I'd avoid adding the translation flag until we have a clear need for it

Was thinking to have an escape hatch with this flag, thus default to false, in case there are use cases that I can't conceive. I have no problem removing it and added it back later if needed. I will do that also.

port-forwarding to service is new function, so let's start small and iterate as needed... someone can always go look the pod up themselves if they want to target a specific port on the pod

Removed.

I think importing and manually converting is worse that just writing the port mapping to work on internal service and pod objects

Yep, I will give that a shot.

Done.

TargetPort can be omitted, and in that case, mapping[svcportspec.Port] = svcportspec.Port should be used:

If this is not specified, the value of the 'port' field is used (an identity map).

Will fix that and add a test case for that.

I think the only safe way to detect omitted is to assume the IntValue() is 0, but if there is a better way please let me know.

hmm, looks like defaulting takes care of this for you and sets targetPort to match port when omitted (https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/v1/defaults.go#L120). Can you verify that is the case?

I think it does. I can delete targetPort from a service, and it gets regenerated. I think that is why I did not notice this case before. However, since this code now support internal object, and may be reused by others, it is probably safer to assume defaulting may not happen and leave it as is.

this has the potential to return an error and short-circuit on a port that we're not even going to use... you could just omit the target from the mapping (or map to zero), and handle missing cases in translateServicePortToTargetPort if we actually try to make use of ports that don't have corresponding ports in the pod

Would it be better if we just look up as we process the arguments, and the error would be much clear? I did the gathering first because it was easier for me to implement at the time.

Probably so

Realized that lookup failure can't be treated as failures, because service/pod is not required to declare every port a pod listens on, so the point of surfacing clear error is irrelevant.

Actually, I think it would work by surfacing only the named port lookup error.

services are required to declare the ports they surface, and pods must declare a named port for named mappings to work

I think it would work by surfacing only the named port lookup error

that sounds right

services are required to declare the ports they surface

So in that expectation, if a Service does not declare a port, but the user still wants to port-forward to that port, should that be treated as error? Right now I am pass it as-is to match the use case for other types of resources.

nit: use the api constant

Fixed.

just return here

unconditional error here

just return LookupContainerPortNumberByName(pod, svcportspec.TargetPort.String())

error in all cases here... if the service didn't declare the port, I don't think it's valid to try to port-forward to it

I think we went back to the original behavior (using gathered mapping), but it is much more clear how and why we reached the error.

Found another corner case. If ClusterIP: None, the current behavior would return the port as-is, even if the port is not declared by the service. Let me fix that also.

If ClusterIP=None, then no proxying occurs today, right? does it make sense to support port-forward on such a service?

I think it makes sense to support port-forward even for ClusterIP=None. A common use case for me is for pods with NetworkPolicy that restrict general access, so port-forward (not proxy) is a way for reaching it for testing/verification without changing the NetworkPolicy.

ok, with the change to still require the service to declare the port, that seems reasonable