pixel-point / kube-forwarder Goto Github PK

I'm following the instructions under "installing" however when running "npm run dev" I get

Error: Application entry file "dist\electron\main.js" in the "C:\git\kube-forwarder\build\win-unpacked\resources\app.asar" does not exist. Seems like a wrong configuration.

Any clues as to what might be wrong.. apart from the obvious :-)

Might be related to #13 which is also about an OIDC authenticated k8s cluster.

1. Installed kube-forwarder with brew cask install kube-forwarder
2. Upgraded awscli: aws-cli/1.16.200 Python/3.7.4 Darwin/18.6.0 botocore/1.12.190

Tried to auto-add k8s clusters configured in ~/.kube/config from the kube-forwarder UI, but was unable to do so with errors similar to ENOENT: no such file or directory, open 'preprod/ca.pem'

Hi all!

We are experiencing an odd behavior since we moved our Kubernetes subscriptions on Azure.

We have updated our .kube\config files. We created new entries in Kube Forwarder. But when I try to start a forwarding, I get "Service can't be fetched".

However, when I run a "kubectl port-forward" manually to a service of that cluster, then that works. I then kill it. And then port forwarding in Kube Forwarder to services of that cluster suddenly works as well.

Is someone else seeing that as well .... and is there a way to fix this? Because .... we kind of got used to using Kube Forwarder.

This is probably what is reported in #15 but it was a post on a closed issue.

Thanks in advance.

Sascha

When ever I use the app to port forward to a Microsoft Sql Server instance I get the following errors in the log of that pod:

2019-12-06 21:24:54.98 Logon       Error: 17836, Severity: 20, State: 17.
2019-12-06 21:24:54.98 Logon       Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 127.0.0.1]

The remainder of the connection to this pod is very unstable.

If I use kubectl port-forward to do the same thing I do not get these error messages and the connection is far more stable.

When user adds a new service we could fetch the list of namespaces, deployments and pods from Kubernetes API, and instead of typing in the input user will be able to pick one of the options

Idea to add autocompletion list to easly make up forward form.

So I have several auto scaled deployments and if I ever wanted to go and port forward into them, I would have to go and get the exact pod name and add that to the app.. but because it scales if a pod gets scaled down and goes away I still have to go and look and see.

So it would be VERY cool to have the ability to add a wildcard search to where you supply the pod name/Stateful set and have the UI return a list of possible pods that match that. We have a clustered redis as a Stateful Set and auto scaled deployments and having to create entries for each pod is time consuming.

Love the tool tho!

Thanks for developing this tool!

I have multiple AWS profile in my AWS configuration (~/.aws/config)
I'd love it if Kube Forwarder detected that and allowed my to choose one before it tries to run aws --region XXXXXX eks get-token --cluster-name XXXXX
so I can avoid the error message I see in this use case.

When adding a cluster, I feel that next to the 'Save' button we should have a 'Verify' button which connects to the Kubernetes API.

Something like hitting https://{{ KUBEAPI }}/healthz and checking the response code. This could be used to validate if the API is reachable, the certificates are trusted, and whether the authentication is successful.

Service should be supported because it is the correct way to connect to pods inside the kubernetes. It solves the problem with the continuous deployment of some pods - now we need to always refresh pod's name in Kube Forward.

I have an EKS cluster to which I connect from my machine using kubectl , AWS CLI and AWS IAM. I think it authenticates the user using the AWS IAM in my case.

When I try to add a resource, it detects the kubeconfig but upon clicking ADD SELECTED CLUSTERS, I receive a prompt - Failed to connect to arn:aws:eks:my-cluster-name platform cluster(s). Do you want to continue saving?

Can you please help how to resolve this?

Thanks!

