Is kubectl port-forward encrypted?

kubectl port-forward uses socat to make an encrypted TLS tunnel with port forwarding capabilities. The tunnel goes from you to the kube api-server to the pod so it may actually be 2 tunnels with the kube api-server acting as a pseudo router.

An example of where I've found it useful was that I was doing a quick PoC of a Jenkins Pipeline hosted on Azure Kubernetes Service and earlier in my Kubernetes studies I didn't know how to setup an Ingress, but I could reach the Server via port 80 unencrypted, but I knew my traffic could be snooped on. So I just did kubectl port-forward to temporarily login and securely to debug my POC. Also really helpful with RabbitMQ Cluster hosted on Kubernetes, you can go into the management webpage with kubectl port-forward and make sure that it's clustering the way you wanted it to.


As far as I know when you port-forward the port of choice to your machine kubectl connects to one of the masters of your cluster so yes, normally communication is encrypted. How your master communicate to the pod though is dependent on how you set up internal comms.

Tags:

Kubernetes

Kubernetes Security

Related

react button onClick redirect page XDebug on port 9000 with a virtual machine - EADDRINUSE :::9000 Does this error message mean I can use pattern matching in for loops? addEventListener on a querySelectorAll() with classList How to Keep Usage of Terraform aws_security_group DRY WebDriverException: unknown error: DevToolsActivePort file doesn't exist while trying to initiate Chrome Browser TypeScript: How to write a function with conditional return type Multer: upload different file types in different folders Angular Material v6 Mat-Footer - "Cannot read property 'template' of undefined" "code ." command doesn't work to open Visual Studio Code operator from mac terminal Sonar 7.x LTS release schedule AspNet.Core, IdentityServer 4: Unauthorized (401) during websocket handshake with SignalR 1.0 using JWT bearer token

Recent Posts