Kubernetes locally via Docker: why do we need port forwarding?

Trying out Kubernetes on my mac, following this guide and using docker-toolbox, I don’t understand why I need this step:

Note: On OS/X you will need to set up port forwarding via ssh:

boot2docker ssh -L8080:localhost:8080

The api server is running with --net=host so I should be able to curl <ip-of-my-docker-machine>:8080 but I got “connection refused”. Setting up the port forwarding with ssh solve the problem, but still I don’t understand why I can’t curl directly the host. Any explanation would be great.

  • How do symlinks in a host volume work in Docker containers?
  • CrashLoopBackOff when args are added in Kubernetes
  • Docker failed to build on Openstack
  • Understanding chroot
  • Docker Swarm - get services by secret
  • Can I access the host (OS X) filesystem from the boot2docker VM?
  • Docker ERROR: Volume specifies nonexistent driver inmemory
  • How do I set the configuration of the port 8000 on nginx with docker?
  • Port Forwarding in docker across containers
  • Run two docker compose with same static ip on a host
  • Docker image with Maven fails to run
  • asp-net 1.0, Docker and Kubernetes
  • 2 Solutions collect form web for “Kubernetes locally via Docker: why do we need port forwarding?”

    The api server only listens on localhost, not the docker-machine ip address.

    You can have the host VM forward the requests from the docker-machine ip to localhost with

    docker-machine ssh default sudo /usr/local/sbin/iptables -t nat -I PREROUTING -p tcp -d $(docker-machine ip) --dport 8080 -j DNAT --to-destination

    On Macs docker runs inside the boot2docker virtual machine. With the --net=host option the api server is running on the VM’s host network, not your Mac’s host network. You can also ssh into the boot2docker VM without port forwarding and curl the API from there, then you just need to download the kubectl client while ssh-ed into the VM.

    You can’t curl <ip-of-my-docker-machine>:8080 because the Docker VM defaults to denying external traffic and Docker doesn’t automatically set up firewall rules to allow traffic when --net=host is used. This article goes into more depth.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.