    port: 443
    protocol: TCP
    targetPort: 10443
  - name: https-443-h3
    nodePort: 32550
    port: 443
    protocol: UDP
    targetPort: 10443

will result in

hcloud-cloud-controller-manager-5fdb6c8956-6pnbh hcloud-cloud-controller-manager I0118 08:06:37.811907       1 event.go:389] "Event occurred" object="envoy-gateway-system/envoy-public" fieldPath="" kind="Service" apiVersion="v1" type="Normal" reason="EnsuringLoadBalancer" message="Ensuring load balancer"
hcloud-cloud-controller-manager-5fdb6c8956-6pnbh hcloud-cloud-controller-manager I0118 08:06:37.929908       1 load_balancer.go:962] "update service" op="hcops/LoadBalancerOps.ReconcileHCLBServices" port=80 loadBalancerID=5549282
hcloud-cloud-controller-manager-5fdb6c8956-6pnbh hcloud-cloud-controller-manager I0118 08:06:37.994207       1 load_balancer.go:962] "update service" op="hcops/LoadBalancerOps.ReconcileHCLBServices" port=443 loadBalancerID=5549282
hcloud-cloud-controller-manager-5fdb6c8956-6pnbh hcloud-cloud-controller-manager W0118 08:06:38.063160       1 load_balancer.go:952] configured unsupported Hetzner Cloud load balancer protocol UDP for service with name envoy-public
hcloud-cloud-controller-manager-5fdb6c8956-6pnbh hcloud-cloud-controller-manager I0118 08:06:38.063226       1 load_balancer.go:973] "add service" op="hcops/LoadBalancerOps.ReconcileHCLBServices" port=443 loadBalancerID=5549282
hcloud-cloud-controller-manager-5fdb6c8956-6pnbh hcloud-cloud-controller-manager E0118 08:06:38.090716       1 controller.go:302] "Unhandled Error" err="error processing service envoy-gateway-system/envoy-public (retrying with exponential backoff): failed to ensure load balancer: hcloud/loadBalancers.EnsureLoadBalancer: hcops/LoadBalancerOps.ReconcileHCLBServices: a service for the given source port is already defined (source_port_already_used, abe2ce3013d6d0da316d5d28b4b4fddc)" logger="UnhandledError"
hcloud-cloud-controller-manager-5fdb6c8956-6pnbh hcloud-cloud-controller-manager I0118 08:06:38.091575       1 event.go:389] "Event occurred" object="envoy-gateway-system/envoy-public" fieldPath="" kind="Service" apiVersion="v1" type="Warning" reason="SyncLoadBalancerFailed" message="Error syncing load balancer: failed to ensure load balancer: hcloud/loadBalancers.EnsureLoadBalancer: hcops/LoadBalancerOps.ReconcileHCLBServices: a service for the given source port is already defined (source_port_already_used, abe2ce3013d6d0da316d5d28b4b4fddc)"

TCP port 80/443 were created successfully, but then the CCM warns about unsupported protocol (443/UDP) but then tries to create it as TCP port as well which results in source_port_already_used error.

Minimal working example

No response

Log output

Additional information

No response

[xoxys]

The easiest fix is to continue the loop after warning about unsupported protocol, as proposed in #1129.

However, this approach was already rejected in #732, but I still think the current implementation is kinda wrong. If you really want to stick to the design, ReconcileHCLBServices should fail on unsupported ports instead of trying to create them as TCP port.