Difference between kubectl port-forwarding and proxy

10/13/2019

kubectl proxy and kubectl port-forwarding look similar and sometimes confusing to me, I'm wondering about their differences and their own use cases.

-- Dagang
kubernetes

1 Answer

10/13/2019

As mentioned in "How kubectl port-forward works?"

kubectl port-forward forwards connections to a local port to a port on a pod.

Compared to kubectl proxy, kubectl port-forward is more generic as it can forward TCP traffic while kubectl proxy can only forward HTTP traffic.

As an example, see "Kubernetes port forwarding simple like never before" from Alex Barashkov:

Port forwarding mostly used for the purpose of getting access to internal cluster resources and debugging.

How does it work?

Generally speaking, using port forwarding you could get on your ‘localhost’ any services launched in your cluster.
For example, if you have Redis installed in the cluster on 6379, by using a command like this:

kubectl port-forward redis-master-765d459796-258hz 7000:6379

you could forward Redis from the cluster to localhost:7000, access it locally and do whatever you want to do with it.

For a limited HTTP access, see kubectl proxy, and, as an example, "On Securing the Kubernetes Dashboard" from Joe Beda:

The easiest and most common way to access the cluster is through kubectl proxy. This creates a local web server that securely proxies data to the dashboard through the Kubernetes API server.

As shown in "A Step-By-Step Guide To Install & Use Kubernetes Dashboard" from Awanish:

kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

Accessing Dashboard using the kubectl

kubectl proxy

It will proxy server between your machine and Kubernetes API server.

Now, to view the dashboard in the browser, navigate to the following address in the browser of your Master VM:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
-- VonC
Source: StackOverflow