We have multiple clusters, with multiple services in each cluster. We'd like to add just one config file to source control for all clusters. I see the config file has been designed with that in mind in the future (I think?) but it currently errors if more than one cluster is provided.

eg, we would like to define:

{
  "_clusters": [
    {
      "name": "arn:aws:eks:eu-west-1:12345678:cluster/foo",
      "_services": [
        {
          "alias": "foo-baz",
          "namespace": "kube-system",
          "workloadType": "service",
          "workloadName": "prometheus",
          "forwards": [
            {
              "localPort": 6600,
              "remotePort": 80,
              "id": "38cdf30d-062d-499d-87f0-f60b0e91dcdf"
            }
          ]
        }
      ]
    },
    {
      "name": "arn:aws:eks:eu-west-1:12345678:cluster/bar",
      "_services": [
        {
          "alias": "bar-baz",
          "namespace": "kube-system",
          "workloadType": "service",
          "workloadName": "prometheus",
          "forwards": [
            {
              "localPort": 6800,
              "remotePort": 80,
              "id": "6678abc7-cfb2-461f-921e-336a92b9e80b"
            }
          ]
        }
      ]
    }
  ]
}

I'd like to start kube-forwarder pointing at this one file. Then, a dev just pulls our git repo and it (optionally) hot reloads.

I think a couple of other issues touch on this, but I've not seen a request for "one file multiple cluster" support.

I am trying to connect to a Kubernetes cluster that has a self-signed certificate that has no issuer.

I am getting this error when trying to add clusters and play/pause port forwarding:

The kubectl command has accepted my use of a self-signed certificate and would like to see this application allow this as well.

Workaround:
Set config property insecure-skip-tls-verify: true in .kube/config.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    insecure-skip-tls-verify: true
    server: https://node01.docker.example.com:6443
  name: default-cluster
contexts:
- context:
    cluster: default-cluster
    namespace: NAMESPACE
    user: default-admin
  name: default-system
current-context: default-system
kind: Config
preferences: {}
users:
- name: default-admin
  user:
    client-certificate: PATH_TO_CERTIFICATE
    client-key: PATH_TO_KEY

kubernetes-port-forwarder starts to work but when I execute any kubectl commands I get the following error:

error: specifying a root certificates file with the insecure flag is not allowed

I can resolve this issue by removing my certificate-authority-data but believe ultimately that even though I have a self-signed certificate there is some security allowing kubectl to verifying that the certificate has not changed.

I have dozens of cluster configs.
One file per cluster, not one huge ~/.kube/config.

Instead of loading the config from one static location or have the user copy/paste the contents, it would be great if I could just tell the tool which file to open with an OpenFile Dialogue.

Let's read more about KUBECONFIG env and the ability to add it as a part of auto-detection logic to the app.

When running behind enterprise firewalls, I need to use proxy, however configuration is not possible. It should be possible to configure proxy:
a) Using system settings
b) Manual settings (with no proxy exclusions)

Some of the services that users could forward are http services, we could detect it and draw a link instead of "exposed to port".

Hey,

First of all thank you for your effort,

I am using Macbook Pro 2018 with latest os version. When i open the app it just shows white screen.

Hi!

Would be handy. I am having an issue finding an easy solution to forward many UDP ports between minikube and host (local machine), so that I could do a video stream between 2 mobile phones via WebRTC video server running in minikube.

We have following scenario:

• we use the kube-forwarder with windows 10
• we use docker-for-windows
• a local docker-container must connect to a Kubernetes service

Now we have a problem. The Container can´t connect to the forwarder.
So we change the "server.listen IP" in the Connections.js to 0.0.0.0, but that is not optimal. Now every device in our Network can connect to the service.

We need an option to configure the local bind address.

It would be nice if the app could run in the background as a systray/menu bar icon. Generally, I would like to control port-forwards from the menu bar.

I ran into this UI papercut when trying to update the config for a cluster I added way back when:

I'm being blocked from updating the config for this cluster, and it's not properly displaying the reason why. Using the "Check Connection" button shows that the connection is successful.

So there's likely two problems here:

• the UI failing to display the error message,
• the cluster failing to be updated in the first place.

