Kubernetes locally via Docker: why do we need port forwarding?

Trying out Kubernetes on my mac, following this guide and using docker-toolbox, I don’t understand why I need this step:

Note: On OS/X you will need to set up port forwarding via ssh:

boot2docker ssh -L8080:localhost:8080

The api server is running with --net=host so I should be able to curl <ip-of-my-docker-machine>:8080 but I got “connection refused”. Setting up the port forwarding with ssh solve the problem, but still I don’t understand why I can’t curl directly the host. Any explanation would be great.

  • Docker Hub Update Notifications
  • Obtaining the ip address of a docker container
  • cannot access Docker remote registry
  • Docker container not exposed on network
  • docker run passing command line params as config file
  • docker container using the same volume even after running new container image
  • Which tag of Ruby Docker image should I use?
  • How to mix several python scripts into a shell script?
  • Dockerize Applications or Machines?
  • when we run the hello-world image its throws the connection refused error message
  • How to run a sbt project in docker by using sbt-docker or writing a docker file manually?
  • Jenkins run external script with docker command
  • 2 Solutions collect form web for “Kubernetes locally via Docker: why do we need port forwarding?”

    The api server only listens on localhost, not the docker-machine ip address.

    You can have the host VM forward the requests from the docker-machine ip to localhost with

    docker-machine ssh default sudo /usr/local/sbin/iptables -t nat -I PREROUTING -p tcp -d $(docker-machine ip) --dport 8080 -j DNAT --to-destination 127.0.0.1:8080
    

    On Macs docker runs inside the boot2docker virtual machine. With the --net=host option the api server is running on the VM’s host network, not your Mac’s host network. You can also ssh into the boot2docker VM without port forwarding and curl the API from there, then you just need to download the kubectl client while ssh-ed into the VM.

    You can’t curl <ip-of-my-docker-machine>:8080 because the Docker VM defaults to denying external traffic and Docker doesn’t automatically set up firewall rules to allow traffic when --net=host is used. This article goes into more depth.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.