Kubernetes locally via Docker: why do we need port forwarding?

Trying out Kubernetes on my mac, following this guide and using docker-toolbox, I don’t understand why I need this step:

Note: On OS/X you will need to set up port forwarding via ssh:

boot2docker ssh -L8080:localhost:8080

The api server is running with --net=host so I should be able to curl <ip-of-my-docker-machine>:8080 but I got “connection refused”. Setting up the port forwarding with ssh solve the problem, but still I don’t understand why I can’t curl directly the host. Any explanation would be great.

  • how to clear cache memory inside docker container
  • Is there a way to discover other containers on a docker network using DNS?
  • How to populate a Mysql docker container during build of another container?
  • How do i wait for a db container to be up before my spring-boot app starts
  • How to remove data from docker volume?
  • how to run two microservices on same network?
  • Rewriting URL path with Nginx, no redirect
  • Sharing a configuration file to multiple docker containers
  • what does VOLUME command do in Dockerfile?
  • Docker compose error with docker-engine version
  • Docker and Magento permission issues
  • Docker maven plugin NullPointerException
  • 2 Solutions collect form web for “Kubernetes locally via Docker: why do we need port forwarding?”

    The api server only listens on localhost, not the docker-machine ip address.

    You can have the host VM forward the requests from the docker-machine ip to localhost with

    docker-machine ssh default sudo /usr/local/sbin/iptables -t nat -I PREROUTING -p tcp -d $(docker-machine ip) --dport 8080 -j DNAT --to-destination 127.0.0.1:8080
    

    On Macs docker runs inside the boot2docker virtual machine. With the --net=host option the api server is running on the VM’s host network, not your Mac’s host network. You can also ssh into the boot2docker VM without port forwarding and curl the API from there, then you just need to download the kubectl client while ssh-ed into the VM.

    You can’t curl <ip-of-my-docker-machine>:8080 because the Docker VM defaults to denying external traffic and Docker doesn’t automatically set up firewall rules to allow traffic when --net=host is used. This article goes into more depth.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.