Skip to content

Comments

fix: resolve named targetPort for port-forwarding#3

Merged
Guimove merged 3 commits intomainfrom
fix/portforward-named-targetport
Feb 12, 2026
Merged

fix: resolve named targetPort for port-forwarding#3
Guimove merged 3 commits intomainfrom
fix/portforward-named-targetport

Conversation

@Guimove
Copy link
Owner

@Guimove Guimove commented Feb 12, 2026

Summary

  • Port-forwarding was connecting to the service port (e.g. 9090) instead of the container port (e.g. 10902)
  • When targetPort is a named port like "http", IntValue() returns 0 and we fell back to the service port — but the pod doesn't listen there
  • Replace FindPodForService + StartPortForward with a single PortForwardToService that resolves named ports by looking at the pod's container spec

Root cause

# Service
ports:
  - name: http
    port: 9090           # what clients connect to
    targetPort: "http"   # named port → resolved from pod

# Pod
ports:
  - name: http
    containerPort: 10902  # what the pod actually listens on

Test plan

  • TestResolveTargetPortInt — numeric targetPort
  • TestResolveTargetPortNamed — string targetPort resolved from pod
  • TestResolveTargetPortNamedNotFound — fallback to service port
  • TestResolveTargetPortUnset — defaults to service port
  • ./bin/clusterfit recommend --discover --verbose — 884 workloads collected successfully

Port-forwarding was using the service port (e.g. 9090) instead of the
actual container port. When a service defines targetPort as a named port
(e.g. "http"), the old code fell back to the service port because
IntValue() returned 0 for string ports.

Replace FindPodForService + StartPortForward with a single
PortForwardToService that:
1. Fetches the service to get the full ServicePort spec
2. Finds a running pod via the service selector
3. Resolves targetPort: int → use directly, named string → look up
   in pod container ports, unset → default to service port
4. Opens the SPDY tunnel to the resolved container port
Verify credentials at provider creation instead of failing on the first
API call with a cryptic IMDS timeout. The error message now tells the
user exactly what to do: set AWS_PROFILE, run aws sso login, or
configure ~/.aws/credentials.
@Guimove Guimove force-pushed the fix/portforward-named-targetport branch from 96756f3 to f1a7fb3 Compare February 12, 2026 11:12
@Guimove Guimove merged commit 3e5179f into main Feb 12, 2026
3 checks passed
@Guimove Guimove deleted the fix/portforward-named-targetport branch February 12, 2026 11:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant