DigitalOcean

Report this

What is the reason for this report?
Question

After update of the Kubernetes LTD, access to a container through hostPort was broken.

Posted on February 7, 2019
Networking
Kubernetes
243261243130246b4b6b374e68664d

By 243261243130246b4b6b374e68664d

Hi! After update of the Kubernetes LTD, access to a container through hostPort was broken. I assume this is related to cilium. Anyone known how to fix that?

I ran across the information that this problem is solved by the plugin portmap (https://github.com/containernetworking/plugins/tree/master/plugins/meta/portmap), but not have idea how to use it…



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
wallyqs2019
wallyqs2019
May 30, 2019

Hey everyone, I got the workaround to this issue at last KubeCon EU. This is what worked for me: https://github.com/snormore/cilium-portmap You have to install that daemonset on the kube-system namespace, and then restart/redeploy all the pods that were deployed with the hostport config that was not effective. Seems that the tcp connect can take a bit longer with this setup, but at least there is connectivity.

0
wallyqs2019
wallyqs2019
May 21, 2019

Not sure how to fix this yet but here are some clues:

  • The reason why it hostPort does not is indeed due to cilium install which by default does not support hostport: https://docs.cilium.io/en/latest/gettingstarted/cni-chaining-portmap/

  • According to the cilium docs, one can enable the hostport by using a CNI plugin by doing toggling the cni-chaining-mode: portmap option which is in the configmap from the kube system:

kubectl -n kube-system get cm cilium-config -o yaml > cilium.yaml
  • Apparently this should cause a configuration called 05-cilium.conflist to replace /etc/cni/net.d/05-cilium-cni.conf which is in the cilium container, unfortunately this part is not working for me…
0
Nan Zhong
Nan ZhongDigitalOcean Employee badge
February 8, 2019

Hi, could you open up a support ticket? We’d be happy to take a look.

Just as an fyi, only newer versions of clusters (1.13.2, 1.12.5, 1.11.7) use cilium for networking, not sure if you are on a newly created cluster or an older version.

Also, it usually better practice to not rely on host ports or host networking in general unless there is a very specific use case you need them for. Is there any reason node port on a service can’t be used in your case? Regardless, we can follow up and try to figure out why host ports are not working for you if you open up a support ticket.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.