How to Use kubectl port-forward for Secure Application Access in Kubernetes

cicubeteam

CiCube

Posted on October 3, 2024

How to Use kubectl port-forward for Secure Application Access in Kubernetes


cicube.io

Introduction

In Kubernetes, services are typically isolated within clusters, making it challenging to directly access internal applications during development or debugging. Port forwarding offers a convenient way to connect a local port to a specific port on a pod running in the cluster, allowing access to internal services like databases without exposing them publicly. This technique is invaluable for debugging, testing APIs, or inspecting services.

Prerequisites

Before we dive into the details of using kubectl port-forward, ensure the following:

  • You have a Kubernetes cluster (v1.10 or later).
  • The kubectl command-line tool is configured for your cluster.
  • PostgreSQL client installed on your local machine.

Example: Connecting to a PostgreSQL Server in Kubernetes

Let’s assume you have a PostgreSQL server running in your Kubernetes cluster, and you need to connect to it from your local machine for debugging or testing purposes.

1. Create a PostgreSQL Deployment:

To create a deployment for PostgreSQL, you can use a YAML file, or simply run:

kubectl apply -f https://k8s.io/examples/application/postgresql/postgres-deployment.yaml
Enter fullscreen mode Exit fullscreen mode

2. Check Pod Status:

Ensure the PostgreSQL pod is running:

kubectl get pods
Enter fullscreen mode Exit fullscreen mode

3. Expose the PostgreSQL Service:

Create a service to expose PostgreSQL on the cluster network:

kubectl apply -f https://k8s.io/examples/application/postgresql/postgres-service.yaml
Enter fullscreen mode Exit fullscreen mode

Monitoring GitHub Actions Workflows

CICube is a GitHub Actions monitoring tool that provides you with detailed insights into your workflows to further optimize your CI/CD pipeline. With CICube, you will be able to track your workflow runs, understand where the bottlenecks are, and tease out the best from your build times. Go to cicube.io now and create a free account to better optimize your GitHub Actions workflows!

CICube GitHub Actions Workflow Duration Monitoring


Check the service status:

kubectl get service postgres
Enter fullscreen mode Exit fullscreen mode

4. Forward the Local Port:

Now, use kubectl port-forward to forward your local machine’s port to the PostgreSQL pod’s port (5432 is PostgreSQL’s default port):

kubectl port-forward service/postgres 5433:5432
Enter fullscreen mode Exit fullscreen mode

This command forwards your local port 5433 to the PostgreSQL service's 5432 port inside the cluster, enabling you to access PostgreSQL locally.

5. Connect to PostgreSQL:

Once the port is forwarded, use your local PostgreSQL client to connect:

psql -h localhost -p 5433 -U <your-username> -d <your-database>
Enter fullscreen mode Exit fullscreen mode

6. Run a Simple Query:

Verify the connection by running a simple SQL query, such as:

SELECT version();
Enter fullscreen mode Exit fullscreen mode

How Does kubectl port-forward Work?

This is done by executing the kubectl port-forward command through the Kubernetes API server, which establishes a secure tunnel between your local machine and the Kubernetes pod. It ensures that traffic to the local port is forwarded securely to the correct pod's port so you can work with services inside the cluster as if they were running locally.

Use Cases for kubectl port-forward

  • Debugging Applications: Access applications running in pods for debugging without external exposure.
  • Database Access: Inspect or manipulate databases like PostgreSQL directly from your local machine.
  • Testing Web Applications: Forward ports to view web applications running in Kubernetes pods locally.
  • API Testing: Forward API ports to test and interact with internal services from your local machine.

Best Practices

  • Production Use: A connection should not be forwarded in a production environment unless the connection is secured.
  • Limit Exposure: Always bind to localhost unless there is a need to provide exposure of services externally.
  • Use Secure Authentication: secure sensitive services, such as databases, with strong authentication.

Conclusion

kubectl port-forward is an essential tool for developers and DevOps engineers when working with Kubernetes clusters. It provides an easy and secure way to access internal services like PostgreSQL, without needing to expose them publicly. Whether you’re debugging, testing APIs, or accessing databases, port forwarding allows you to interact with services as if they were running locally. While highly useful during development, it should be used cautiously in production environments to avoid unintended exposure. By following best practices, you can leverage kubectl port-forward to enhance your workflow and streamline access to cluster resources.

💖 💪 🙅 🚩
cicubeteam
CiCube

Posted on October 3, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related