I added a new cluster with the same exact config and it's fine, editable and so on. So supposedly some other part of my vuex.json is relevant, shown below with the config blobs redacted:

{
	"state": {
		"version": 2,
		"Clusters": {
			"items": {
				"ba10c6f0-ac9f-11e9-b28c-11742b8dd418": {
					"id": "ba10c6f0-ac9f-11e9-b28c-11742b8dd418",
					"name": "broken some-eks-cluster",
					"config": {
						"currentContext": "some-eks-cluster",
						"storingMethod": "content",
						"content": redacted,
						"path": null
					}
				},
				"0d49abd0-77fb-11ea-8101-b3779cb8216a": {
					"id": "0d49abd0-77fb-11ea-8101-b3779cb8216a",
					"name": "new working cluster config",
					"config": {
						"storingMethod": "content",
						"path": "",
						"content": redacted,
						"currentContext": ""
					}
				}
			}
		},
		"Connections": { ... },
		"Services": { ... }
	}
}

Hopefully there's enough info here to help root out both problems, but if there's some way for me to attach more logging please LMK. I just found the vuex.json file in attempt to get my config updated so I can keep using this very useful tool.

Hi,

Decided to give this tool a go, I have added cluster through "Create cluster from scratch"
And then just copy pasted cluster config YAML from .kube directory

When attempting to create service
I fill all the fields, I set "Workload type" to deployment and "Workload name" as deployment name and I set the ports to forward from 80 to 1001

However when attempting to start port forwarding it says

The cluster itself is alive and well and deployment with this name exists.

We are running EKS 1.12
macOS High Sierra

What could be the problem?

Just downloaded linux package using this link, unfortunately the archive contains only macos stuff...

Hi,
I'm running the linux AppImage, but it is impossible to resize the window.
I have observed in the source code that the maximize flag depends on the value of the NODE_ENV variable, but no matter what is the value of that variable in my local machine (development | production) ...I observe no change in the possibility to maximize the window

• I suspect that once the image has been compiled the electron layout cannot be changed, but it is not possible for me to recompile the image

Am I getting this right or it is something I can do without being able to rebuild the appimage?

Hi, first of all, thank you for this app it is very useful.

Steps:

• setup resource pointing to postgres pod
• enable port forwarding, no error reported, looks like it is working
• try to connect using psql, sometimes works but after first hang it won't work even after stopping and reactivating port forward

For example:

• enable port forward to pod
• psql, asks for password, works; exit psql
• psql, asks for password, works; exit psql
• psql, asks for password, hangs;
• disable port forwarding, psql shows:
  psql: error: could not connect to server: SSL SYSCALL error: Success could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?
• enable port forwarding
• psql, asks for password, hangs;
• disable port forwarding, psql shows:
  psql: error: could not connect to server: SSL SYSCALL error: Success could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?

Same happens with jdbc driver or psycopg which reports the same error when deactivating port forward:
psycopg2.OperationalError: SSL SYSCALL error: Success

The connection doesn't hang when using kubectl port-forward.

uname:

Linux 4.19.102-1-MANJARO x86_64 GNU/Linux

openssl version:

OpenSSL 1.1.1d  10 Sep 2019

kubectl version:

Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"archive", BuildDate:"2020-01-25T21:52:51Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.6", GitCommit:"72c30166b2105cd7d3350f2c28a219e6abcd79eb", GitTreeState:"clean", BuildDate:"2020-01-18T23:23:21Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}

It would be great if after launching a port-forward there was a button or menu item to launch the default browser to the local port.

doc https://electronjs.org/docs/api/tray

min app to tray rather than task bar.

Currently the first tunnel I open will hang forever - I have to click a second one to get it to start.

I have traced this to coreApi.listNamespacedPod not returning. For some reason the second request coming in prompts it to actually get a response.

I haven't quite found a fix for it. It would be interesting to know if anyone else has the same issue.

The Help > Learn More menu item should go to this site, not https://electronjs.org/

I can port forward connection to service with kubectl:
kubectl port-forward -n some-namespace svc/postgres-somecluster-postgresql 5432:5432
However this same does not work correctly with kube-forwarder, because I can't connect with pgAdmin to database. Kube-forwarder indicates that port forward is running correctly.

