kubectl port-forward 使用

[root@VM-74-100-centos ~]# kubectl port-forward -h
Forward one or more local ports to a pod. This command requires the node to have 'socat' installed.

 Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.

 If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends
when the selected pod terminates, and rerun of the command is needed to resume forwarding.

Examples:
  # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod
  kubectl port-forward pod/mypod 5000 6000
  
  # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the
deployment
  kubectl port-forward deployment/mydeployment 5000 6000
  
  # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the service
  kubectl port-forward service/myservice 5000 6000
  
  # Listen on port 8888 locally, forwarding to 5000 in the pod
  kubectl port-forward pod/mypod 8888:5000
  
  # Listen on port 8888 on all addresses, forwarding to 5000 in the pod
  kubectl port-forward --address 0.0.0.0 pod/mypod 8888:5000
  
  # Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod
  kubectl port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000
  
  # Listen on a random port locally, forwarding to 5000 in the pod
  kubectl port-forward pod/mypod :5000

Options:
      --address=[localhost]: Addresses to listen on (comma separated). Only accepts IP addresses or localhost as a
value. When localhost is supplied, kubectl will try to bind on both 127.0.0.1 and ::1 and will fail if neither of these
addresses are available to bind.
      --pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one
pod is running

Usage:
  kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N]

[root@VM-74-100-centos ~]# kubectl port-forward --address 0.0.0.0  -n xxx  pod/tipmp.tools.sensitivefile.deploy-bb86d455f-2nkjf 8080:25273
Forwarding from 0.0.0.0:8080 -> 25273
Handling connection for 8080

telnet 11.11.11.100 8080

E0813 11:55:25.713491 1522266 portforward.go:400] an error occurred forwarding 8080 -> 25273: error forwarding port 25273 to pod b020d51d8787f69734c7f344c8843fb7fdfefa5cb3fe9325f88b7348ed9894b7, uid : exit status 1: 2021/08/13 11:55:25 socat[1522469] E connect(3, AF=2 127.0.0.1:25273, 16): Connection refused

Hello @sstubbs, thanks for reporting this issue. This is a known limitation due to the way kubectl port-forward works. port-forward setups a socat proxy that binds to 127.0.0.1:remote_port inside the pod. In the case of our chart, the client interface is not bound to 127.0.0.1 inside the pod (it is bound the to pod IP instead).

To work around this, one option would be to change the helm chart to bind to 0.0.0.0:5433 at https://github.com/yugabyte/charts/blob/master/stable/yugabyte/templates/service.yaml#L290. If you make that change in a local helm chart, that should get your port-forward workflow unblocked.

We are going to consider making this change in our helm chart by default too.

Edit: relevant issue on k8s: kubernetes/kubernetes#72597

[root@VM-74-100-centos ~]# kubectl exec -it  -n xxx    tipmp.tools.sensitivefile.deploy-bb86d455f-2nkjf -- netstat -antp | grep 25273
tcp        0      0 9.9.9.117:25273     0.0.0.0:*               LISTEN      20/./tipmp.tools.se 

# yum install nmap-ncat
# ncat --sh-exec "ncat 9.9.9.117 25273" -l 8080  // 把本地8080端口转发到 ip的25273端口上

# kubectl port-forward --address 0.0.0.0  -n xxx  pod/tipmp.tools.sensitivefile.deploy-bb86d455f-2nkjf 8080:8080