How can I make Skaffold
forward privileged/protected/special ports which have numbers below 1024
? In my skaffold.yaml
I added:
portForward:
- resourceType: service
resourceName: foo
port: 80
localPort: 80
It works fine for all unprotected ports, but in case of port 80
, Skaffold
automatically picks another unprotected port instead of 80
.
According to the documentation Skaffold
runs kubectl port-forward
on each of user-defined ports, so I granted the kubectl
binary the capability to open privileged ports with this command sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/kubectl
.
Everything works fine when directly running kubectl port-forward services/foo 80:80
, but when I run skaffold dev --port-forward
it still picks another unprotected port.
I have been using Skaffold v1.28.1
with Minikube v1.22.0
on Ubuntu 20.04
.
This should work. We changed Skaffold's behaviour to prevent it from allocating system ports (≤ 1024), but user-defined port-forwards with explicit localPort
s will still be honoured.
You didn't say what ports you were seeing being allocated, but I suspect they were ports 4503–4533, in which you're hitting a bug (#6312). This bug is now fixed and will be in the next release. You can also use the "bleeding-edge" build which is built from HEAD: the installation instructions have details for where to fetch these pre-built binaries.
I solved the issue by granting the capability to open privileged ports for both skaffold
and kubectl
binaries:
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/kubectl;
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/skaffold;