I know that in kubernetes, we can't use a Service Node Port below 30000, because these ports are used by kubernetes. Can I use "kubectl port-forward svc/someservice 80:80" for instance... without causing conflict with the kubernetes ports below 30000?
Asked
Active
Viewed 410 times
1
-
Please check this you will get the answer https://stackoverflow.com/questions/51468491/how-kubectl-port-forward-works – Arpit Jain Feb 04 '20 at 14:33
-
I'm sorry, but I can't see the answer in this post... – Clarencio Feb 04 '20 at 14:38
-
1yes you can! `kubectl port-forward svc/SERVICE_NAME PORT_TO_FORWARD_TO:SERVICE_PORT -n NAMESPACE` – suren Feb 04 '20 at 14:53
2 Answers
0
In short - yes, you can.
In your question though it's clear that you're missing the understanding of NodePort type of service and the what the kubectl port-forward essentially does.
kubectl port-forward doesn't send the traffic through the port defined in the .spec.type: NodePort stanza in the Service resource. In fact using kubectl port-forward you're able to target a ClusterIP type of service (which doesn't have a .spec.type: NodePort stanza by definition).
Bernard Halas
- 972
- 11
- 24
-
Ok. Thanks for your answer. Some people say that kubectl port-forward s only for debugging, due to its poor performance. It is true? – Clarencio Feb 04 '20 at 16:30
-
1Right. Not just because of its performance. In order to make `kubectl port-forward` work, you need to give the client privileges to access the Kubernetes API. API is just for managing the cluster and the objects running there. Standard way to expose services from the cluster is Loadbalancer, Ingress or NodePort. Of course, the official docs is the good starting point: https://kubernetes.io/docs/concepts/services-networking/service/ But I found the following article helpful: https://medium.com/google-cloud/kubernetes-nodeport-vs-loadbalancer-vs-ingress-when-should-i-use-what-922f010849e0 – Bernard Halas Feb 05 '20 at 10:22
0
Could you please describe what is the reason to have such a setup?
kubectl port-forward svc/someservice 80:80 merely forwards your local_machine:80 to port:80 of endpoints for someservice .
In other words, connections made to local port 80 are forwarded to port 80 of the pod that is running your app. With this connection in place you can use your local workstation to debug the app that is running in the pod.
Due to known limitations, port forward today only works for TCP protocol. The support to UDP protocol is being tracked in issue 47862.
As of now (Feb-2020) the issue is still open.
Node Port is used for totally different stuff. It is used for cases when you shall reach pods by sending traffic to particular port on any node in your cluster.
That is why the answer for your question is "Definitely you can do that"; however, as I said before, it is not clear why you shall do that. Without that inf it is hard to provide a guidance on "what is the best way to achieve the required functionality"
Hope that helps.
Nick
- 1,882
- 11
- 16
-
-
You shall be able to access application from the machine you did port-forwarding from. – Nick Feb 19 '20 at 16:41