Merge pull request #45 from rancher-sandbox/fixes-k8s-service-discove…

…ry-namespaced-network

Fixes k8s service discovery when namespaced netowrk is enabled

cmd/rancher-desktop-guestagent/main.go

@@ -96,7 +96,7 @@ func main() {
 
 	log.Current = logger
 
-	log.Info("Starting Rancher Desktop Agent in [AdminInstall=%t] mode", *adminInstall)
+	log.Infof("Starting Rancher Desktop Agent in [AdminInstall=%t] mode", *adminInstall)
 
 	if os.Geteuid() != 0 {
 		log.Fatal("agent must run as root")
@@ -198,11 +198,18 @@ func main() {
 					"Valid options are 0.0.0.0 and 127.0.0.1.", *k8sServiceListenerAddr)
 			}
 
+			// listenerOnlyMode represents when iptables is enabled and
+			// privileged services is disabled; this can indicate a non-admin
+			// installation of default network which requires listeners only.
+			// In listenerOnlyMode we creates TCP listeners on 127.0.0.1,
+			// so that it can be picked up by the automatic port forwarding mechanisms
+			// found in WSLv2.
+			listenerOnlyMode := *enableIptables && !*enablePrivilegedService
 			// Watch for kube
 			err := kube.WatchForServices(ctx,
 				*configPath,
 				k8sServiceListenerIP,
-				*enablePrivilegedService,
+				listenerOnlyMode,
 				portTracker)
 			if err != nil {
 				return fmt.Errorf("error watching services: %w", err)

pkg/kube/watcher.go

@@ -11,9 +11,19 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Package kube watches Kubernetes for NodePort services and forces a listener
-// on 127.0.0.1, so that it can be picked up by the automatic port forwarding
-// mechanisms found in WSLv2 and Lima.
+// Package kube watches Kubernetes for NodePort and LoadBalancer service types.
+// It exposes the services as follows:
+// - [default network - admin install]: It uses vtunnel tracker to forward the
+// port mappings to the host in conjunction with the automatic port forwarding
+// mechanism that is found in WSLv2.
+// - [default network - non-admin install]: It creates TCP listeners on 127.0.0.1,
+// so that it can be picked up by the automatic port forwarding mechanisms found
+// in WSLv2 on the default network with the non-admin install.
+// - [namespaced network - admin install]: It uses API tracker to expose the ports
+// on the host through host-switch.exe
+// - [namespaced network - non-admin install]: It uses API tracker to expose the ports
+// on the host through host-switch.exe; however, the exposed ports are only bound to
+// 127.0.0.1 on the host machine.
 package kube
 
 import (
@@ -52,7 +62,7 @@ func WatchForServices(
 	ctx context.Context,
 	configPath string,
 	k8sServiceListenerIP net.IP,
-	enablePrivilegedService bool,
+	enableListeners bool,
 	portTracker tracker.Tracker,
 ) error {
 	// These variables are shared across the different states
@@ -138,76 +148,76 @@ func WatchForServices(
 				continue
 			case event := <-eventCh:
 				if event.deleted {
-					if enablePrivilegedService {
-						if err := portTracker.Remove(string(event.UID)); err != nil {
-							log.Errorw("failed to delete a port from tracker", log.Fields{
-								"error":     err,
-								"UID":       event.UID,
-								"ports":     event.portMapping,
-								"namespace": event.namespace,
-								"name":      event.name,
-							})
-						} else {
-							log.Debugf("kubernetes service: port mapping deleted %s/%s:%v",
-								event.namespace, event.name, event.portMapping)
+					if enableListeners {
+						for port := range event.portMapping {
+							if err := portTracker.RemoveListener(ctx, k8sServiceListenerIP, int(port)); err != nil {
+								log.Errorw("failed to close listener", log.Fields{
+									"error":     err,
+									"ports":     event.portMapping,
+									"namespace": event.namespace,
+									"name":      event.name,
+								})
+							}
 						}
 
+						log.Debugf("kubernetes service: deleted listener %s/%s:%v",
+							event.namespace, event.name, event.portMapping)
+
 						continue
 					}
 
-					for port := range event.portMapping {
-						if err := portTracker.RemoveListener(ctx, k8sServiceListenerIP, int(port)); err != nil {
-							log.Errorw("failed to close listener", log.Fields{
-								"error":     err,
-								"ports":     event.portMapping,
-								"namespace": event.namespace,
-								"name":      event.name,
-							})
-						}
+					if err := portTracker.Remove(string(event.UID)); err != nil {
+						log.Errorw("failed to delete a port from tracker", log.Fields{
+							"error":     err,
+							"UID":       event.UID,
+							"ports":     event.portMapping,
+							"namespace": event.namespace,
+							"name":      event.name,
+						})
+					} else {
+						log.Debugf("kubernetes service: port mapping deleted %s/%s:%v",
+							event.namespace, event.name, event.portMapping)
 					}
-
-					log.Debugf("kubernetes service: deleted listener %s/%s:%v",
-						event.namespace, event.name, event.portMapping)
 				} else {
-					if enablePrivilegedService {
-						portMapping, err := createPortMapping(event.portMapping, k8sServiceListenerIP)
-						if err != nil {
-							log.Errorw("failed to create port mapping", log.Fields{
-								"error":     err,
-								"ports":     event.portMapping,
-								"namespace": event.namespace,
-								"name":      event.name,
-							})
-
-							continue
-						}
-						if err := portTracker.Add(string(event.UID), portMapping); err != nil {
-							log.Errorw("failed to add port mapping", log.Fields{
-								"error":     err,
-								"ports":     event.portMapping,
-								"namespace": event.namespace,
-								"name":      event.name,
-							})
-						} else {
-							log.Debugf("kubernetes service: port mapping added %s/%s:%v",
-								event.namespace, event.name, event.portMapping)
+					if enableListeners {
+						for port := range event.portMapping {
+							if err := portTracker.AddListener(ctx, k8sServiceListenerIP, int(port)); err != nil {
+								log.Errorw("failed to create listener", log.Fields{
+									"error":     err,
+									"ports":     event.portMapping,
+									"namespace": event.namespace,
+									"name":      event.name,
+								})
+							}
 						}
 
+						log.Debugf("kubernetes service: started listener %s/%s:%v",
+							event.namespace, event.name, event.portMapping)
+
 						continue
 					}
-					for port := range event.portMapping {
-						if err := portTracker.AddListener(ctx, k8sServiceListenerIP, int(port)); err != nil {
-							log.Errorw("failed to create listener", log.Fields{
-								"error":     err,
-								"ports":     event.portMapping,
-								"namespace": event.namespace,
-								"name":      event.name,
-							})
-						}
-					}
+					portMapping, err := createPortMapping(event.portMapping, k8sServiceListenerIP)
+					if err != nil {
+						log.Errorw("failed to create port mapping", log.Fields{
+							"error":     err,
+							"ports":     event.portMapping,
+							"namespace": event.namespace,
+							"name":      event.name,
+						})
 
-					log.Debugf("kubernetes service: started listener %s/%s:%v",
-						event.namespace, event.name, event.portMapping)
+						continue
+					}
+					if err := portTracker.Add(string(event.UID), portMapping); err != nil {
+						log.Errorw("failed to add port mapping", log.Fields{
+							"error":     err,
+							"ports":     event.portMapping,
+							"namespace": event.namespace,
+							"name":      event.name,
+						})
+					} else {
+						log.Debugf("kubernetes service: port mapping added %s/%s:%v",
+							event.namespace, event.name, event.portMapping)
+					}
 				}
 			}
 		}