0

I am playing around with my own small Kubernetes cluster.

Something that I don't understand so far is how to see all open ports (= everything my Pods are listening on).

I use Traefik as ingress with hostPorts :80 and :443 and I can see it listening to :80 and :443 when I run sudo lsof -i.

However, I also have GitLab running as Pod, and assigned it a hostPort (54321) that points to the Pods' port :22. I use this for git cloning.

Both Pods have a nodeSelector to run only on the master (...yes, I know.).

GitLab's hostPort :54321 doesn't show up with sudo lsof -i. Why is that? I can't really explain that with my limited knowledge.

In terms of configuration, the only difference of the Traefik Pods vs. the Gitlab Pod is that for Traefik, the hostPorts point to the same port in the Pod (:80->:80, :443->:443) while for the Gitlab Pod, they differ (:54321->:22).

Can anybody explain this to me? Why can't I trust lsof in this case?

Thanks in advance!

ps. the port is definitely open and listening

jesusofsuburbia
  • 1
  • 2

1 Answers1

1

GitLab's hostPort :54321 doesn't show up with sudo lsof -i. Why is that? I can't really explain that with my limited knowledge.

lsof lists information about files1 opened by processes.

There is no process on the host that keeps the hostPort open and thus nothing to display for lsof.

Probably there is only a netfilter (iptables) rule that forwards traffic on that port to your Gitlab Pod. Check with sudo iptables-save and/or sudo iptables -L -v -n , sudo iptables -L -v -n -t security -t nat -t mangle

Where very broadly an open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX domain socket.)

HBruijn
  • 72,524
  • 21
  • 127
  • 192