pixel-point / kube-forwarder Goto Github PK
View Code? Open in Web Editor NEWEasy to use Kubernetes port forwarding manager
Home Page: https://kube-forwarder.pixelpoint.io/
License: MIT License
Easy to use Kubernetes port forwarding manager
Home Page: https://kube-forwarder.pixelpoint.io/
License: MIT License
Not an issue, just wanted to say you guys rock.
As a noob to k8s, I was going in circles for ages trying to get access to a service in my cluster on macOS. This has simplified things tremendously.
Thanks.
🍻
Hi,
I wanted to build kube-forwarder on my own and maybe fix the static windows size bug on linux.
I followed exactly your instructions, but I have no luck. When I run npm run dev, I get this error
ERROR in Template execution failed: ReferenceError: process is not defined
ERROR in ReferenceError: process is not defined
- index.ejs:773
/home/user/kube-forwarder/src/index.ejs:773:7
- index.ejs:763 exports
/home/user/kube-forwarder/src/index.ejs:763:179
- index.js:284
[kube-forwarder]/[html-webpack-plugin]/index.js:284:18
- task_queues.js:93 process.processTicksAndRejections
internal/process/task_queues.js:93:5
I'm using Ubuntu 64Bit 18.04, nodejs 10.19.0, npm 6.13.4. If you need more details, please ask.
I did also try to npm run web and npm run build but they all fail.
I tried with the master and the release branch, both showed exactly the same error message.
Am I missing something?
doc https://electronjs.org/docs/api/tray
min app to tray rather than task bar.
Currently the first tunnel I open will hang forever - I have to click a second one to get it to start.
I have traced this to coreApi.listNamespacedPod
not returning. For some reason the second request coming in prompts it to actually get a response.
I haven't quite found a fix for it. It would be interesting to know if anyone else has the same issue.
A dark theme selection would be nice.
The service I'm trying to hit is the argocd-server as deployed via this walkthrough. I am able to hit the service without issue when running the following: kubectl port-forward svc/argocd-server -n argocd 8080:443
. This is found under Step 3 in the above link.
I was able to configure my k3d cluster within kube-forwarder without issue. I went to add the service in question with the following details.
Namespace: argocd
Kind: service
Name: argocd-server
Ports Forwarding: Local - 8080 Resource - 443
I attempt to hit https://localhost:8080, but it times out.
We have following scenario:
Now we have a problem. The Container can´t connect to the forwarder.
So we change the "server.listen IP" in the Connections.js to 0.0.0.0, but that is not optimal. Now every device in our Network can connect to the service.
We need an option to configure the local bind address.
Hi,
I'm running the linux AppImage, but it is impossible to resize the window.
I have observed in the source code that the maximize flag depends on the value of the NODE_ENV variable, but no matter what is the value of that variable in my local machine (development | production) ...I observe no change in the possibility to maximize the window
Am I getting this right or it is something I can do without being able to rebuild the appimage?
It would be great if after launching a port-forward there was a button or menu item to launch the default browser to the local port.
We have Kubernetes clusters that use OIDC for authentication. So, anytime it refreshes the token or reauthenticates I have to either manually update the config within kube-forwarder or delete and recreate.
An example of the part of our config that changes.
user: auth-provider: config: access-token: <access_token apiserver-id: <apiserver-id> client-id: <clientid> expires-in: "3599" expires-on: "1562692749" refresh-token: <refresh_token> tenant-id: <guid> name: azure
It would be nice if kube-forwarder did one of two things:
I have an EKS cluster to which I connect from my machine using kubectl , AWS CLI and AWS IAM. I think it authenticates the user using the AWS IAM in my case.
When I try to add a resource, it detects the kubeconfig but upon clicking ADD SELECTED CLUSTERS, I receive a prompt - Failed to connect to arn:aws:eks:my-cluster-name platform cluster(s). Do you want to continue saving?
Can you please help how to resolve this?
Thanks!
I have dozens of cluster configs.
One file per cluster, not one huge ~/.kube/config
.
Instead of loading the config from one static location or have the user copy/paste the contents, it would be great if I could just tell the tool which file to open with an OpenFile Dialogue.
Might be related to #13 which is also about an OIDC authenticated k8s cluster.
kube-forwarder
with brew cask install kube-forwarder
awscli
: aws-cli/1.16.200 Python/3.7.4 Darwin/18.6.0 botocore/1.12.190
Tried to auto-add k8s clusters configured in ~/.kube/config
from the kube-forwarder
UI, but was unable to do so with errors similar to ENOENT: no such file or directory, open 'preprod/ca.pem'
I am trying to connect to a Kubernetes cluster that has a self-signed certificate that has no issuer.