I'm not sure if that's specific to cluster or postgresql, but I'm using this helm chart to deploy postgres: https://github.com/helm/charts/tree/master/stable/postgresql
Problems occurs on kube-forwarder, version 1.4.0.

Maybe application could show some logs, like kubectl port-forward does, to help troubleshoot this kind of issues?

Similar to #12, When I attempt to add an AKS cluster kube-forwarder see's my cluster in the config, but fails to connect with a message Failed to connect to myakscluster cluster(s). Do you want to continue saving?

If I continue, I can manually add resources, but they won't forward. If I edit the cluster and choose to test the connection again, it will fail with an 'unauthorized' response.

I believe the issue is that our clusters have Azure authentication enabled. Essentially we have a user section that looks like this:

users:
- name: <username>
  user:
    auth-provider:
      name: azure
      config:
        apiserver-id: <apiserver-app-id>
        client-id: <kubectl-app-id>
        tenant-id: <tenant-id>

I'm not sure if the forwarder isn't picking up existing tokens from the kube config file, or if it's attempting to get a new token, and failing at azure's whole go to https://microsoft.com/devicelogin and enter a code demand.

Here's a little background on the Azure authentication: https://docs.giantswarm.io/guides/authenticating-with-microsoft-azure-active-directory/

Really hoping that this works out, as it looks like a really cool and handy tool.

When I upgrade my Deployments for example with helm, I need to click on the connect play button for every updated service.
The same when I Scale a Deployment to Zero and up again later(for example a lot to save resource costs).

Would be nice when there is a automatic refresh handling, so that the connection is still available after those events.

A dark theme selection would be nice.

Hi,

We're using aws-iam-authenticator in order to authenticate our kubectl users when working with clusters in AWS. When I try to add an AWS cluster, I get the following error:

Failed to connect to <cluster_name_here>: can't be fetched., Command failed: aws-iam-authenticator token -i <cluster_name_here> -r arn:aws:iam::<aws_account_id>:role/<aws_role_name>
could not get token: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Could you please advise how this can be solved?

There is no documentation or an example that I can look up to configure port-forwarding for a service.

So my assumption was it should be straight forward after opening the application, but it isn't.
I loaded the ~/.kube/config file and named the cluster and filled few more fields. But still wasn't able to configure.

It would be great if also environment variables will be injected while enabling port forwarding.
I am talking about SOME_SERVICE_HOST, SOME_SERVICE_PORT and so on...

One problem I run into is that because all the connections go through localhost, there are conflicts between the cookies / localstorage of the different sites. When I login to kubernetes-dashboard or grafana from one cluster, it messes up the login information for another so I have to login again.

It would be nice if I could specify the local address to listen on.

A workaround for this is to have multiple DNS names for localhost and access each site using a different localhost name. However, this means the little shortcut to launch the browser for a port forward won't work as-is, I would have to tweak the URL after the page opens to replace localhost with an alias.

Hi,
I wanted to build kube-forwarder on my own and maybe fix the static windows size bug on linux.
I followed exactly your instructions, but I have no luck. When I run npm run dev, I get this error

  ERROR in Template execution failed: ReferenceError: process is not defined
  ERROR in   ReferenceError: process is not defined
    
    - index.ejs:773 
      /home/user/kube-forwarder/src/index.ejs:773:7
    
    - index.ejs:763 exports
      /home/user/kube-forwarder/src/index.ejs:763:179
    
    - index.js:284 
      [kube-forwarder]/[html-webpack-plugin]/index.js:284:18
    
    - task_queues.js:93 process.processTicksAndRejections
      internal/process/task_queues.js:93:5

I'm using Ubuntu 64Bit 18.04, nodejs 10.19.0, npm 6.13.4. If you need more details, please ask.
I did also try to npm run web and npm run build but they all fail.
I tried with the master and the release branch, both showed exactly the same error message.

Am I missing something?

Placed in the cluster element header above the connect-button column for example.

Not an issue, just wanted to say you guys rock.
As a noob to k8s, I was going in circles for ages trying to get access to a service in my cluster on macOS. This has simplified things tremendously.

