windows icon indicating copy to clipboard operation
windows copied to clipboard
verified publisher icon dockur

[Question]: Update Kubernetes documentation on how to add user ports

Open TesterEric opened this issue 8 months ago • 3 comments

Is your question not already answered in the FAQ?

  • [x] I made sure the question is not listed in the FAQ.

Is this a general question and not a technical issue?

  • [x] I am sure my question is not about a technical issue.

Question

If I understand correctly only ports 8006. 3389 and 5900 are supported by the image. For my project I need to connect to winrm port 5985, which seems not to be supported.

I was able to do the port forwarding and establish a connection to 5985 by adding environment variables specifying port 5985 to the containers section of the deployment pod:

containers:
- name: container
   image: dockurr/windows
   env:
   - name: USER_PORTS
      value: "5985"
   - name: NETWORK
      value: "user"

I had to dive into the run/network.sh script to figure out how it works.

With this question I want to request to update the documentation of dockurr\windows with a section on how to add user ports to the configuration so that a deep dive into the Linux environment is not needed in the future.

TesterEric avatar May 13 '25 09:05 TesterEric

Normally this is not needed, because all ports are forwarded by default. If there is an error with configuring the default (tuntap) networking, the container switches to user-mode networking as a last resort. So you should inspect the logs why it switched to user-mode networking, and if you fix that error you will not need USER_PORTS anymore.

kroese avatar May 13 '25 14:05 kroese

Ok, but when I remove the USER_PORTS and NETWORK from the yaml file and run

kubectl port-forward <pod> 12345:5985

Then the port forwarding seems OK, but when trying to connect to 12345 (e.g. execute a command on this port on the local machine), the port forwarding stops with the following error:

$ Forwarding from 127.0.0.1:12345 -> 5985
Forwarding from [::1]:12345 -> 5985
Handling connection for 12345
E0514 09:32:42.812536   43936 portforward.go:413] an error occurred forwarding 12345 -> 5985: error forwarding port 5985 to pod e9e767c99df4fdb37d4db22ab0818d40493979e80019e3f361049118d6201dc8, uid : failed to execute portforward in network namespace "/var/run/netns/cni-8057bebd-6964-fdee-0df3-8d105235203a": failed to connect to localhost:5985 inside namespace "e9e767c99df4fdb37d4db22ab0818d40493979e80019e3f361049118d6201dc8", IPv4: dial tcp4 127.0.0.1:5985: connect: connection refused IPv6 dial tcp6: address localhost: no suitable address found
error: lost connection to pod

The yaml file contains a deployment and service with the following configuration:

Kubenetes Deployment

- containerPort: 5985
            name: winrm
            protocol: TCP

Kubernetes Service

    - name: winrm
      port: 12345
      protocol: TCP
      targetPort: 5985

If ports are forwarded by default, what could be the reason that forwarding 5985 (winrm) fails?

TesterEric avatar May 14 '25 07:05 TesterEric

Normally this is not needed, because all ports are forwarded by default. If there is an error with configuring the default (tuntap) networking, the container switches to user-mode networking as a last resort. So you should inspect the logs why it switched to user-mode networking, and if you fix that error you will not need USER_PORTS anymore.

We did not see any errors with the default setup. Instead we had to switch explicitly to user mode networking. In the default setup, qemu-system was started without any hostfwd options. This is happening on an AKS cluster. Previously with kubevirt, we had the experience that we also had to switch to masquerade mode (which is I think the same as the user mode) to get it to work.

So the issue is that it does not detect that the bridging setup dos not work and switching to user mode explicitly fixes this.

ErikEngerd avatar May 14 '25 08:05 ErikEngerd