I am getting this error when trying to add clusters and play/pause port forwarding:
The kubectl command has accepted my use of a self-signed certificate and would like to see this application allow this as well.
Workaround:
Set config property insecure-skip-tls-verify: true in .kube/config.
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
insecure-skip-tls-verify: true
server: https://node01.docker.example.com:6443
name: default-cluster
contexts:
- context:
cluster: default-cluster
namespace: NAMESPACE
user: default-admin
name: default-system
current-context: default-system
kind: Config
preferences: {}
users:
- name: default-admin
user:
client-certificate: PATH_TO_CERTIFICATE
client-key: PATH_TO_KEY
kubernetes-port-forwarder starts to work but when I execute any kubectl commands I get the following error:
error: specifying a root certificates file with the insecure flag is not allowed
I can resolve this issue by removing my certificate-authority-data but believe ultimately that even though I have a self-signed certificate there is some security allowing kubectl to verifying that the certificate has not changed.
When I upgrade my Deployments for example with helm, I need to click on the connect play button for every updated service.
The same when I Scale a Deployment to Zero and up again later(for example a lot to save resource costs).
Would be nice when there is a automatic refresh handling, so that the connection is still available after those events.
Let's read more about KUBECONFIG env and the ability to add it as a part of auto-detection logic to the app.
Hi, first of all, thank you for this app it is very useful.
Steps:
For example:
psql: error: could not connect to server: SSL SYSCALL error: Success could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?
psql: error: could not connect to server: SSL SYSCALL error: Success could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?
Same happens with jdbc driver or psycopg which reports the same error when deactivating port forward:
psycopg2.OperationalError: SSL SYSCALL error: Success
The connection doesn't hang when using kubectl port-forward.
uname:
Linux 4.19.102-1-MANJARO x86_64 GNU/Linux
openssl version:
OpenSSL 1.1.1d 10 Sep 2019
kubectl version:
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"archive", BuildDate:"2020-01-25T21:52:51Z", GoVersion:"go1.13.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.6", GitCommit:"72c30166b2105cd7d3350f2c28a219e6abcd79eb", GitTreeState:"clean", BuildDate:"2020-01-18T23:23:21Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}
It would be great if also environment variables will be injected while enabling port forwarding.
I am talking about SOME_SERVICE_HOST, SOME_SERVICE_PORT and so on...
Hey,
First of all thank you for your effort,
I am using Macbook Pro 2018 with latest os version. When i open the app it just shows white screen.
Hi all!
We are experiencing an odd behavior since we moved our Kubernetes subscriptions on Azure.
We have updated our .kube\config files. We created new entries in Kube Forwarder. But when I try to start a forwarding, I get "Service can't be fetched".
However, when I run a "kubectl port-forward" manually to a service of that cluster, then that works. I then kill it. And then port forwarding in Kube Forwarder to services of that cluster suddenly works as well.
Is someone else seeing that as well .... and is there a way to fix this? Because .... we kind of got used to using Kube Forwarder.
This is probably what is reported in #15 but it was a post on a closed issue.
Thanks in advance.
Sascha
Just downloaded linux package using this link, unfortunately the archive contains only macos stuff...
When ever I use the app to port forward to a Microsoft Sql Server instance I get the following errors in the log of that pod:
2019-12-06 21:24:54.98 Logon Error: 17836, Severity: 20, State: 17.
2019-12-06 21:24:54.98 Logon Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library. [CLIENT: 127.0.0.1]
The remainder of the connection to this pod is very unstable.
If I use kubectl port-forward
to do the same thing I do not get these error messages and the connection is far more stable.
When adding a cluster, I feel that next to the 'Save' button we should have a 'Verify' button which connects to the Kubernetes API.
Something like hitting https://{{ KUBEAPI }}/healthz
and checking the response code. This could be used to validate if the API is reachable, the certificates are trusted, and whether the authentication is successful.
When you picked the kind/namespace/name for a service it would be nice if the resource port column would be autogenerated with the available ports. (I think that is queryable for the pods too.)
The current version somehow reads these ports when you try to bind a non-available port. That info would be even better in the resource creation UI.
Similar to #12, When I attempt to add an AKS cluster kube-forwarder see's my cluster in the config, but fails to connect with a message Failed to connect to myakscluster cluster(s). Do you want to continue saving?
If I continue, I can manually add resources, but they won't forward. If I edit the cluster and choose to test the connection again, it will fail with an 'unauthorized' response.
I believe the issue is that our clusters have Azure authentication enabled. Essentially we have a user section that looks like this:
users:
- name: <username>
user:
auth-provider:
name: azure
config:
apiserver-id: <apiserver-app-id>
client-id: <kubectl-app-id>
tenant-id: <tenant-id>
I'm not sure if the forwarder isn't picking up existing tokens from the kube config file, or if it's attempting to get a new token, and failing at azure's whole go to https://microsoft.com/devicelogin and enter a code demand.