Thanks.
🍻

Hello,

I selected my kubeconfig file and kube-forwarder shows the following error message:

"nodes is forbidden: User "system:anonymous" cannot list nodes at the cluster scope"

my kubeconfig file is:

apiVersion: v1
kind: Config
clusters:
- name: caasp
  cluster:
    server: https://my-apiserver:6443
    certificate-authority-data: ...
users:
- name: appenvadmin
  user:
    auth-provider:
      name: oidc
      config:
        client-id: velum
        client-secret: ...
        extra-scopes: groups
        id-token: ...
        idp-certificate-authority-data: ...
        idp-issuer-url: https://my-apiserver:32000
        refresh-token: ...
contexts:
- name: caasp-appenvadmin
  context:
    cluster: caasp
    user: appenvadmin
current-context: caasp-appenvadmin

Auth backend is Dex.
Kube-Forwarder Version 1.4.2 on Windows

Is there a problem using Kubernetes OIDC Auth?

Thanks for any help!

When you picked the kind/namespace/name for a service it would be nice if the resource port column would be autogenerated with the available ports. (I think that is queryable for the pods too.)
The current version somehow reads these ports when you try to bind a non-available port. That info would be even better in the resource creation UI.

Currently, it seems like it is not possible to use port forwarding with weave-scope (https://github.com/weaveworks/scope)

On the command-line it works fine with:

~ kubectl port-forward svc/weave-scope-weave-scope -n weave-scope 4040:80
Forwarding from 127.0.0.1:4040 -> 4040
Forwarding from [::1]:4040 -> 4040
Handling connection for 4040

I immediately see the weave-scope UI in the browser.
Interestingly it directly forwards to port 4040 instead of 80.

When using the same config in kube-forwarder I don't get a response when trying to access the UI. Just the browsers "Waiting for localhost..."

In the console I don't see any errors and I'm not sure if there is an option to enable debug mode.

OS:

Linux 5.2.1-arch1-1-ARCH #1 SMP PREEMPT Sun Jul 14 14:52:52 UTC 2019 x86_64 GNU/Linux

gcloud sdk:

Google Cloud SDK 254.0.0
alpha 2019.07.15
beta 2019.07.15
bq 2.0.45
core 2019.07.15
gsutil 4.40
kubectl 2019.07.15

We have Kubernetes clusters that use OIDC for authentication. So, anytime it refreshes the token or reauthenticates I have to either manually update the config within kube-forwarder or delete and recreate.

An example of the part of our config that changes.
user: auth-provider: config: access-token: <access_token apiserver-id: <apiserver-id> client-id: <clientid> expires-in: "3599" expires-on: "1562692749" refresh-token: <refresh_token> tenant-id: <guid> name: azure

It would be nice if kube-forwarder did one of two things:

• Detect the file change and automatically update the stored config.
• Or, don't do a full import of the config. But instead, just create a pointer to the actual ~/.kube/config and fetch it on startup so it's always current.

Hi,

this issue is more of an FYI that I just created the PR Homebrew/homebrew-cask#65781 to allow installing Kube Forwarder using Homebrew.

Cheers,
Dominik

Most of the time I work with OpenShift clusters where Deployment Configs kind of substitute plain Kubernetes deployments. Without Deployment Config support I'm missing the convenience of referencing a deployment and forget about the exact pod name.

The service I'm trying to hit is the argocd-server as deployed via this walkthrough. I am able to hit the service without issue when running the following: kubectl port-forward svc/argocd-server -n argocd 8080:443 . This is found under Step 3 in the above link.

I was able to configure my k3d cluster within kube-forwarder without issue. I went to add the service in question with the following details.

Namespace: argocd
Kind: service
Name: argocd-server
Ports Forwarding: Local - 8080 Resource - 443

I attempt to hit https://localhost:8080, but it times out.

• MacOSX catalina
• Version 1.5.1 installed via brew
• Remote : Kubernetes installed via kops version v1.15.9