https://rancher.com/ logo
Title
r

ripe-cricket-30930

06/03/2022, 6:35 AM
hi there! something weird’s going on with port forwarding on Rancher Desktop. I created a service exposing port 8000/TCP and trying to get that port forwarded to my Mac.
kubectl describe svc ddb
Name:              ddb
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          app=local-ddb
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.43.215.24
IPs:               10.43.215.24
Port:              <unset>  8000/TCP
TargetPort:        ddb-http-port/TCP
Endpoints:         10.42.0.91:8000
Session Affinity:  None
Events:            <none>
Port seems indeed open on my Mac
lsof | grep 56107
Rancher   50831 victorbarbu   84u     IPv4 0x8f04a06a4fb87541         0t0                 TCP localhost:56107 (LISTEN)
Doing
curl <http://localhost:56107>
just hangs, however running:
$ kubectl run bb -i --tty --image alpine
# curl <http://ddb:8000>
{"__type":"com.amazonaws.dynamodb.v20120810#MissingAuthenticationToken","Message":"Request must contain either a valid (registered) AWS access key ID or X.509 certificate."}
Works as expected. Anyone faced similar issue before?
j

jolly-forest-99711

06/03/2022, 5:02 PM
Unless I'm missing something, you aren't actually exposing the service. Your service type is
ClusterIP
, so it should only be available within the cluster. What happens if you try making it of type
NodePort
, getting the port exposed with
kubectl get service ...
and then doing a curl against
localhost:<port>
?
r

ripe-cricket-30930

06/04/2022, 6:44 AM
Makes sense. But if that’s really the case, shouldn’t Rancher’s UI not display that?
j

jolly-forest-99711

06/08/2022, 4:12 PM
My apologies, I misunderstood how the UI is supposed to work with port forwarding. It should be possible to forward a port exposed from a ClusterIP service (with a sidenote - see below). It appears that there is a real bug here: I tried this on Linux and when the
targetPort
field on a Service is a name, the forwarding doesn't work. However, when it is a number, it appears to work. I was using the following example:
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: rd-test
  namespace: default
data:
  index.html: "hello world"
---
apiVersion: v1
kind: Pod
metadata:
  name: rd-test
  namespace: default
  labels:
    app: rd-test
spec:
  restartPolicy: Always
  containers:
    - name: server
      image: python:3.10-alpine3.14
      command: ["python", "-m", "http.server"]
      args: ["--directory", "/srv", "80"]
      ports:
        - name: http
          protocol: TCP
          containerPort: 80
      volumeMounts:
        - name: myvolume
          mountPath: /srv
          readOnly: true
  volumes:
    - name: myvolume
      configMap:
        name: rd-test
        items:
          - key: index.html
            path: index.html
---
apiVersion: v1
kind: Service
metadata:
  name: rd-test
  namespace: default
spec:
  selector:
    app: rd-test
  ports:
    - protocol: TCP
      targetPort: 80
      port: 8000
  type: ClusterIP
If you change
targetPort
to
http
, you'll notice that
curl <http://localhost>:<port>
using the port number from the RD UI's port forwarding page doesn't work. But as shown above, it should work. I'd like to confirm that it works with the above config if you wouldn't mind. Digging a little deeper, I see that in the logs in background.log there is an error:
2022-06-08T15:46:17.881Z: UnhandledRejectionWarning: Error: Could not find port number for default/rd-test:http
    at Server.<anonymous> (/opt/rancher-desktop/resources/app.asar/dist/app/background.js:29:35986)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
Here is the side note I mentioned above. According to the kubernetes Pod documentation (https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#ports), the
name
field on the port configuration must be an "IANA_SVC_NAME".
ddb-http-port
is not one of these as far as I can tell. This also applies to the
targetPort
field of the service port configuration. So although there is a bug with RD here, you would probably need to change this anyways. I've created https://github.com/rancher-sandbox/rancher-desktop/issues/2349 to track the issue. Thanks for highlighting this!
r

ripe-cricket-30930

06/11/2022, 1:01 PM
thank you for raising that!