Here's a little background on the Azure authentication: https://docs.giantswarm.io/guides/authenticating-with-microsoft-azure-active-directory/
Really hoping that this works out, as it looks like a really cool and handy tool.
I can port forward connection to service with kubectl:
kubectl port-forward -n some-namespace svc/postgres-somecluster-postgresql 5432:5432
However this same does not work correctly with kube-forwarder, because I can't connect with pgAdmin to database. Kube-forwarder indicates that port forward is running correctly.
I'm not sure if that's specific to cluster or postgresql, but I'm using this helm chart to deploy postgres: https://github.com/helm/charts/tree/master/stable/postgresql
Problems occurs on kube-forwarder, version 1.4.0.
Maybe application could show some logs, like kubectl port-forward does, to help troubleshoot this kind of issues?
Hi,
Decided to give this tool a go, I have added cluster through "Create cluster from scratch"
And then just copy pasted cluster config YAML from .kube directory
When attempting to create service
I fill all the fields, I set "Workload type" to deployment and "Workload name" as deployment name and I set the ports to forward from 80 to 1001
However when attempting to start port forwarding it says
The cluster itself is alive and well and deployment with this name exists.
We are running EKS 1.12
macOS High Sierra
What could be the problem?
Hi,
We're using aws-iam-authenticator in order to authenticate our kubectl users when working with clusters in AWS. When I try to add an AWS cluster, I get the following error:
Failed to connect to <cluster_name_here>: can't be fetched., Command failed: aws-iam-authenticator token -i <cluster_name_here> -r arn:aws:iam::<aws_account_id>:role/<aws_role_name>
could not get token: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Could you please advise how this can be solved?
Idea to add autocompletion list to easly make up forward form.
Thanks for developing this tool!
I have multiple AWS profile in my AWS configuration (~/.aws/config)
I'd love it if Kube Forwarder detected that and allowed my to choose one before it tries to run aws --region XXXXXX eks get-token --cluster-name XXXXX
so I can avoid the error message I see in this use case.
Most of the time I work with OpenShift clusters where Deployment Configs kind of substitute plain Kubernetes deployments. Without Deployment Config support I'm missing the convenience of referencing a deployment and forget about the exact pod name.
Service should be supported because it is the correct way to connect to pods inside the kubernetes. It solves the problem with the continuous deployment of some pods - now we need to always refresh pod's name in Kube Forward.
I'm following the instructions under "installing" however when running "npm run dev" I get
Error: Application entry file "dist\electron\main.js" in the "C:\git\kube-forwarder\build\win-unpacked\resources\app.asar" does not exist. Seems like a wrong configuration.
Any clues as to what might be wrong.. apart from the obvious :-)
Placed in the cluster element header above the connect-button column for example.
One problem I run into is that because all the connections go through localhost, there are conflicts between the cookies / localstorage of the different sites. When I login to kubernetes-dashboard
or grafana
from one cluster, it messes up the login information for another so I have to login again.
It would be nice if I could specify the local address to listen on.
A workaround for this is to have multiple DNS names for localhost and access each site using a different localhost name. However, this means the little shortcut to launch the browser for a port forward won't work as-is, I would have to tweak the URL after the page opens to replace localhost with an alias.
I ran into this UI papercut when trying to update the config for a cluster I added way back when:
I'm being blocked from updating the config for this cluster, and it's not properly displaying the reason why. Using the "Check Connection" button shows that the connection is successful.
So there's likely two problems here:
I added a new cluster with the same exact config and it's fine, editable and so on. So supposedly some other part of my vuex.json
is relevant, shown below with the config blobs redacted:
{
"state": {
"version": 2,
"Clusters": {
"items": {
"ba10c6f0-ac9f-11e9-b28c-11742b8dd418": {
"id": "ba10c6f0-ac9f-11e9-b28c-11742b8dd418",
"name": "broken some-eks-cluster",
"config": {
"currentContext": "some-eks-cluster",
"storingMethod": "content",
"content": redacted,
"path": null
}
},
"0d49abd0-77fb-11ea-8101-b3779cb8216a": {
"id": "0d49abd0-77fb-11ea-8101-b3779cb8216a",
"name": "new working cluster config",
"config": {
"storingMethod": "content",
"path": "",
"content": redacted,
"currentContext": ""
}
}
}
},
"Connections": { ... },
"Services": { ... }
}
}
Hopefully there's enough info here to help root out both problems, but if there's some way for me to attach more logging please LMK. I just found the vuex.json file in attempt to get my config updated so I can keep using this very useful tool.
