1

I am running k8s cluster for evaluation purposes inside some vagrant box. I have external kubectl access. I was able to get PostgreSQL helm template running on the cluster. But now let say I want to access it outside of the k8s(or VM actually).

There is a problem that I am not very educated in the niceties of Host to Quest communication in VM not to speak about the k8s stack. By empirical research I have found that turning service to NodePort makes it available outside the k8s. But as I said the installed PostgreSQL service is ClusterIP so I want to access it outside aswell without finding a way to turn it to NodePort. So there is couple of noob questions here

  1. what is difference between kubectl proxy and kubectl port-forward?
  2. what is different when executing kubectl proxy from inside VM running k8s cluster and running the same kubectl command on the host?
  3. what is the usual way to make services available outside of the cluster, when using the cluster just for development?
  4. is this quote true?

    port forwarding is not needed when using private network and accessing guest from host with guest private ip, port forwarding is used to access guest with localhost/127.0.0.1 the ports are then forwarded

Zveratko
  • 111
  • 4

2 Answers2

2

  1. kubectl port-forward forwards connections to a local port to a port on a pod. Compared to kubectl proxy, kubectl port-forward is more generic as it can forward TCP traffic while kubectl proxy can only forward HTTP traffic. Generally speaking, using port forwarding you could get on your ‘localhost’ any services launched in your cluster.

    https://stackoverflow.com/questions/58360323/difference-between-kubectl-port-forwarding-and-proxy

  2. It does not make a lot of sence to run 'kubectl proxy' from inside VM running k8s cluster. Kubectl is your client tool, so stick with it outside of cluster range.

  3. The way you would access production services, for the most part if your service is DB oriented stick with ClusterIP. If you want to externally access some Web/HTTP service expose it as a Load Balancer or an Ingress ( in case u have N of them ). If you want to test the DB you could just run a dummy pod and execute some sql-client commands from there.

Pierre.Vriens
  • 7,225
  • 14
  • 39
  • 84
Recoba20
  • 662
  • 3
  • 4
0

To access Kubernetes you typically use port-forward, like this (take from KubeApps)

$ kubectl port-forward -n kubeapps svc/kubeapps 8080:80
Forwarding from 127.0.0.1:8080 -> 8080
Forwarding from [::1]:8080 -> 8080

If you want to make it public so your port-forward listens to all ip addresses, you can use --address 0.0.0.0 as documented in kubectl port-forward --help,

$ kubectl port-forward -n kubeapps svc/kubeapps 8080:80 --address 0.0.0.0
Forwarding from 0.0.0.0:8080 -> 8080

Now your host is redirecting traffic from 8080 to inside the Kubernetes cluster.

Evan Carroll
  • 2,921
  • 6
  • 37
  • 85