Flannel: HostPort Not Mapping

Created on 26 Jan 2018  ·  7Comments  ·  Source: coreos/flannel

So I'm trying to get HostPorts working, but they just don't seem to work. I set them up in my deployment config on the container and they don't get mapped. I've scowered the net far and wide but there doesn't seem to be a concrete way to set things up. I've look at the merge request that is mentioned above ( kubernetes/website#5940) and it mentions the _portmap_ documentation, that doesn't mention how to set it up either.

In terms of configuration the closest I can find is this fellow's comment and my configuration seems to match his but even now it's not clear now to make the configuration take effect.

Does anyone know of any documentation that lays out the moving parts of setting up a host port and how to set one up, and any example configuration files/commands would be useful?

Expected Behavior

hostport configurations map a hostport.

Current Behavior

Does not open a hostport

Steps to Reproduce (for bugs)


  1. Setup a container deployment with a host port.

My configuration

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  generation: 1
  labels:
    run: website
  name: websiteHostPortTest
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      run: website
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        run: website
    spec:
      containers:
      - image: <path to container>
        imagePullPolicy: Always
        name: website2
        ports:
        - containerPort: 80
          protocol: TCP
          hostPort: 80
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30

Context



I'm trying to host Ingress on port 80, but my test container is failing to open a host port, so if it doesn't work then Ingress won't work.

Your Environment

  • Flannel version: latest as the writing date
  • Backend used (e.g. vxlan or udp): not sure how to tell
  • Etcd version:
  • Kubernetes version (if used): 
version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.1", GitCommit:"3a1c9449a956b6026f075fa3134ff92f7d55f812", GitTreeState:"clean", BuildDate:"2018-01-04T11:52:23Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"linux/amd64"}
  • Operating System and version: Ubuntu Server 16.04 AMD64
  • Link to your project (optional):
picture smorrisfv
👍21

Most helpful comment

I hit a similar issue - I had originally deployed flannel 0.9 which did not support portmap plugin and then removed it and added flannel 0.10 which does include portmap plugin.
The problem was that 10-flannel.conf from flannel 0.9 remained in /etc/cni/net.d
Once I removed it and restarted nodes, HostPort started working (it may have been enough to just restart kubelet though).
Perhaps rm -f should be included in flannel 0.10 for other folks upgrading

picture rchernobelskiy on 21 Feb 2018
3

All 7 comments

I hit a similar issue - I had originally deployed flannel 0.9 which did not support portmap plugin and then removed it and added flannel 0.10 which does include portmap plugin.
The problem was that 10-flannel.conf from flannel 0.9 remained in /etc/cni/net.d
Once I removed it and restarted nodes, HostPort started working (it may have been enough to just restart kubelet though).
Perhaps rm -f should be included in flannel 0.10 for other folks upgrading

rchernobelskiy picture rchernobelskiy on 21 Feb 2018
3

@smorrisfv Did you find a work-around for this? I am also seeing hostPort not creating a port mapping to the host when I use it in a Daemonset.

I'm using https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel.yml to install Flannel, which uses quay.io/coreos/flannel:v0.10.0-amd64. I shouldn't be running into the problem of having old 0.9 config files left over because this is on a fresh install.

NickMRamirez picture NickMRamirez on 7 May 2018

@NickMRamirez I never did find a workaround. I worked at it for a week or so then moved on to other pressing tasks and haven't come back. It is one of the last things blocking my k8s deployment. It would just not create the port on the host, I should look to see what version I'm running, but I think it was 0.1.

smorrisfv picture smorrisfv on 7 May 2018

got into this issue when trying to use nginx-ingress on-premises.

pablodav picture pablodav on 8 Jun 2018

News:

Looks like I was missing:

curl https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml \
| kubectl apply -f -

Kubespray doesn't have option to deploy service-nodeport for nginx-ingress, so that should be done manually. Now tested using calico but looks like I'm could try again with flannel.

pablodav picture pablodav on 11 Jun 2018

I meet same problem k8s 1.11.5 + flannel daemonset pod hostport not mapping

two DNAT to same pod

-A DOCKER ! -i docker0 -p tcp -m tcp --dport 10101 -j DNAT --to-destination 10.251.90.31:10101

-A KUBE-SEP-SVXEETBGLRGRAETZ -p tcp -m comment --comment "cfglyb/cfglyb-cyzhglptqd:port1" -m tcp -j DNAT --to-destination 10.251.90.31:8080

timchenxiaoyu picture timchenxiaoyu on 28 Dec 2018

It maybe docker bug , remove docker container not recycle DNAT rule
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 10101 -j DNAT --to-destination 10.251.90.31:10101

-A DOCKER ! -i docker0 -p tcp -m tcp --dport 10101 -j DNAT --to-destination 10.251.90.7:10101

timchenxiaoyu picture timchenxiaoyu on 28 Dec 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

a365541453 picture a365541453  ·  5Comments
lucaswilric picture lucaswilric  ·  5Comments
slecrenski picture slecrenski  ·  6Comments
SyCode7 picture SyCode7  ·  4Comments
pquerna picture pquerna  ·  3Comments