rancher-desktop-agent

module

v0.4.1 Latest Latest Go to latest Published: May 7, 2024 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rancher-sandbox/rancher-desktop-agent

Links

Open Source Insights

README ¶

Rancher Desktop Agent

The Rancher Desktop guest agent runs in Rancher Desktop VMs providing helper services. It currently has the following functionality:

Port forwarding with privileged helper:

When the Rancher Desktop Privileged Service is enabled on the host Windows machine via an admin installation of Rancher Desktop, the guest agent watches for port binding events from corresponding backend's API and emits them to the host via a virtual tunnel.

flowchart  LR;
 subgraph Host["HOST"]
 rd{"Rancher Desktop"}
 ps(("Privileged Service"))
 rd <-.-> ps
 end
 subgraph VM["WSL VM"]
 rdagent(("Guest Agent"))
 api(("moby/containerd \n events API"))
 rdagent <-.->  api
 end
 ps  <---> |Vtunnel| rdagent

moby port forwarding (WSL)

Rancher Desktop Guest Agent subscribes to docker event API to monitor the newly created published ports. It will then forwards the newly published ports over a AF_VSOCK tunnel (Rancher Desktop's vtunnel) to Rancher Desktop Privileged Service that runs on the host machine.

containerd port forwarding (WSL)

When using the containerd backend, the behaviour of Rancher Desktop Guest Agent is very similar to when the moby backend is enabled. It monitors containerd's event API for the newly created published ports. It will then forwards the newly published ports over a AF_VSOCK tunnel (Rancher Desktop's vtunnel) to Rancher Desktop Privileged Service that runs on the host machine.

When Privileged Service is disabled:

When the Rancher Desktop Privileged Service is not enabled on the host Windows machine via a non admin installation of Rancher Desktop, the guest agent watches the iptables for a newely added rules.

containerd port forwarding (WSL) when no privileged service is enabled

When Rancher Desktop Privileged Service is not enabled (non-admin installation), Rancher Desktop Agent falls back to the following behaviour. In Windows Subsystem for Linux, WSL automatically forwards ports opened on 127.0.0.1 or 0.0.0.0 by opening the corresponding port on 127.0.0.1 on the host (running Windows). However, containerd (as configured by nerdctl) just sets up iptables rules rather than actually listening, meaning this isn't caught by the normal mechanisms. Rancher Desktop Agent therefore creates the listeners so that they get picked up and forwarded automatically. Note that the listeners will never receive any traffic, as the iptables rules are in place to forward the traffic before it reaches the application. This is not necessary for Lima, as that already does the iptables scanning (the core of the code has been lifted from Lima).

Kubernetes NodePort forwarding

In newer versions of Kubernetes†, kubelet no longer creates a listener for NodePort services. We therefore need to create those listeners manually, so that port forward works correctly as in the container port forwarding above.

† 1.21.12+, 1.22.10+, 1.23.7+, 1.24+

Directories ¶

Path	Synopsis
cmd
rancher-desktop-guestagent Rancher-desktop-guestagent runs inside the WSL VM on Windows.	Rancher-desktop-guestagent runs inside the WSL VM on Windows.
pkg
containerd Package containerd handles port binding events from containerd API	Package containerd handles port binding events from containerd API
docker Package docker handles port binding events from docker events API	Package docker handles port binding events from docker events API
forwarder Package forwarder implements a forwarding mechanism to forward port mappings over Vtunnel.	Package forwarder implements a forwarding mechanism to forward port mappings over Vtunnel.
iptables Package iptables handles forwarding ports found in iptables dnat	Package iptables handles forwarding ports found in iptables dnat
kube Package kube watches Kubernetes for NodePort and LoadBalancer service types.	Package kube watches Kubernetes for NodePort and LoadBalancer service types.
tracker Package tracker implements a tracking mechanism to keep track of the ports during various container event types e.g start, stop	Package tracker implements a tracking mechanism to keep track of the ports during various container event types e.g start, stop
types Package types maintains common types that are used across different packages.	Package types maintains common types that are used across different packages.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL