amazon-vpc-cni-k8s
amazon-vpc-cni-k8s copied to clipboard
aws
`hostPort` is ignored within VPC CNI plugin
What happened:
I am using the Datadog Agent helm chart and I wish to configure it to expose a hostPort on each of the pods from the Datadog DaemonSet.
The port number is 8126, therefore I expect each node in my cluster to be listening on this port.
The port config within the DaemonSet is:
containers:
- name: trace-agent
ports:
- containerPort: 8126
hostPort: 8126
name: traceport
protocol: TCP
The Pods do indeed have this port listening within them, running netstat -tln within the pod shows the following:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 0 :::8126 :::* LISTEN
However the host is not exposing this same port, running netstat -tln within the Host does not show 8126 is listening.
What you expected to happen: Both Pods and Host should be exposing this port.
How to reproduce it (as minimally and precisely as possible):
Enable a version v1.18.3-eksbuild.2 VPC CNI plugin within an version v1.29 AWS EKS cluster.
deploy the following nginx-pod.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx-hostport
namespace: default
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 8126
hostPort: 8126
protocol: TCP
command: ["/bin/sh", "-c"]
args:
- |
echo 'server {
listen 8126;
location / {
return 200 "Hello from Nginx running on port 8126!\n";
}
}' > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'
restartPolicy: Always
Observe that the host is not listening on port 8126, but the pod is.
Anything else we need to know?:
The aws-node DaemonSet pods do not display any errors related to the hostPort.
Environment:
- Kubernetes version (use
kubectl version):1.29 - CNI Version:
v1.18.3-eksbuild.2 - OS (e.g:
cat /etc/os-release): Amazon Linux 2 - Kernel (e.g.
uname -a):Linux ip-x-x-x-x.eu-west-2.compute.internal 5.10.217-205.860.amzn2.x86_64 #1 SMP Tue May 21 16:52:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
