kubectl proxy
and kubectl port-forwarding
look similar and sometimes confusing to me, I'm wondering about their differences and their own use cases.
As mentioned in "How kubectl port-forward
works?"
kubectl port-forward
forwards connections to a local port to a port on a pod.Compared to
kubectl proxy
,kubectl port-forward
is more generic as it can forward TCP traffic whilekubectl proxy
can only forward HTTP traffic.
As an example, see "Kubernetes port forwarding simple like never before" from Alex Barashkov:
Port forwarding mostly used for the purpose of getting access to internal cluster resources and debugging.
How does it work?
Generally speaking, using port forwarding you could get on your ‘localhost’ any services launched in your cluster.
For example, if you have Redis installed in the cluster on 6379, by using a command like this:
kubectl port-forward redis-master-765d459796-258hz 7000:6379
you could forward Redis from the cluster to localhost:7000, access it locally and do whatever you want to do with it.
For a limited HTTP access, see kubectl proxy, and, as an example, "On Securing the Kubernetes Dashboard" from Joe Beda:
The easiest and most common way to access the cluster is through kubectl proxy. This creates a local web server that securely proxies data to the dashboard through the Kubernetes API server.
As shown in "A Step-By-Step Guide To Install & Use Kubernetes Dashboard" from Awanish:
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
Accessing Dashboard using the kubectl
kubectl proxy
It will proxy server between your machine and Kubernetes API server.
Now, to view the dashboard in the browser, navigate to the following address in the browser of your Master VM:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/