search by tags

for the user

adventures into the land of the command line

connecting to an internal k8s service

say you have a thing in k8s with a service. let’s say, it’s a rabbitmq thing, that has a rabbitmq management console. and let’s say you have a service for that thing:

service.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: rabbitmq-management
  namespace: {{ .Release.Namespace }}
  labels:
    env: {{ .Release.Namespace }}
    role: message_bus
    app: rabbitmq
spec:
  ports:
  - port: 15672
    name: http
  selector:
    app: rabbitmq
  type: NodePort

this service is only available internally to the kubernetes cluster. so how do we view the rabbitmq management console dashboard in our browser?

there are two ways:

ONE - kubectl port-forward

add a route to the k8s cluster:

sudo route -n add -net /24

find the pod you want to connect to:

kubectl get pods -n my-groovy-namespace | grep rabbitmq
rabbitmq-7bcf6fb7d8-l2cds                                    1/1       Running            0          6d
rabbitmq-7bcf6fb7d8-q5xzp                                    1/1       Running            0          6d

forward the port with kubectl:

kubectl port-forward rabbitmq-7bcf6fb7d8-l2cds 15672:15672 -n my-groovy-namespace
Forwarding from 127.0.0.1:15672 -> 15672

navigate to 127.0.0.1:15672 in your browser

you’ll see this in your terminal as long as the process is running:

Handling connection for 15672
Handling connection for 15672
Handling connection for 15672

once you ctrl+c from the process, the port is no longer forwarded and you cannot view the management console anymore.

TWO - ssh tunnel with localforward

in your .ssh/config file:

Host myk8scluster
  HostKeyAlias myk8scluster
  HostName
  Port 22
  User myuser
  IdentityFile ~/.ssh/
  # kubernetes dashboard
  LocalForward 30974 10.231.2.4:30974
  # rabbitmq management console
  LocalForward 15001 10.244.0.116:15672

navigate to 127.0.0.1:15001 in your browser

you will be able to view the rabbitmq management console as long as the ssh connection to the k8s server stays open.