diff --git a/newsfragments/983.bugfix b/newsfragments/983.bugfix new file mode 100644 index 0000000000..ead5c31951 --- /dev/null +++ b/newsfragments/983.bugfix @@ -0,0 +1 @@ +Telepresence correctly forwards privileged ports when using swap-deployment. diff --git a/telepresence/proxy/deployment.py b/telepresence/proxy/deployment.py index e7ab88dee8..59041cd410 100644 --- a/telepresence/proxy/deployment.py +++ b/telepresence/proxy/deployment.py @@ -137,13 +137,6 @@ def _get_container_name(container, deployment_json): return container -def _merge_expose_ports(expose, container_json): - expose.merge_automatic_ports([ - port["containerPort"] for port in container_json.get("ports", []) - if port["protocol"] == "TCP" - ]) - - def supplant_deployment( runner: Runner, deployment_arg: str, expose: PortMapping, add_custom_nameserver: bool @@ -172,11 +165,11 @@ def supplant_deployment( ) container = _get_container_name(container, deployment_json) - new_deployment_json, orig_container_json = new_swapped_deployment( + new_deployment_json = new_swapped_deployment( deployment_json, container, run_id, - get_image_name(expose), + expose, add_custom_nameserver, ) @@ -230,8 +223,6 @@ def delete_new_deployment(check): ) resize_original(0) - _merge_expose_ports(expose, orig_container_json) - span.end() return new_deployment_name, run_id @@ -240,9 +231,9 @@ def new_swapped_deployment( old_deployment: Dict, container_to_update: str, run_id: str, - telepresence_image: str, + expose: PortMapping, add_custom_nameserver: bool, -) -> Tuple[Dict, Dict]: +) -> Dict: """ Create a new Deployment that uses telepresence-k8s image. @@ -257,8 +248,8 @@ def new_swapped_deployment( 7. Adds TELEPRESENCE_CONTAINER_NAMESPACE env variable so the forwarder does not have to access the k8s API from within the pod. - Returns dictionary that can be encoded to JSON and used with kubectl apply, - and contents of swapped out container. + Returns dictionary that can be encoded to JSON and used with kubectl apply. + Mutates the passed-in PortMapping to include container ports. """ new_deployment_json = deepcopy(old_deployment) new_deployment_json["spec"]["replicas"] = 1 @@ -272,7 +263,12 @@ def new_swapped_deployment( old_deployment["spec"]["template"]["spec"]["containers"], ): if container["name"] == container_to_update: - container["image"] = telepresence_image + # Merge container ports into the expose list + expose.merge_automatic_ports([ + port["containerPort"] for port in container.get("ports", []) + if port["protocol"] == "TCP" + ]) + container["image"] = get_image_name(expose) # Not strictly necessary for real use, but tests break without this # since we don't upload test images to Docker Hub: container["imagePullPolicy"] = "IfNotPresent" @@ -306,7 +302,7 @@ def new_swapped_deployment( } } }) - return new_deployment_json, old_container + return new_deployment_json raise RuntimeError( "Couldn't find container {} in the Deployment.". @@ -377,16 +373,14 @@ def apply_json(json_config): container = _get_container_name(container, dc_json) - new_dc_json, orig_container_json = new_swapped_deployment( + new_dc_json = new_swapped_deployment( dc_json, container, run_id, - get_image_name(expose), + expose, add_custom_nameserver, ) apply_json(new_dc_json) - _merge_expose_ports(expose, orig_container_json) - return deployment, run_id