Kubernetes locally via Docker: why do we need port forwarding?

Trying out Kubernetes on my mac, following this guide and using docker-toolbox, I don’t understand why I need this step:

Note: On OS/X you will need to set up port forwarding via ssh:

boot2docker ssh -L8080:localhost:8080

The api server is running with --net=host so I should be able to curl <ip-of-my-docker-machine>:8080 but I got “connection refused”. Setting up the port forwarding with ssh solve the problem, but still I don’t understand why I can’t curl directly the host. Any explanation would be great.

  • docker tool box docker build behind proxy is not working in windows
  • Download Github build artifact (release) using wget/curl
  • Is Docker ARG allowed within CMD instrcution
  • Is it possible to launch a new Docker container from within a running Docker container using Docker Compose?
  • Issues with running a consul docker health check
  • Docker Local Machine
  • Docker best practices about enabling memory and swap accounting
  • Dockerfile necessary? Advisable?
  • Multi Applications as Docker Containers in a Cluster, Ways to Handle MySQL [closed]
  • How do I scale up my cluster on Google Container Engine / Kubernetes?
  • Docker daemon is running but it cant connect
  • How to connect to mysql created by docker-compose
  • 2 Solutions collect form web for “Kubernetes locally via Docker: why do we need port forwarding?”

    The api server only listens on localhost, not the docker-machine ip address.

    You can have the host VM forward the requests from the docker-machine ip to localhost with

    docker-machine ssh default sudo /usr/local/sbin/iptables -t nat -I PREROUTING -p tcp -d $(docker-machine ip) --dport 8080 -j DNAT --to-destination

    On Macs docker runs inside the boot2docker virtual machine. With the --net=host option the api server is running on the VM’s host network, not your Mac’s host network. You can also ssh into the boot2docker VM without port forwarding and curl the API from there, then you just need to download the kubectl client while ssh-ed into the VM.

    You can’t curl <ip-of-my-docker-machine>:8080 because the Docker VM defaults to denying external traffic and Docker doesn’t automatically set up firewall rules to allow traffic when --net=host is used. This article goes into more depth.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.