search

k3d-io / k3d

Little helper to run CNCF's k3s in Docker
https://k3d.io/
MIT License
5.42k stars 460 forks source link

[FEATURE] Disable host port binding #1074

Open thesn10 opened 2 years ago

thesn10 commented 2 years ago

Problem

K3d always binds to a host port which cannot be disabled. This is bad because if we run k3d clusters behind a reverse proxy, we dont need the host port. It will also cause the port in the kubeconfig to not match.

Solution

Discussed in https://github.com/k3d-io/k3d/discussions/1066

Originally posted by **SnGmng** May 14, 2022 I use a TCP reverse proxy which does the load balancing, so i dont need (and want) host port binding, but k3d does it anyway and wrongly writes it into the kubeconfig: ```yaml - cluster: certificate-authority-data: DATA+OMITTED server: https://kubeapi.mydomain.com:53882 # Not working. The port needs to be removed (or replaced with 443 or 80) name: k3d-testkube ``` k3d always binds the api server on some random host port on the machine and it cannot be disabled: ![image](https://user-images.githubusercontent.com/38666407/168445247-edddacad-c804-47e4-a3e4-9c2cad909915.png) I just want to EXPOSE 6443 and NOT BIND to an host port/address. Is that possible? Using `--api-port` can only **change** that host port, but not **disable** it, because you are always forced to specify a host port: ```bash FATA[0000] Failed to apply CLI overrides: failed to parse API Port spec: Failed to parse Port Exposure specification 'kubeapi.mydomain.com': Format must be [(HostIP|HostName):]HostPort ``` How to disable host port binding?

Current Workaround

You can only manually fix the kubeconfig url but not completely disable the port. This manually removes the port from kubeconfig by replacing the server url:

export CLUSTER_NAME=name
k3d kubeconfig get ${CLUSTER_NAME} > k3d-${CLUSTER_NAME}.yaml
yq -i "(.clusters[] | select(.name == \"k3d-${CLUSER_NAME}\")).cluster.server = \"https://your-api-url.com\"" k3d-${CLUSER_NAME}.yaml

Unfortunalely, this workaround does not completely disable the port but only remove it in the kubeconfig

cenk1cenk2 commented 2 weeks ago

Hey @thesn10,

Did you found a workaround to actually disabling the port binding itself?

thesn10 commented 2 weeks ago

Hey @thesn10,

Did you found a workaround to actually disabling the port binding itself?

No, i just ignored it and moved on. I just manually replaced the port in the kubeconfig with the correct port of the reverse proxy. The port on the host is still open but i just ignore it and not use it. I know this is unsecure, but it is what it is....