Skip to content
This repository has been archived by the owner on Jul 5, 2023. It is now read-only.

Port mapping issue #103

Open
Tracked by #112
sjentzsch opened this issue May 15, 2020 · 4 comments
Open
Tracked by #112

Port mapping issue #103

sjentzsch opened this issue May 15, 2020 · 4 comments
Assignees
@johscheuer
Labels
bug Something isn't working

Comments

@sjentzsch
Copy link

When mapping the following service ...

  ports:
  - name: dns
    port: 53
    protocol: UDP
    targetPort: 1053
  - name: dns-tcp
    port: 53
    protocol: TCP
    targetPort: 1053

... illuminatio breaks, as it translates it into:

debug:           'ports': [{'name': None,
debug:                      'node_port': None,
debug:                      'port': 23485,
debug:                      'protocol': 'TCP',
debug:                      'target_port': 80},
debug:                     {'name': None,
debug:                      'node_port': None,
debug:                      'port': 61112,
debug:                      'protocol': 'TCP',
debug:                      'target_port': 80}],

... which has the following flaws:
a) the name needs to be specified (causes an Service \"svc-default-k8s-appcoredns\" is invalid: [spec.ports[0].name: Required value, spec.ports[1].name: Required value]), as the target-port is the same, right?
b) protocol UDP gets translated to TCP (not sure if that's an issue)

Also, with my cluster I ran into the test_orchestrator.py ValueError:

Only ClusterHost and GenericClusterHost fromHosts are supported by this Orchestrator

Can I simply put a continue instead, in order to skip the cases where I might reference an external host (we have a few headless services; might those cause issues?) ?

Last but not least, Illuminatio seems to not fully clean up its resources. After running clean, I still saw dummy pods in kube-system namespace, and a service called "svc-kube-system-appnet-exporter" etc.

Nonetheless, great tool! Wish I could make it work on our cluster :)
@sjentzsch
Copy link
Author

Actually, there is already a TODO mark for exactly my case :)
https://github.com/inovex/illuminatio/blob/master/src/illuminatio/k8s_util.py#L105

@johscheuer johscheuer added the bug Something isn't working label May 18, 2020
@johscheuer
Copy link
Contributor

Thanks for reporting this issue if you find the time to provide a PR I'm happy to review it :) otherwise I try to find some time during this week.

@sjentzsch
Copy link
Author

For me, in order to fix the colliding port issue, I added name=str(portNum), ensuring a unique name is given.

-        k8s.client.V1ServicePort(protocol="TCP", port=portNum, target_port=80)
+       k8s.client.V1ServicePort(protocol="TCP", port=portNum, target_port=80, name=str(portNum))

See:

illuminatio/src/illuminatio/k8s_util.py

Line 107 in c3c2068

k8s.client.V1ServicePort(protocol="TCP", port=portNum, target_port=80)

@johscheuer johscheuer mentioned this issue Aug 6, 2020
Open
2 tasks
@johscheuer johscheuer self-assigned this Aug 6, 2020
@johscheuer
Copy link
Contributor

Could you provide the complete example? This would makes it easier to test.

@johscheuer johscheuer mentioned this issue Aug 21, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@johscheuer johscheuer

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Initial support for UDP johscheuer/illuminatio
2 participants
@sjentzsch @johscheuer