Kubectl Port Forward: What is Port Forwarding and How Does it Work?

By Twain Taylor
August 18, 2022

Using Kubectl port forward allows you to quickly access your Kubernetes clusters directly from your local computer. This article will help you understand how exactly kubectl port forward works.

Related posts

The GitOps Guide to Building & Managing Internal Platforms

Going Cloud Native: 6 essential things you need to know

Monitoring Your Kubernetes Infrastructure with Prometheus

Port forwarding is the practice of directing data traffic from the outside world to access a device or network within your private system. In other words, it facilitates a service in a private network to connect with other public or private network services or systems. One classic example of port forwarding is the automated telephony system, IVR (Interactive Voice Response). In this case, you are an outside system attempting to access a customer service agent within an organization. The IVR system plays the role of a router to connect you with the appropriate attendant, and this process is known as port-forward.

Port-forward enables you to maneuver through the firewall to route the selected traffic to a server within the internal network. You can do this by assigning the requests you want to allow a predetermined IP address. This process, also known as port mapping, helps you block unwelcome traffic from accessing your network by adding extra layers of security.

You can apply a similar concept to manage Kubernetes clusters through the command-line tool Kubectl.

What is kubectl Port Forwarding?

You will often come across instances where you need to access Kubernetes clusters privately without opening up the application to the general public. It is usually to retrieve metrics to review the cluster health and tackle any issues arising.

Accessing the Kubernetes cluster through a virtual machine is quite tricky. Some of the processes to allow external requests to Kubernetes workloads include creating ingresses and services like load balancers. However, these procedures put your applications at risk by exposing them to unwanted external traffic. Port forwarding, meanwhile, allows you to avoid this by evaluating your clusters locally.

Kubectl port-forward is a method to access, interact and manage internal Kubernetes clusters directly from your local network. This method is popularly used to investigate issues concerning your applications.

Kubectl is a command-line tool that is used to run commands and control Kubernetes clusters. It uses Kubernetes APIs to pass on the commands to the cluster’s control plane. In short, with Kubectl you can perform almost any function in your Kubernetes ecosystem.

    LIVE WEBINAR: Securing Your Apps & Service Mesh Entities With Tetrate & GitOps

    August 24, we're partnering with Tetrate for a live demo showcasing how to fail-proof your dev workflows with GitOps, Policies and Tetrate Service Bridge.

    Sign up

    How Do I Port-Forward in kubectl?

    Kubernetes’ in-built CLI tool kubectl enables you to access a service for an application by assigning an IP address to establish the connection with the requests coming from outside the network. Kubectl looks into the local host disputes to pick a designated local port for the remote connection. Since it probes the issues within the cluster, the port-forwarding command is majorly used to test or debug the application.

    Let’s briefly look at how port-forwarding works concerning Kubernetes.

    What is Kubernetes Port Forwarding?

    Kubernetes automates the end-to-end orchestration functions, which accelerated its adoption. Since it follows a declarative philosophy, you don’t have to worry about all the steps that go into achieving the desired results you declared. Kubernetes takes care of it. Port-forwarding, however, can’t be automated. This is because you have to access the pod you want to connect to manually. Also, you have to repeat the process when you want to connect with another pod within the Kubernetes cluster.

    But with Kubernetes’ command-line tool, you can execute port-forwarding with a simple command ‘kubectl port-forward.' Kubectl establishes a proxy, which directs all the traffic from a local port to a port associated with the pod you want to approach. With this, you can interact with your clusters directly from your local computer without exposing Services.

    To successfully execute port-forwarding in Kubernetes, you need to have fully configured kubectl installed, and you need to be connected to the relevant Kubernetes cluster. Then, you can follow the below steps:

    1. Run the port-forward command specifying the Pod name and port number that should receive the traffic.

    2. The Kubernetes API server establishes a single HTTP connection between your machine and the resource running on your cluster.

    3. Now you can directly communicate with a specific pod to diagnose an issue or to conduct debugging.

    4. You can disconnect port forwarding by pressing CTRL+C, and it will cancel the kubectl command immediately.

    What Port Does kubectl Use?

    Kubectl’s port-forward command builds a private route between the target pod and your local machine based on the details you share. You will have to provide details like the type or name of the resource, and port numbers both local and remote.

    It looks something like this:

    kubectl port-forward TYPE/NAME [options] LOCAL_PORT:REMOTE_PORT

    Ideally, the pod details you provide should be as accurate as possible to ensure a connection with the right pod. Otherwise, the command will pick a pod at random. To avoid this, you can retrieve the exact pod name through the command:

    kubectl -n yournamespace get pods

    It gives the names of all pods within that namespace, and you can pick your target pod.

    Learn more about Kubectl and how you can manually update Kubernetes workloads here.

    What is kubefwd?

    While Kubectl port-forward is just one of the many functions that the tool can execute, Kubefwd is rather specific. It is a command-line service to forward multiple Kubernetes services within a namespace. Kubefwd simplifies application development by allowing you to work on services locally similar to how you would from within a Pod in the same namespace.

    An application written in Go, Kubefwd allows you to develop applications locally without the need to make any alterations to remote clusters. All you need is Kubectl installed and running to access Kubernetes clusters. You can forward services from a particular namespace through a simple command: sudo kubefwd services -n “Your Namespace”.


    Port-forwarding is a very beneficial feature to access your Kubernetes applications locally, mitigating the risk of exposure. An easy way to access Pods, port-forwarding allows you to secure the Kubernetes ecosystem debugging, accessibility tests, and other evaluations. Although Kubectl is a principal tool to manage Kubernetes, the port-forwarding capability is ideally suited for debugging than for local development. Kubefwd, meanwhile, was designed to solve this problem.

    Weaveworks provides continuous delivery solutions for application teams and helps teams automate Kubernetes with GitOps. Learn more about Weave GitOps or Request a Demo to talk to one of our experts.

    Related posts

    The GitOps Guide to Building & Managing Internal Platforms

    Going Cloud Native: 6 essential things you need to know

    Monitoring Your Kubernetes Infrastructure with Prometheus

    Whitepaper: Production-Ready Kubernetes: What It Means and How to Achieve It.

    Download this white paper and find out what production ready means, the cultural changes you need to make on your team

    Download Now