Currently, it seems like it is not possible to use port forwarding with weave-scope (https://github.com/weaveworks/scope)
On the command-line it works fine with:
~ kubectl port-forward svc/weave-scope-weave-scope -n weave-scope 4040:80
Forwarding from 127.0.0.1:4040 -> 4040
Forwarding from [::1]:4040 -> 4040
Handling connection for 4040
I immediately see the weave-scope UI in the browser.
Interestingly it directly forwards to port 4040
instead of 80
.
When using the same config in kube-forwarder I don't get a response when trying to access the UI. Just the browsers "Waiting for localhost..."
In the console I don't see any errors and I'm not sure if there is an option to enable debug mode.
OS:
Linux 5.2.1-arch1-1-ARCH #1 SMP PREEMPT Sun Jul 14 14:52:52 UTC 2019 x86_64 GNU/Linux
gcloud sdk:
Google Cloud SDK 254.0.0
alpha 2019.07.15
beta 2019.07.15
bq 2.0.45
core 2019.07.15
gsutil 4.40
kubectl 2019.07.15
When running behind enterprise firewalls, I need to use proxy, however configuration is not possible. It should be possible to configure proxy:
a) Using system settings
b) Manual settings (with no proxy exclusions)
So I have several auto scaled deployments and if I ever wanted to go and port forward into them, I would have to go and get the exact pod name and add that to the app.. but because it scales if a pod gets scaled down and goes away I still have to go and look and see.
So it would be VERY cool to have the ability to add a wildcard search to where you supply the pod name/Stateful set and have the UI return a list of possible pods that match that. We have a clustered redis as a Stateful Set and auto scaled deployments and having to create entries for each pod is time consuming.
Love the tool tho!
There is no documentation or an example that I can look up to configure port-forwarding for a service.
So my assumption was it should be straight forward after opening the application, but it isn't.
I loaded the ~/.kube/config file and named the cluster and filled few more fields. But still wasn't able to configure.
It would be nice if the app could run in the background as a systray/menu bar icon. Generally, I would like to control port-forwards from the menu bar.
Hi,
this issue is more of an FYI that I just created the PR Homebrew/homebrew-cask#65781 to allow installing Kube Forwarder using Homebrew.
Cheers,
Dominik
We have multiple clusters, with multiple services in each cluster. We'd like to add just one config file to source control for all clusters. I see the config file has been designed with that in mind in the future (I think?) but it currently errors if more than one cluster is provided.
eg, we would like to define:
{
"_clusters": [
{
"name": "arn:aws:eks:eu-west-1:12345678:cluster/foo",
"_services": [
{
"alias": "foo-baz",
"namespace": "kube-system",
"workloadType": "service",
"workloadName": "prometheus",
"forwards": [
{
"localPort": 6600,
"remotePort": 80,
"id": "38cdf30d-062d-499d-87f0-f60b0e91dcdf"
}
]
}
]
},
{
"name": "arn:aws:eks:eu-west-1:12345678:cluster/bar",
"_services": [
{
"alias": "bar-baz",
"namespace": "kube-system",
"workloadType": "service",
"workloadName": "prometheus",
"forwards": [
{
"localPort": 6800,
"remotePort": 80,
"id": "6678abc7-cfb2-461f-921e-336a92b9e80b"
}
]
}
]
}
]
}
I'd like to start kube-forwarder pointing at this one file. Then, a dev just pulls our git repo and it (optionally) hot reloads.
I think a couple of other issues touch on this, but I've not seen a request for "one file multiple cluster" support.
Hello,
I selected my kubeconfig file and kube-forwarder shows the following error message:
"nodes is forbidden: User "system:anonymous" cannot list nodes at the cluster scope"
my kubeconfig file is:
apiVersion: v1
kind: Config
clusters:
- name: caasp
cluster:
server: https://my-apiserver:6443
certificate-authority-data: ...
users:
- name: appenvadmin
user:
auth-provider:
name: oidc
config:
client-id: velum
client-secret: ...
extra-scopes: groups
id-token: ...
idp-certificate-authority-data: ...
idp-issuer-url: https://my-apiserver:32000
refresh-token: ...
contexts:
- name: caasp-appenvadmin
context:
cluster: caasp
user: appenvadmin
current-context: caasp-appenvadmin
Auth backend is Dex.
Kube-Forwarder Version 1.4.2 on Windows
Is there a problem using Kubernetes OIDC Auth?
Thanks for any help!
Hi!
Would be handy. I am having an issue finding an easy solution to forward many UDP ports between minikube and host (local machine), so that I could do a video stream between 2 mobile phones via WebRTC video server running in minikube.
The Help > Learn More menu item should go to this site, not https://electronjs.org/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.