Building a Continuous Deployment Pipeline Using LKE (Part 5): Accessing Internal Services

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.

Slide deck: Cloud Native Continuous Deployment with GitLab, Helm, and Linode Kubernetes Engine: Accessing internal services (Slide #93)

Accessing Internal Services

It’s often necessary to access internal services within the Kubernetes cluster without exposing them to the public internet. This part covers accomplishing that through using both kubectl proxy and kubectl port-forward.

Presentation Text

Here’s a copy of the text contained within this section of the presentation. A link to the source file can be found within each slide of the presentation. Some formatting may have been changed.

Accessing internal services

  • How can we temporarily access a service without exposing it to everyone?
  • kubectl proxy: gives us access to the API, which includes a proxy for HTTP resources
  • kubectl port-forward: allows forwarding of TCP ports to arbitrary pods, services, …

kubectl proxy in theory

  • Running kubectl proxy gives us access to the entire Kubernetes API
  • The API includes routes to proxy HTTP traffic
  • These routes look like the following: /api/v1/namespaces/<namespace>/services/<service>/proxy
  • We just add the URI to the end of the request, for instance: /api/v1/namespaces/<namespace>/services/<service>/proxy/index.html
  • We can access services and pods this way

kubectl proxy in practice

  • Let’s access the web service through kubectl proxy
  • Run an API proxy in the background: kubectl proxy &
  • Access the web service: curl localhost:8001/api/v1/namespaces/default/services/web/proxy/
  • Terminate the proxy: kill %1

kubectl port-forward in theory

  • What if we want to access a TCP service?
  • We can use kubectl port-forward instead
  • It will create a TCP relay to forward connections to a specific port (of a pod, service, deployment…)
  • The syntax is: kubectl port-forward service/name_of_service local_port:remote_port
  • If only one port number is specified, it is used for both local and remote ports

kubectl port-forward in practice

  • Let’s access our remote NGINX server
  • Forward connections from local port 1234 to remote port 80: kubectl port-forward svc/web 1234:80 &
  • Connect to the NGINX server: curl localhost:1234
  • Terminate the port forwarder: kill %1

This page was originally published on


Your Feedback Is Important

Let us know if this guide was helpful to you.


Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.