Chore: Fix service mesh auto config after migration to gRPC (#756)

- Istio uses the first part of a port name, and service definitions, to configure its service mesh sidecar proxy containers, based on the expected traffic type; docs: https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection
- The `http-` prefix in the port name wasn't updated when we switched to gRPC, so Istio was auto-configuring for http, and failing to send the gRPC traffic
- Making these updates automagically fixes Istio issues, no longer requiring the Envoy patch in [charts/sourcegraph/examples/envoy](https://github.com/sourcegraph/deploy-sourcegraph-helm/tree/main/charts/sourcegraph/examples/envoy)
- Helpful background on Istio here: https://istio.io/latest/docs/ops/deployment/architecture/

### Checklist
- [x] Follow the [manual testing process](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/TEST.md)
- [ ] Update [changelog](https://github.com/sourcegraph/deploy-sourcegraph-helm/blob/main/charts/sourcegraph/CHANGELOG.md)
- [ ] Update [Kubernetes update doc](https://docs.sourcegraph.com/admin/updates/kubernetes)

This change should be invisible, except potentially for customers using the Envoy patch for gitserver

### Test plan

Developed and tested with a customer, on their self-hosted instance with Istio

Tested on a k3s instance:
- Deployed the 6.9.0 release
- Upgraded the Helm install with this branch [marc-test-fix-gitserver-ports-for-istio](https://github.com/sourcegraph/deploy-sourcegraph-helm/tree/marc-test-fix-gitserver-ports-for-istio), which is the same code changes, but on top of the v6.9.0 release commit instead of main, to test for any issues for existing customers as they upgrade
- Configured a code host
- Cloned some repos
- Ran some searches
- Checked pod logs
- No errors / issues

Also tested on an AWS EKS instance

Author: marcleblanc2

charts/sourcegraph-executor/dind/templates/executor/executor.Deployment.yaml

@@ -51,20 +51,20 @@ spec:
           livenessProbe:
             httpGet:
               path: /healthz
-              port: debug
+              port: http-debug
               scheme: HTTP
             initialDelaySeconds: 60
             timeoutSeconds: 5
           readinessProbe:
             httpGet:
               path: /ready
-              port: debug
+              port: http-debug
               scheme: HTTP
             periodSeconds: 5
             timeoutSeconds: 5
           ports:
-            - containerPort: 6060
-              name: debug
+            - name: http-debug
+              containerPort: 6060
           terminationMessagePolicy: FallbackToLogsOnError
           env:
             {{- range $name, $item := .Values.executor.env }}

charts/sourcegraph-executor/dind/templates/executor/executor.Service.yaml

@@ -16,9 +16,9 @@ metadata:
   name: executor
 spec:
   ports:
-    - name: debug
+    - name: http-debug
       port: 6060
-      targetPort: debug
+      targetPort: http-debug
   selector:
     {{- include "sourcegraph.selectorLabels" . | nindent 4 }}
     app: {{include "executor.name" . }}

charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Deployment.yaml

@@ -47,19 +47,19 @@ spec:
             - name: REGISTRY_PROXY_REMOTEURL
               value: http://registry-1.docker.io
           ports:
-            - containerPort: 5000
-              name: registry
+            - name: http
+              containerPort: 5000
           livenessProbe:
             httpGet:
               path: /
-              port: registry
+              port: http
               scheme: HTTP
             initialDelaySeconds: 5
             timeoutSeconds: 5
           readinessProbe:
             httpGet:
               path: /
-              port: registry
+              port: http
               scheme: HTTP
             periodSeconds: 5
             timeoutSeconds: 5

charts/sourcegraph-executor/dind/templates/private-docker-registry/private-docker-registry.Service.yaml

