{"id":495247,"date":"2022-09-23T03:48:32","date_gmt":"2022-09-23T00:48:32","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/"},"modified":"2022-09-23T03:48:32","modified_gmt":"2022-09-23T00:48:32","slug":"how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/","title":{"rendered":"#How to Access a Remote Kubernetes Application With Kubectl Port Forwarding"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2f0f2248cfd\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2f0f2248cfd\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/#%E2%80%9CHow_to_Access_a_Remote_Kubernetes_Application_With_Kubectl_Port_Forwarding%E2%80%9D\" >&#8220;How to Access a Remote Kubernetes Application With Kubectl Port Forwarding&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/#How_Port_Forwarding_Works\" >How Port Forwarding Works<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/#Deploying_a_Sample_Application\" >Deploying a Sample Application<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/#Using_Kubectl_to_Port_Forward_to_Kubernetes\" >Using Kubectl to Port Forward to Kubernetes<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/#Changing_the_Local_and_Remote_Port_Numbers\" >Changing the Local and Remote Port Numbers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/#Changing_the_Listening_Address\" >Changing the Listening Address<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/#Summary\" >Summary<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHow_to_Access_a_Remote_Kubernetes_Application_With_Kubectl_Port_Forwarding%E2%80%9D\"><\/span>&#8220;How to Access a Remote Kubernetes Application With Kubectl Port Forwarding&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-806255\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/05\/Kubernetes-New.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Graphic with the Kubernetes logo\" width=\"1202\" height=\"677\"\/><\/p>\n<p>Need to debug an <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lication running inside your Kubernetes cluster? Port forwarding is a way to connect to Pods that aren\u2019t publicly accessible. You can use this technique to inspect databases, monitoring tools, and other applications which you want to deploy internally without a public route.<\/p>\n<p>Port forwarding is <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/tasks\/access-application-cluster\/port-forward-access-application-cluster\">built into Kubectl<\/a>. The CLI can start tunneling sessions that redirect traffic on local ports to Pods in your Kubernetes cluster. Here\u2019s how to get it set up.<\/p>\n<h2 id=\"how-port-forwarding-works\"><span class=\"ez-toc-section\" id=\"How_Port_Forwarding_Works\"><\/span>How Port Forwarding Works<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Port forwarding is a kind of network address translation (NAT) rule that routes traffic from one network into another. In the context of Kubernetes, requests that appear to be terminated by <code>localhost<\/code> are redirected to your cluster\u2019s internal network.<\/p>\n<p>Port forwarding only operates at the port level. You direct a specific port like <code>33060<\/code> to a target port such as <code>3306<\/code> in the destination network. When you send traffic to your local port <code>33060<\/code>, it will be forwarded automatically to port <code>3306<\/code> at the remote end.<\/p>\n<p>This technique lets you access private Kubernetes workloads that aren\u2019t exposed by a NodePort, Ingress, or LoadBalancer. You can direct local traffic straight into your cluster, removing the need to create Kubernetes services for your internal workloads. This helps to reduce your attack surface.<\/p>\n<h2 id=\"deploying-a-sample-application\"><span class=\"ez-toc-section\" id=\"Deploying_a_Sample_Application\"><\/span>Deploying a Sample Application<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Let\u2019s now see Kubernetes port forwarding in action. Begin by creating a basic deployment that you\u2019ll connect to using port forwarding in the next section.<\/p>\n<p>We\u2019re using a MySQL database Pod as a realistic example of when you might need to use this technique. Databases aren\u2019t normally exposed publicly so Kubernetes admins often use port forwarding to open a direct connection.<\/p>\n<p>Create a YAML file for your deployment:<\/p>\n<div class=\"wp-geshi-highlight-wrap5\">\n<div class=\"wp-geshi-highlight-wrap4\">\n<div class=\"wp-geshi-highlight-wrap3\">\n<div class=\"wp-geshi-highlight-wrap2\">\n<div class=\"wp-geshi-highlight-wrap\">\n<div class=\"wp-geshi-highlight\">\n<div class=\"yaml\">\n<pre class=\"de1\"><span class=\"co3\">apiVersion<\/span><span class=\"sy2\">: <\/span>apps\/v1<span class=\"co3\">\nkind<\/span><span class=\"sy2\">: <\/span>Deployment<span class=\"co4\">\nmetadata<\/span>:<span class=\"co3\">\n  name<\/span><span class=\"sy2\">: <\/span>mysql<span class=\"co4\">\nspec<\/span>:<span class=\"co4\">\n  selector<\/span>:<span class=\"co4\">\n    matchLabels<\/span>:<span class=\"co3\">\n      app<\/span><span class=\"sy2\">: <\/span>mysql<span class=\"co4\">\n  template<\/span>:<span class=\"co4\">\n    metadata<\/span>:<span class=\"co4\">\n      labels<\/span>:<span class=\"co3\">\n        app<\/span><span class=\"sy2\">: <\/span>mysql<span class=\"co4\">\n    spec<\/span>:<span class=\"co4\">\n      containers<\/span>:<span class=\"co3\">\n      - image<\/span><span class=\"sy2\">: <\/span>mysql:8.0<span class=\"co3\">\n        name<\/span><span class=\"sy2\">: <\/span>mysql<span class=\"co4\">\n        env<\/span>:<span class=\"co3\">\n        - name<\/span><span class=\"sy2\">: <\/span>MYSQL_ROOT_PASSWORD<span class=\"co3\">\n          value<\/span><span class=\"sy2\">: <\/span>mysql<\/pre>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Make sure you change the value of the <code>MYSQL_ROOT_PASSWORD<\/code> environment variable before using this manifest in production. Run <code>kubectl apply<\/code> to create your MySQL deployment:<\/p>\n<pre>$ kubectl apply -f mysql.yaml&#13;\ndeployment.apps\/mysql created<\/pre>\n<p>Next use the <code>get pods<\/code> command to check the workload\u2019s started successfully:<\/p>\n<pre>$ kubectl get pods&#13;\nNAME                     READY   STATUS    RESTARTS   AGE&#13;\nmysql-5f54dd5789-t5fzc   1\/1     Running   0          2s<\/pre>\n<h2 id=\"using-kubectl-to-port-forward-to-kubernetes\"><span class=\"ez-toc-section\" id=\"Using_Kubectl_to_Port_Forward_to_Kubernetes\"><\/span>Using Kubectl to Port Forward to Kubernetes<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Although MySQL\u2019s now running in your cluster, you\u2019ve got no way of accessing it from outside. Next set up a port forwarding session so you can use your local installations of tools like the <code>mysql<\/code> CLI to connect to your database.<\/p>\n<p>Here\u2019s a simple example:<\/p>\n<pre>$ kubectl port-forward deployment\/mysql 33060:3306&#13;\nForwarding from 127.0.0.1:33060 -&gt; 3306&#13;\nForwarding from [::1]:33060 -&gt; 3306<\/pre>\n<p>Connections to port 33060 will be directed to port 3306 against the Pod running your MySQL deployment. You can now start a MySQL shell session that targets your database in Kubernetes:<\/p>\n<pre>$ mysql --host 127.0.0.1 --port 33060 -u root -p&#13;\nEnter password:&#13;\nWelcome to the MySQL monitor.  Commands end with ; or \\g.&#13;\nYour MySQL connection id is 10&#13;\nServer version: 8.0.29 MySQL Community Server - GPL<\/pre>\n<p>Keep the shell window that\u2019s running the <code>kubectl port-forward<\/code> command open for the duration of your debugging session. Port forwarding will be terminated when you press Ctrl+C or close the window.<\/p>\n<h3 id=\"changing-the-local-and-remote-port-numbers\"><span class=\"ez-toc-section\" id=\"Changing_the_Local_and_Remote_Port_Numbers\"><\/span>Changing the Local and Remote Port Numbers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The syntax for the port number bindings is <code>local:remote<\/code>. The <code>33060:3306<\/code> example shown above maps port 33060 on <code>localhost<\/code> to <code>3306<\/code> in the target Pod.<\/p>\n<p>Specifying only one number, without a colon, will interpret it as both the local and remote port:<\/p>\n<pre>$ kubectl port-forward deployment\/mysql 3306<\/pre>\n<p>You may leave the local port blank instead to automatically assign a random port:<\/p>\n<pre>$ kubectl port-forward deployment\/mysql :3306&#13;\nForwarding from 127.0.0.1:34923 -&gt; 3306&#13;\nForwarding from [::1]:34923 -&gt; 3306<\/pre>\n<p>Here you\u2019d use the randomly generated port number <code>34923<\/code> with your local MySQL client.<\/p>\n<h3 id=\"changing-the-listening-address\"><span class=\"ez-toc-section\" id=\"Changing_the_Listening_Address\"><\/span>Changing the Listening Address<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Kubectl binds the local port on the <code>127.0.0.1<\/code> (IPv4) and <code>::1<\/code> (IPv6) addresses by default. You can specify your own set of IPs instead by supplying an <code>--address<\/code> flag when you run the <code>port-forward<\/code> command:<\/p>\n<pre># Listen on two IPv4 addresses&#13;\n$ kubectl port-forward deployment\/mysql :3306 --address 127.0.0.1,192.168.0.1<\/pre>\n<p>The flag only accepts IP addresses and the <code>localhost<\/code> keyword. The latter is interpreted to include <code>127.0.0.1<\/code> and <code>::1<\/code>, matching the command\u2019s defaults when <code>--address<\/code> is omitted.<\/p>\n<h2 id=\"summary\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Port forwarding is a useful technique to access private applications inside your Kubernetes cluster. Kubectl tunnels traffic from your local network to a specific port on a particular Pod. It\u2019s a relatively low-level mechanism that can handle any TCP connection. UDP port forwarding <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/github.com\/kubernetes\/kubernetes\/issues\/47862\">is not yet supported<\/a>.<\/p>\n<p>Using an ad-hoc port forwarding session is a safe way to debug workloads that don\u2019t need to be exposed externally. Creating a service for each new deployment could allow intruders and attackers to discover endpoints that are meant to be protected. Port forwarding in Kubectl lets you securely connect straight to your applications, without having to work out which Nodes they\u2019re running on.<\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/devops\/how-to-access-a-remote-kubernetes-application-with-kubectl-port-forwarding\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;How to Access a Remote Kubernetes Application With Kubectl Port Forwarding&#8221; Need to debug an application running inside your Kubernetes cluster? Port forwarding is a way to connect to Pods that aren\u2019t publicly accessible. You can use this technique to inspect databases, monitoring tools, and other applications which you want to deploy internally without a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":495248,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/05\/Kubernetes-New.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-495247","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/495247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=495247"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/495247\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/495248"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=495247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=495247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=495247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}