hi there something weird s going on with port forwarding on Rancher Desktop I created a service exposing port 8000 TCP and trying to get that port forwarded to my Mac ```kubectl describe svc ddb Name ddb Namespace default Labels lt none gt Annotations lt none gt Selector app=local ddb Type ClusterIP IP Family Policy SingleStack IP Families IPv4 IP 10 43 215 24 IPs 10 43 215 24 Port lt unset gt 8000 TCP TargetPort ddb http port TCP Endpoints 10 42 0 91 8000 Session Affinity None Events lt none gt ``` Port seems indeed open on my Mac ```lsof | grep 56107 Rancher 50831 victorbarbu 84u IPv4 0x8f04a06a4fb87541 0t0 TCP localhost 56107 LISTEN ``` Doing `curl <http localhost 56107>` just hangs however running ```$ kubectl run bb i tty image alpine curl <http ddb 8000> type com amazonaws dynamodb v20120810 MissingAuthenticationToken Message Request must contain either a valid registered AWS access key ID or X 509 certificate ``` Works as expected Anyone faced similar issue before

My apologies I misunderstood how the UI is supposed to work with port forwarding It should be possible to forward a port exposed from a ClusterIP service with a sidenote see below It appears that there is a real bug here I tried this on Linux and when the `targetPort` field on a Service is a name the forwarding doesn t work However when it is a number it appears to work I was using the following example ``` apiVersion v1 kind ConfigMap metadata name rd test namespace default data index html hello world apiVersion v1 kind Pod metadata name rd test namespace default labels app rd test spec restartPolicy Always containers name server image python 3 10 alpine3 14 command python m http server args directory srv 80 ports name http protocol TCP containerPort 80 volumeMounts name myvolume mountPath srv readOnly true volumes name myvolume configMap name rd test items key index html path index html apiVersion v1 kind Service metadata name rd test namespace default spec selector app rd test ports protocol TCP targetPort 80 port 8000 type ClusterIP``` If you change `targetPort` to `http` you ll notice that `curl <http localhost> lt port gt ` using the port number from the RD UI s port forwarding page doesn t work But as shown above it should work I d like to confirm that it works with the above config if you wouldn t mind Digging a little deeper I see that in the logs in background log there is an error ```2022 06 08T15 46 17 881Z UnhandledRejectionWarning Error Could not find port number for default rd test http at Server lt anonymous gt opt rancher desktop resources app asar dist app background js 29 35986 at processTicksAndRejections node internal process task queues 96 5 ``` Here is the side note I mentioned above According to the kubernetes Pod documentation <https kubernetes io docs reference kubernetes api workload resources pod v1 ports> the `name` field on the port configuration must be an IANA SVC NAME `ddb http port` is not one of these as far as I can tell This also applies to the `targetPort` field of the service port configuration So although there is a bug with RD here you would probably need to change this anyways I ve created <https github com rancher sandbox rancher desktop issues 2349> to track the issue Thanks for highlighting this

hi there something weird s going on with port forwarding on rancher-users #rancher-desktop

Title

ripe-cricket-30930

06/03/2022, 6:35 AM

hi there! something weird’s going on with port forwarding on Rancher Desktop. I created a service exposing port 8000/TCP and trying to get that port forwarded to my Mac.

kubectl describe svc ddb
Name:              ddb
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          app=local-ddb
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.43.215.24
IPs:               10.43.215.24
Port:              <unset>  8000/TCP
TargetPort:        ddb-http-port/TCP
Endpoints:         10.42.0.91:8000
Session Affinity:  None
Events:            <none>

Port seems indeed open on my Mac

lsof | grep 56107
Rancher   50831 victorbarbu   84u     IPv4 0x8f04a06a4fb87541         0t0                 TCP localhost:56107 (LISTEN)

Doing

curl <http://localhost:56107>

just hangs, however running:

$ kubectl run bb -i --tty --image alpine
# curl <http://ddb:8000>
{"__type":"com.amazonaws.dynamodb.v20120810#MissingAuthenticationToken","Message":"Request must contain either a valid (registered) AWS access key ID or X.509 certificate."}

Works as expected. Anyone faced similar issue before?

jolly-forest-99711

06/03/2022, 5:02 PM

Unless I'm missing something, you aren't actually exposing the service. Your service type is

ClusterIP

, so it should only be available within the cluster. What happens if you try making it of type

NodePort

, getting the port exposed with

kubectl get service ...

and then doing a curl against

localhost:<port>

ripe-cricket-30930

06/04/2022, 6:44 AM

Makes sense. But if that’s really the case, shouldn’t Rancher’s UI not display that?

jolly-forest-99711

06/08/2022, 4:12 PM

My apologies, I misunderstood how the UI is supposed to work with port forwarding. It should be possible to forward a port exposed from a ClusterIP service (with a sidenote - see below). It appears that there is a real bug here: I tried this on Linux and when the

targetPort

field on a Service is a name, the forwarding doesn't work. However, when it is a number, it appears to work. I was using the following example:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: rd-test
  namespace: default
data:
  index.html: "hello world"
---
apiVersion: v1
kind: Pod
metadata:
  name: rd-test
  namespace: default
  labels:
    app: rd-test
spec:
  restartPolicy: Always
  containers:
    - name: server
      image: python:3.10-alpine3.14
      command: ["python", "-m", "http.server"]
      args: ["--directory", "/srv", "80"]
      ports:
        - name: http
          protocol: TCP
          containerPort: 80
      volumeMounts:
        - name: myvolume
          mountPath: /srv
          readOnly: true
  volumes:
    - name: myvolume
      configMap:
        name: rd-test
        items:
          - key: index.html
            path: index.html
---
apiVersion: v1
kind: Service
metadata:
  name: rd-test
  namespace: default
spec:
  selector:
    app: rd-test
  ports:
    - protocol: TCP
      targetPort: 80
      port: 8000
  type: ClusterIP

If you change

targetPort

http

, you'll notice that

curl <http://localhost>:<port>

using the port number from the RD UI's port forwarding page doesn't work. But as shown above, it should work. I'd like to confirm that it works with the above config if you wouldn't mind. Digging a little deeper, I see that in the logs in background.log there is an error:

2022-06-08T15:46:17.881Z: UnhandledRejectionWarning: Error: Could not find port number for default/rd-test:http
    at Server.<anonymous> (/opt/rancher-desktop/resources/app.asar/dist/app/background.js:29:35986)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Here is the side note I mentioned above. According to the kubernetes Pod documentation (https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#ports), the

name

field on the port configuration must be an "IANA_SVC_NAME".

ddb-http-port

is not one of these as far as I can tell. This also applies to the

targetPort

field of the service port configuration. So although there is a bug with RD here, you would probably need to change this anyways. I've created https://github.com/rancher-sandbox/rancher-desktop/issues/2349 to track the issue. Thanks for highlighting this!

ripe-cricket-30930

06/11/2022, 1:01 PM

thank you for raising that!

5 Views

#rancher-desktop Join Slack