How can I make Skaffold forward privileged/protected/special ports which have numbers below 1024? In my skaffold.yaml I added:
portForward:
- resourceType: service
resourceName: foo
port: 80
localPort: 80It works fine for all unprotected ports, but in case of port 80, Skaffold automatically picks another unprotected port instead of 80.
According to the documentation Skaffold runs kubectl port-forward on each of user-defined ports, so I granted the kubectl binary the capability to open privileged ports with this command sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/kubectl.
Everything works fine when directly running kubectl port-forward services/foo 80:80, but when I run skaffold dev --port-forward it still picks another unprotected port.
I have been using Skaffold v1.28.1 with Minikube v1.22.0 on Ubuntu 20.04.
This should work. We changed Skaffold's behaviour to prevent it from allocating system ports (≤ 1024), but user-defined port-forwards with explicit localPorts will still be honoured.
You didn't say what ports you were seeing being allocated, but I suspect they were ports 4503–4533, in which you're hitting a bug (#6312). This bug is now fixed and will be in the next release. You can also use the "bleeding-edge" build which is built from HEAD: the installation instructions have details for where to fetch these pre-built binaries.
I solved the issue by granting the capability to open privileged ports for both skaffold and kubectl binaries:
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/kubectl;
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/skaffold;