Bug: APPMESH_APP_PORTS should support multiple ports

[KushalP]

Describe the bug
When annotating pods with the relevant prometheus notation, it's not possible for Prometheus to contact the pod unless it's on the first port that has been configured. It appears that APPMESH_APP_PORTS does not support multiple ports.

Platform
EKS

To Reproduce
Apply the EKS configuration below. It's not possible to hit the pod in question on port 8081. It's only possible to 8080.

The behaviour of the applied config below is as follows if you're using httpie:

http get http://example-api:8081/metrics

http: error: ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer')) while doing GET request to URL: http://example-api:8081/metrics

Config files, and API responses

---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: example-api
  name: example-api
  namespace: example-services
spec:
  ports:
  - name: service
    port: 8080
    protocol: TCP
    targetPort: 8080
  - name: health
    port: 8081
    protocol: TCP
    targetPort: 8081
  selector:
    app: example-api
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: example-api
  name: example-api
  namespace: example-services
spec:
  replicas: 1
  selector:
    matchLabels:
      app: example-api
  strategy:
    type: RollingUpdate
  template:
    metadata:
      annotations:
        prometheus.io/path: /metrics
        prometheus.io/port: "8081"
        prometheus.io/scrape: "true"
      labels:
        app: example-api
    spec:
      containers:
      - env:
        - name: APPMESH_VIRTUAL_NODE_NAME
          value: mesh/example-mesh/virtualNode/example-api-example-services
        - name: ENVOY_LOG_LEVEL
          value: debug
        - name: ENABLE_ENVOY_XRAY_TRACING
          value: "1"
        - name: AWS_REGION
          valueFrom:
            configMapKeyRef:
              key: AWS_REGION
              name: env-config
        image: repo.for.ecr.eu-west-1.amazonaws.com/aws-appmesh-envoy:v1.12.1.0-prod
        name: envoy
        securityContext:
          runAsUser: 1337
      - image: amazon/aws-xray-daemon:3.1.0
        imagePullPolicy: Always
        name: xray-daemon
        ports:
        - containerPort: 2000
          protocol: UDP
        securityContext:
          runAsUser: 0
        image: example-api:latest
        imagePullPolicy: Always
        name: example-api
        ports:
        - containerPort: 8080
          name: service
          protocol: TCP
        - containerPort: 8081
          name: health
          protocol: TCP
      initContainers:
      - env:
        - name: APPMESH_APP_PORTS
          value: 8080,8081
        - name: APPMESH_START_ENABLED
          value: "1"
        - name: APPMESH_IGNORE_UID
          value: "1337"
        - name: APPMESH_ENVOY_INGRESS_PORT
          value: "15000"
        - name: APPMESH_ENVOY_EGRESS_PORT
          value: "15001"
        - name: APPMESH_EGRESS_IGNORED_IP
          value: 169.254.169.254
        image: repo.for.ecr.eu-west-1.amazonaws.com/aws-appmesh-proxy-route-manager:v2
        name: proxyinit
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
          runAsUser: 0
      nodeSelector:
        nodeGroup: defaultNodes
      securityContext:
        runAsUser: 6957
---
apiVersion: appmesh.k8s.aws/v1beta1
kind: VirtualNode
metadata:
  name: example-api
  namespace: example-services
spec:
  listeners:
  - portMapping:
      port: 8080
      protocol: http
  - portMapping:
      port: 8081
      protocol: http
  logging:
    accessLog:
      file:
        path: /dev/stdout
  meshName: example-mesh
  serviceDiscovery:
    dns:
      hostName: example-api.example-services.svc.cluster.local
---
apiVersion: appmesh.k8s.aws/v1beta1
kind: VirtualService
metadata:
  name: example-api.example-services.svc.cluster.local
  namespace: example-services
spec:
  meshName: example-mesh
  routes:
  - http:
      action:
        weightedTargets:
        - virtualNodeName: example-api
          weight: 100
      match:
        prefix: /
    name: example-api-route
  virtualRouter:
    listeners:
    - portMapping:
        port: 8080
        protocol: http
    - portMapping:
        port: 8081
        protocol: http

[KushalP]

Here is what Prometheus shows in it's error logs when trying to reach this target:

Get http://10.87.50.254:8081/metrics: read tcp 10.87.50.162:41760->10.87.50.254:8081: read: connection reset by peer

[KushalP]

In the envoy container the following appears:

[2019-12-18 16:49:14.780][20][debug][filter] [source/extensions/filters/listener/original_dst/original_dst.cc:18] original_dst: New connection accepted
[2019-12-18 16:49:14.780][20][debug][conn_handler] [source/server/connection_handler_impl.cc:313] closing connection: no matching filter chain found

[shubharao]

This is a duplicate of supporting multiple listeners, which we have on the roadmap already: #120