windows host + vagrant + kubectl port-forward: stuck inside vagrant

Asked 20/4, 2018 at 11:47 Answered 1/5, 2019 at 14:2

kubernetes vagrant kubectl vagrant-windows

I am using a windows laptop where a vagrant box is installed, where I have a kubectl client that manages some external kubernetes cluster.

For debugging purposes I would like to do a port-forwarding via kubectl and access this port from the host machine. This works perfectly from inside vagrant to the kubernetes cluster, but obviously something doesn't work in conjunction with the vagrant port forwarding from host to vagrant.

Here my setup:

Port-Forwarding in Vagrant:

config.vm.network "forwarded_port", guest: 8080, host: 8080, auto_correct:false
start nginx container in kubernetes:

kubectl run -i -t --image nginx test
forward port to localhost (inside vagrant):

kubectl port-forward test-64585bfbd4-zxpsd 8080:80

test nginx running inside vagrant-box:

vagrant@csbox:~$ curl http://localhost:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Works.

Now going a level up - on the windows host:

PS U:\> Invoke-WebRequest http://localhost:8080

Invoke-WebRequest : The underlying connection was closed: An unexpected error occurred on a receive.
At line:1 char:1
+ Invoke-WebRequest http://localhost:8080
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation:     (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Works Not.

From my understanding - just looking at the port forwardings everything should be okay. Do you have any ideas why this doesn't work like expected?

Attack answered 20/4, 2018 at 11:47 Comment(3)

All things being equal, you would want kubectl port-forward test-64585bfbd4-zxpsd 8080:80 to run on windows, not try to jump through so many forwarding processes. That said, it's very likely the due to the fact that kubectl port-forward is binding to 127.0.0.1 and thus vagrant cannot port-forward to it. If you are determined to use that approach, likely some iptables wizardry in the vagrant box would bridge that localhost port to the wider world – Love 21/4, 2018 at 2:12

make sure your nginx config binds port to 0.0.0.0 not localhost. If you do not want to mess up with all the port forwarding piece, just use a static IP from vagrant – Jerid 22/4, 2018 at 19:0

Please accept an answer if it helped you. Several commenters have indicated a solution below has resolved their issue, as it has mine. – Erythrocyte 12/5, 2021 at 1:14

By default, kubectl port-forward binds to the address 127.0.0.1. That's why you are not able to access it outside vagrant. The solution is to make kubectl port-forward to bind to 0.0.0.0 using the argument --address 0.0.0.0

Running the command:

kubectl port-forward test-64585bfbd4-zxpsd --address 0.0.0.0 8080:80

will solve your issue.

Valvulitis answered 1/5, 2019 at 14:2 Comment(1)

This should be the accepted answer.. .worked fine for me. – Popp 16/5, 2019 at 22:19

kubectl port-forward binds to 127.0.0.1 and doesn't allow you to define a bind address. The traffic from your Windows host machine hits the main network interface of your Vagrant VM and therefore, this doesn't work. You can fix the issue by routing traffic from the Vagrant VM's main network interface to the loopback interface using iptables: `

Forward traffic from your vagrant VM's main network interface to 127.0.0.1 (replace $PORT with the port you're forwarding):
$ $ iptables -t nat -I PREROUTING -p tcp --dport $PORT -j DNAT --to-destination 127.0.0.1:$PORT
Look up the name of your Vagrant VM's main network interface:
$ ifconfig enp0s3 Link encap:Ethernet HWaddr 02:38:b8:f5:60:7e inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::38:b8ff:fef5:607e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1106 errors:0 dropped:0 overruns:0 frame:0 TX packets:736 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:423190 (423.1 KB) TX bytes:80704 (80.7 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
As forwarding traffic to the loopback interface is disabled per default, enable forwarding to the loopback interface (replace $MAIN_NETWORK_INTERFACE_NAME with the interface name, in the example above enp0s3):
sysctl -w net.ipv4.conf.$MAIN_NETWORK_INTERFACE_NAME.route_localnet=1

Micropaleontology answered 27/9, 2018 at 5:53 Comment(1)

You can define the bind address using the flag --address – Valvulitis 1/5, 2019 at 14:3

Recommended topics

Hot tags