问题
I would like to connect to a PostgreSQL (9.6) cluster that runs inside OpenShift (3.9) using port forwarding as described here. To this end I set up and sanity-check port forwarding on a jump host (outside the OpenShift cluster) like this:
oc port-forward $pod 5432:5432
netstat -ln | grep 5432 # "tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN"
psql -U postgres -h localhost # OK
psql -U postgres -h $(hostname -i) # error: "connection refused"
So it looks as if port forwarding listens only for localhost, but not the host's other IP address(es). Ultimately I want to connect to the database thru the jump host from another remote hosts, so `localhost' won't suffice.
How can I set up (OpenShift) port forwarding in such a way that it will allow access to the forwarded port from remote hosts as well? I suppose Iptables (in combination with OpenShift port forwarding) could do the trick, but I do not yet know how and if there is a simpler approach. (The jump host runs Debian 9.5.)
UPDATE An approach combining an SSH tunnel and OpenShift (Kubernetes) port forwarding apparently can solve this. This was suggested in a link provided in the accepted answer below.
on jump host (1st session):
ssh -N -L $(hostname -i):5432:localhost:5433 $(whoami)@$(hostname)
on jump host (2nd session):
oc port-forward $pod 5433:5432
on remote host:
psql -U postgres -h jump-host
回答1:
you can find decent discussion on port-forward listen addresses and few temporary solutions on https://github.com/kubernetes/kubernetes/issues/43962 and https://github.com/kubernetes/kubernetes/pull/46517.
Afer the PR is merged, relased in upstream kubernetes and openshift updates to that version, you will have an easy way to achieve this (I would guess minimum half a year since now). For now you're stuck with workarounds.
回答2:
Personally I think the port-forward allowed only local access[0], so there is not simpler way than you said. Even if the remote access can be enable, but you should configure the iptables for allowing 5432 port on the node. So if you wish to access to a Pod from remote, you should use the Route or Service like communication between Pods.
[0] Port Forwarding
You can use the CLI to forward one or more local ports to a pod. This allows you to listen on a given or random port locally, and have data forwarded to and from given ports in the pod.
来源:https://stackoverflow.com/questions/52607821/access-openshift-forwarded-ports-from-remote-host