Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

k3s running on orbstack binds k8s api to port 80 #1780

Open
contagnas opened this issue Feb 14, 2025 · 0 comments
Open

k3s running on orbstack binds k8s api to port 80 #1780

contagnas opened this issue Feb 14, 2025 · 0 comments
Labels
t/bug Something isn't working

Comments

@contagnas
Copy link

Describe the bug

This is maybe a k3s bug and not an orbstack bug, but I can only reproduce this on orbstack. Apologies if this is the case!

I'm running k3s on Orbstack, and binding both the k8s api on port 6443 and the loadbalancer on port 80 to their respective ports on the host.

Typically when k3s is starting up, the k8s api will be available in a couple seconds and the loadbalancer will be available after about a minute. In the time between these, I am able to hit the k8s api through the loadbalancer's port.

To Reproduce

At first I thought this was an issue with how the ports were bound to the host ports, here is a reproduction, this does kubectl version pointed at port 80:

container_name=k3s-server-1
docker rm -f k3s-server-1
rm ~/.kube/config

docker run \
       --privileged \
       --name $container_name \
       --hostname $container_name \
       -p 6443:6443 \
       -p 80:80 \
       -d rancher/k3s:v1.24.10-k3s1 \
       server 

SECONDS=0

kubeconfig=$(mktemp)

while true; do
    docker cp $container_name:/etc/rancher/k3s/k3s.yaml $kubeconfig && break
    echo "Waiting for k3s.yaml to be available..."
    sleep 1
done

sed -i '' 's/6443/80/g' $kubeconfig

while true; do
    kubectl --kubeconfig=$kubeconfig version && break
    echo "Waiting for kubectl version to return"
    sleep 1
done

echo
echo "$SECONDS seconds elapsed"

But actually you can observe the k8s api being bound to port 80 from inside the container as well:

/ # telnet localhost 80
Connected to localhost
GET / HTTP/1.1 
HTTP/1.0 400 Bad Request

Client sent an HTTP request to an HTTPS server.
Connection closed by foreign host

After some time, 404s happen as expected:

/ # telnet localhost 80
Connected to localhost
GET / HTTP/1.1
Host: example.com

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Fri, 14 Feb 2025 22:25:12 GMT
Content-Length: 19

404 page not found

Expected behavior

On other container engines, before the lb has started, the connection is refused as i'd expect:

/ # telnet localhost 80
telnet: can't connect to remote host (127.0.0.1): Connection refused

Diagnostic report (REQUIRED)

OrbStack info:
Version: 1.9.2
Commit: f56c5adaa796a0902c648f038307ed8d434b0522 (v1.9.2)

System info:
macOS: 15.2 (24C101)
CPU: arm64, 10 cores
CPU model: Apple M1 Max
Model: MacBookPro18,2
Memory: 64 GiB

Full report: https://orbstack.dev/_admin/diag/orbstack-diagreport_2025-02-14T22-28-00.138753Z.zip

Screenshots and additional context (optional)

No response
@contagnas contagnas added the t/bug Something isn't working label Feb 14, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
t/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@contagnas