@@ -16,7 +16,7 @@ spec:
     - name: http
       port: 5000
       protocol: TCP
-      targetPort: 5000
+      targetPort: http
   selector:
     app: private-docker-registry
   type: ClusterIP

charts/sourcegraph-executor/k8s/templates/executor.Deployment.yaml

@@ -55,8 +55,8 @@ spec:
           securityContext:
             privileged: {{ .Values.executor.securityContext.privileged }}
           ports:
-            - containerPort: 6060
-              name: debug
+            - name: http-debug
+              containerPort: 6060
           envFrom:
             - configMapRef:
                 name: {{ include "executor.name" . }}

charts/sourcegraph-executor/k8s/templates/executor.Service.yaml

@@ -13,9 +13,9 @@ metadata:
   name: {{ include "executor.name" . }}
 spec:
   ports:
-  - name: debug
+  - name: http-debug
     port: 6060
-    targetPort: debug
+    targetPort: http-debug
   selector:
     {{- include "sourcegraph.selectorLabels" . | nindent 4 }}
     app: {{ include "executor.name" . }}

charts/sourcegraph/README.md

@@ -195,7 +195,7 @@ In addition to the documented values, all services also support the following va
 | openTelemetry.agent.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
 | openTelemetry.agent.containerSecurityContext.runAsGroup | int | `101` |  |
 | openTelemetry.agent.containerSecurityContext.runAsUser | int | `100` |  |
-| openTelemetry.agent.hostPorts | object | `{"otlpGrpc":4317,"otlpHttp":4318,"zpages":55679}` | Resource requests & limits for the `otel-agent` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
+| openTelemetry.agent.hostPorts | object | `{"grpcOtlp":4317,"httpOtlp":4318,"httpZpages":55679}` | Resource requests & limits for the `otel-agent` container, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) |
 | openTelemetry.agent.name | string | `"otel-agent"` | Name used by resources. Does not affect service names or PVCs. |
 | openTelemetry.agent.resources.limits.cpu | string | `"500m"` |  |
 | openTelemetry.agent.resources.limits.memory | string | `"500Mi"` |  |

charts/sourcegraph/templates/_helpers.tpl

@@ -175,7 +175,7 @@ app.kubernetes.io/name: jaeger
     fieldRef:
       fieldPath: status.hostIP
 - name: OTEL_EXPORTER_OTLP_ENDPOINT
-  value: http://$(OTEL_AGENT_HOST):{{ toYaml .Values.openTelemetry.agent.hostPorts.otlpGrpc }}
+  value: http://$(OTEL_AGENT_HOST):{{ toYaml .Values.openTelemetry.agent.hostPorts.grpcOtlp }}
 {{- end }}
 {{- end }}
 

charts/sourcegraph/templates/_worker.tpl

@@ -1,7 +1,7 @@
 {{- define "sourcegraph.worker" -}}
 {{- $top := index . 0 }}
 {{- $suffix := index . 1 -}}
-{{- $allowlist := index . 2 -}} 
+{{- $allowlist := index . 2 -}}
 {{- $blocklist := index . 3 -}}
 {{- $resources := index . 4 -}}
 
@@ -100,24 +100,24 @@ spec:
         livenessProbe:
           httpGet:
             path: /healthz
-            port: debug
+            port: http-debug
             scheme: HTTP
           initialDelaySeconds: 60
           timeoutSeconds: 5
         readinessProbe:
           httpGet:
             path: /ready
-            port: debug
+            port: http-debug
             scheme: HTTP
           periodSeconds: 5
           timeoutSeconds: 5
         ports:
-        - containerPort: 3189
-          name: http
-        - containerPort: 6060
-          name: debug
-        - containerPort: 6996
-          name: prom
+        - name: http
+          containerPort: 3189
+        - name: http-debug
+          containerPort: 6060
+        - name: http-debug-exec
+          containerPort: 6996
         {{- if not $top.Values.sourcegraph.localDevMode }}
         resources:
           {{- toYaml $resources | nindent 10 }}

charts/sourcegraph/templates/blobstore/blobstore.Deployment.yaml

@@ -55,19 +55,19 @@ spec:
         args: {{- default (list "") .Values.blobstore.args | toYaml | nindent 8 }}
         terminationMessagePolicy: FallbackToLogsOnError
         ports:
-        - containerPort: 9000
-          name: blobstore
+        - name: http
+          containerPort: 9000
         livenessProbe:
           httpGet:
             path: /
-            port: blobstore
+            port: http
             scheme: HTTP
           initialDelaySeconds: 60
           timeoutSeconds: 5
         readinessProbe:
           httpGet:
             path: /
-            port: blobstore
+            port: http
             scheme: HTTP
           periodSeconds: 5
           timeoutSeconds: 5