-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubefwd does not support reserving non loopback (127/8) addresses #214
Comments
@mccaig Thanks for the interest in My comment on #208 was more of a concern about auto-incrementing non-loopback IPs. Even savvy users might not expect that behavior and lose access to external network resources because they did not know it would increment. I, however, need to think through a few other problems regarding bringing up and possibly taking down IPs on the local interface. I have not experimented with it much, but it would have to be a very stable implementation. For example, say a person decides to use 192.168.1.100 unaware that their printer (or router) is using it (same with important public IPs), if |
I agree this is a concern - certainly the scenario where the user configures |
I can re-visit this after the new year when I'll have a bit more time. This project does not have many long term contributors which means I'm on the hook for bugs and support. |
Introducing a bridge network, I think it is not a good idea. it will make kubefwd more complicated and uncontrollable. |
Any news or workarounds on this. I.e. I just got stuck with problem of needing to run local docker container, which needs to access services in kubernetes. okey, kubefwd nicely forwards them in localhost, but that does not help inside container (and running kubefwd inside every local container causes other setup problems). Right I'm pondering if I could manage to get some routing done based into "route_localnet" ( as stated in https://serverfault.com/questions/701589/127-8-address-is-not-passed-to-ip-stack). |
Quickly testing this might be "good enough" workaround for my needs for a while. EDIT docker-compose.yml xx-service:
...
networks:
hostnet: {}
....
networks:
hostnet:
external: true
name: host Build (separate due due to need for "--ssh" opt) ...
docker build --network host --ssh default . start containers docker compose up -d
docker compose exec xx-service bash In xx-service container: # access kubefwd proxied yy-service
curl -X POST -H "Content-Type: application/json" "http://yy-service"
.. #got valid response |
Another workaround attempt via using tips from https://stackoverflow.com/questions/17770902/forward-host-port-to-docker-container worked fine. |
i believe this is much better solution:
|
Thanks for building kubefwd, it's been a great help for some of our workflows.
The addition of the ip reservations in #208 is a fantastic feature that I am eager to take advantage of, however I am unable to due the restriction that the IP addresses be limited to the reserved loopback range (127/8).
My use case is that I do my dev loop of a few services locally in docker containers. As 127/8 addresses are always routed to the loopback adapter, I cant run kubefwd on my MacOS host machine, and also have the containers access those same forwarded services - the container based traffic will always hit its own loopback adapter. This means I need to run kubefwd in each individual container, in addition to my host machine as needed.
I can avoid all of this overhead however, if I can configure kubefwd to use a non-loopback ip range, as the containers are able to route to those addresses on the host machine. I hope this illustrates that there is a valid use case for the use of non loopback IP addresses.
There was some discussion about this in #208 (#208 (comment)), where it was noted that:
I agree that it could be an issue for users who aren't overly familiar with networking concepts - do you think concern this could be mitigated by printing a warning message when such a configuration is activated?
I would be happy to work on a PR for this feature if you think it would be accepted.
The text was updated successfully, but these errors were encountered: