0

Consider if we build two VMs in a bare-metal server through a network, one is master and another is worker. I ssh to the master and construct a cluster using kubeadm which has three pods and a service with type: ClusterIP. So when I want access to the cluster I do kubectl proxy in the master. Now we can explore the API with curl and wget in the VM which we ssh to it, like this :

$ curl http://localhost:8080/api/

So far, so good! but I want access to the services by my laptop? The localhost which comes above is refer to the bare-metal server! How can access to the services through proxy by my laptop when cluster is placed in another machine?

When I do $ curl http://localhost:8080/api/ in my laptop it says : 127.0.0.1 refused to connect which make sense! But what is the solution to this?

Majid Rajabi
  • 1,417
  • 6
  • 20
  • 35
  • You can do this `kubectl port-forward svc/$service_name 8080:8080` This binds the local port with svc port in your cluster. check this [https://stackoverflow.com/questions/51468491/how-kubectl-port-forward-works] – sanster_23 Dec 10 '18 at 20:44

2 Answers2

3

If you forward the port 8080 when sshing to master, you can use localhost on your laptop to access the apis on the cluster.

You can try adding the -L flag to your ssh command:

$ ssh -L 8080:localhost:8080 your.master.host.com

Then the curl to localhost will work.

Robert Lacok
  • 4,176
  • 2
  • 26
  • 38
2

You can also specify an extra arguments to the kubectl proxy command, to let your reverse-proxy server listening on non-default ip address (127.0.0.1) - expose outside

kubectl proxy --port=8001 --address='<MASTER_IP_ADDRESS>' --accept-hosts="^.*$"

You can get your Master IP address by issuing following command: kubectl cluster-info

Nepomucen
  • 4,449
  • 3
  • 9
  • 24
  • What about the accept-host? What does the `"^.*$"` do? – Majid Rajabi Dec 11 '18 at 07:36
  • I do so, but it says no such host! refer to my master ip address @Nepomucen – Majid Rajabi Dec 11 '18 at 07:55
  • Instead of '' please use '0.0.0.0', it means that your proxy will listen on all IP addresses on the local machine (in your case is your VM with master role, where you SSH and run this command). Now you should be able to access API server via VM-Master IP address. – Nepomucen Dec 11 '18 at 09:38
  • "^.*$" This is a Regular expression for hosts that the proxy should accept. Which translates to: accept incoming requests from all hosts. – Nepomucen Dec 11 '18 at 09:40