Kubernetes locally via Docker: why do we need port forwarding?
Trying out Kubernetes on my mac, following this guide and using docker-toolbox, I don’t understand why I need this step:
Note: On OS/X you will need to set up port forwarding via ssh: boot2docker ssh -L8080:localhost:8080
The api server is running with
--net=host so I should be able to
curl <ip-of-my-docker-machine>:8080 but I got “connection refused”. Setting up the port forwarding with ssh solve the problem, but still I don’t understand why I can’t curl directly the host. Any explanation would be great.
2 Solutions collect form web for “Kubernetes locally via Docker: why do we need port forwarding?”
The api server only listens on localhost, not the docker-machine ip address.
You can have the host VM forward the requests from the docker-machine ip to localhost with
docker-machine ssh default sudo /usr/local/sbin/iptables -t nat -I PREROUTING -p tcp -d $(docker-machine ip) --dport 8080 -j DNAT --to-destination 127.0.0.1:8080
On Macs docker runs inside the boot2docker virtual machine. With the
--net=host option the api server is running on the VM’s host network, not your Mac’s host network. You can also ssh into the boot2docker VM without port forwarding and curl the API from there, then you just need to download the
kubectl client while ssh-ed into the VM.
curl <ip-of-my-docker-machine>:8080 because the Docker VM defaults to denying external traffic and Docker doesn’t automatically set up firewall rules to allow traffic when
--net=host is used. This article goes into more depth.