search

monogon-dev / monogon

The Monogon Monorepo. May contain traces of peanuts and a ✨pure Go Linux userland✨. Work in progress!
https://monogon.tech
Apache License 2.0
378 stars 9 forks source link

k8s: Allow privileged ports for NodePorts #238

Closed fionera closed 1 year ago

fionera commented 1 year ago

As we dont have hostPort implemented and dont want to allow hostNetworking, we should allow access to 22,80,443 etc via NodePorts

fionera commented 1 year ago

We now allow all ports as NodePort but the api server is unhappy with my sledgehammer approach:

       k8s apiserver E the node port 2346 appears to have leaked: cleaning up
       k8s apiserver E the node port 6444 appears to have leaked: cleaning up
       k8s apiserver E the node port 6445 appears to have leaked: cleaning up
       k8s apiserver E the node port 6446 appears to have leaked: cleaning up
       k8s apiserver E the node port 7835 appears to have leaked: cleaning up
       k8s apiserver E the node port 7836 appears to have leaked: cleaning up
       k8s apiserver E the node port 7838 appears to have leaked: cleaning up
       k8s apiserver E the node port 7839 appears to have leaked: cleaning up
       k8s apiserver E the node port 7840 appears to have leaked: cleaning up
       k8s apiserver E the node port 7841 appears to have leaked: cleaning up
       k8s apiserver E the node port 7842 appears to have leaked: cleaning up
fionera commented 1 year ago

Should be fixed with https://review.monogon.dev/c/monogon/+/1938

fionera commented 1 year ago

Still open

     k8s controllers I Garbage collector: all resource monitors have synced. Proceeding to collect garbage
       k8s apiserver E the node port 7835 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 7838 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 7839 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 7840 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 7841 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 7842 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 6444 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 6445 for service / was assigned to multiple services; please recreate
       k8s apiserver E the node port 2346 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 6444 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 6445 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 6446 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7835 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7836 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7838 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7839 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7840 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7841 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7842 may have leaked, but can not be allocated: provided port is already allocated
       k8s apiserver E the node port 7843 may have leaked, but can not be allocated: provided port is already allocated