When deploying your applications to Kubernetes, sometimes you might need to access cluster-internal services without exposing them to the general public. Maybe an API endpoint is behaving strangely, or you need to collect locally-stored metrics: Whatever problem you're encountering, tunneling into your cluster will allow you to send requests against internal services and gather more details about the situation.
Although kubectl allows you to forward ports to provisioned pods or create a proxy layer to the api server component, it's not as straightforward as you would hope for it to be. And this is where kubefwd comes in, allowing you to create a proxy layer to all services of a chosen cluster namespace, almost like a VPN.
It gets as simple as installing kubefwd using your method of choice and running
sudo kubefwd svc -n "Your Namespace"
Example: Accessing Kubernetes Dashboard
Let's say we've got a deployment of Kubernetes Dashboard set up already and want to access it without having to
use kubectl proxy
. With kubefwd, all we have to do would be to execute the following command
$ sudo kubefwd svc -n kube-system -l k8s-app=kubernetes-dashboard
_ _ __ _
| | ___ _| |__ ___ / _|_ ____| |
| |/ / | | | '_ \ / _ \ |_\ \ /\ / / _ |
| <| |_| | |_) | __/ _|\ V V / (_| |
|_|\_\\__,_|_.__/ \___|_| \_/\_/ \__,_|
Version 1.8.2
https://github.com/txn2/kubefwd
Press [Ctrl-C] to stop forwarding.
Loaded hosts file /etc/hosts
Forwarding: kubernetes-dashboard:443 to pod kubernetes-dashboard:8443
After this is running, you can head over to your browser of choice and navigate to https://kubernetes-dashboard
,
that's it! We've now forwarded all services of the kube-system
namespace (filtered by the label k8s-app=kubernetes-dashboard
)
to our local machine and accessed the dashboard running cluster-internally.
If you want to learn more about provisioning Kubernetes Dashboard, you could read on with my dedicated post.