Port forwarding is the practice of directing data traffic from the outside world to access a device or network within your private system. In other words, it makes it easier for a service on a private network to connect to other public or private network services or systems. A classic example of port forwarding is the automated telephony system, IVR (Interactive Voice Response). In this case, you are an external system trying to access a customer service agent within an organization. The IVR system plays the role of a router to connect it with the appropriate carrier, and this process is known as port forwarding.
Port forwarding allows you to maneuver through the firewall to route selected traffic to a server within the internal network. You can do this by assigning the requests you want to allow to a default IP address. This process, also known as port mapping, helps you block unwanted traffic from accessing your network by adding extra layers of security.
You can apply a similar concept to manage Kubernetes clusters through the Kubectl command-line tool.
What is kubectl Port Forwarding?
You’ll often come across cases where you need to access Kubernetes clusters privately without opening the application to the general public. Typically, it’s retrieving metrics to review cluster health and address any issues that arise.
Accessing the Kubernetes cluster through a virtual machine is quite complicated. Some of the processes for enabling external requests to Kubernetes workloads include creating inputs and services such as load balancers. However, these procedures put applications at risk by exposing them to unwanted external traffic. Meanwhile, port forwarding allows you to avoid this by evaluating your clusters locally.
Kubectl port-forward is a method for accessing, interacting with, and managing internal Kubernetes clusters directly from your on-premises network. This method is popularly used to investigate issues related to your applications.
Kubectl is a command-line tool used to execute commands and control Kubernetes clusters. Use Kubernetes APIs to pass commands to the cluster control plane. In short, with Kubectl you can perform almost any function in your Kubernetes ecosystem.
How can I forward ports in kubectl?
Kubernetes’ built-in CLI tool, kubectl, allows you to access a service for an application by assigning an IP address to connect to requests coming from outside the network. Kubectl investigates local host disputes to choose a designated local port for remote connection. Because it polls for problems within the cluster, the port forwarding command is primarily used to test or debug the application.
Let’s briefly look at how port forwarding works with respect to Kubernetes.
What is Kubernetes Port Forwarding?
Kubernetes automates end-to-end orchestration functions, accelerating adoption. Since you follow a declarative philosophy, you don’t have to worry about all the steps that are taken to achieve the desired results you declared. Kubernetes takes care of it. However, port forwarding cannot be automated. This is because you have to access the pod you want to connect to manually. In addition, you must repeat the process when you want to connect to another pod within the Kubernetes cluster.
But with the
Kubernetes command-line tool, you can run port forwarding with a simple ‘kubectl port-forward’ command.’ Kubectl sets up a proxy, which directs all traffic from a local port to a port associated with the pod you want to approach. With this, you can interact with your clusters directly from your local computer without exposing Services.
To successfully run port forwarding on Kubernetes, you must have fully configured kubectl installed and you must be connected to the corresponding Kubernetes cluster. Then, you can follow the steps below:
1. Run the port-forward command specifying the pod name and port number that should receive the traffic.
2. The Kubernetes API server establishes a single HTTP connection between your machine and the resource running on your cluster.
3. Now you can communicate directly with a specific pod to diagnose a problem or perform debugging.
4. You can disconnect port forwarding by pressing CTRL+C, and it will cancel the kubectl command immediately.
Which port does kubectl use?
The Kubectl port forwarding command creates a private path between the destination pod and your local machine based on the details you share. You will need to provide details such as the type or name of the resource and local and remote port numbers.
It looks something like this
:kubectl port-forward TYPE/NAME [options] LOCAL_PORT:REMOTE_PORT
Ideally, the pod details you provide should be as accurate as possible to ensure a connection to the correct pod. Otherwise, the command will choose a pod at random. To avoid this, you can retrieve the exact pod name via the command command:
kubectl -n yournamespace get pods It provides the
names of all pods within that namespace, and you can choose your target pod
.
Learn more about Kubectl and how you can manually update Kubernetes workloads here.
What is kubefwd?
While Kubectl port-forward is just one of many functions the tool can execute, Kubefwd is quite specific. It is a command-line service for forwarding multiple Kubernetes services within a namespace. Kubefwd simplifies application development by allowing you to work on services locally similar to how you would from within a Pod in the same namespace.
An application written in Go, Kubefwd allows you to develop applications locally without the need to make any alterations to remote clusters. All you need is Kubectl installed and running to access Kubernetes clusters. You can forward services from a particular namespace through a simple command: sudo kubefwd services -n “Your namespace”.
Conclusion
Port forwarding is a very beneficial feature for accessing your Kubernetes applications locally, mitigating the risk of exposure. An easy way to access Pods, port forwarding allows you to protect Kubernetes ecosystem debugging, accessibility testing, and other assessments. Although Kubectl is a primary tool for managing Kubernetes, the port forwarding capability is ideal for debugging rather than local development. Kubefwd, meanwhile, was designed to solve this problem.
Weaveworks provides continuous delivery solutions for application teams and helps teams automate Kubernetes with GitOps. Learn more about Weave GitOps or request a demo to speak with one of our experts.