How to forward privileged ports with Skaffold

8/5/2021

How can I make Skaffold forward privileged/protected/special ports which have numbers below 1024? In my skaffold.yaml I added:

portForward:
- resourceType: service
  resourceName: foo
  port: 80
  localPort: 80

It works fine for all unprotected ports, but in case of port 80, Skaffold automatically picks another unprotected port instead of 80.

According to the documentation Skaffold runs kubectl port-forward on each of user-defined ports, so I granted the kubectl binary the capability to open privileged ports with this command sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/kubectl.

Everything works fine when directly running kubectl port-forward services/foo 80:80, but when I run skaffold dev --port-forward it still picks another unprotected port.

I have been using Skaffold v1.28.1 with Minikube v1.22.0 on Ubuntu 20.04.

-- adrihanu
kubernetes
portforwarding
skaffold

2 Answers

8/5/2021

This should work. We changed Skaffold's behaviour to prevent it from allocating system ports (≤ 1024), but user-defined port-forwards with explicit localPorts will still be honoured.

You didn't say what ports you were seeing being allocated, but I suspect they were ports 4503–4533, in which you're hitting a bug (#6312). This bug is now fixed and will be in the next release. You can also use the "bleeding-edge" build which is built from HEAD: the installation instructions have details for where to fetch these pre-built binaries.

-- Brian de Alwis
Source: StackOverflow

11/8/2021

I solved the issue by granting the capability to open privileged ports for both skaffold and kubectl binaries:

sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/kubectl;
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/skaffold;
-- adrihanu
Source: StackOverflow