Host.docker.internal + kubefwd (127.1.27.0/8) + nc/ncat (local<=>host) ?!

Hello World!

I use kubefwd - Kubernetes Service Forwarding to port-forward elasticsearch service from k8s and into my local Mac environment. I also inherit following versions and cannot deviate from it:

% head -1 docker-compose.override.yml
version: '2.2'
% docker-compose-v1 --version
docker-compose version 1.29.2, build 5becea4c
% docker-compose --version 
Docker Compose version v2.6.0
% 

Now, after lots of searching around I end up with following: Networking features in Docker Desktop for Mac | Docker Documentation:

Where in order to connect to the host, one needs to use “host.docker.internal”, however in my case since kubefwd mapped ports to “127.1.27.X” IP, I believe something like nc/netcat could help to close the gap between “host” and “localhost”, but I’m unable to get it to work too(

Please advise.

You can try SSH remote port forward

with the combination of host.docker.internal and host-gateway

Thank you for trying to help me, I do appreciate your time :wink:

I did try using “host.docker.internal”, unfortunately that didn’t do the trick( as kubefwd maps ports to the “127.1.27.X” IP range, which isn’t same as what host.docker.internal IP is.

So, I’m back to square zero(

Thanks!

So you don’t want to access your local machine from a Kubernetes pod, but instead you want to access a Kubernetes service from a container running on your machine on Docker Desktop.

It was not clear to me. This is why I suggested SSH remote port forwards.

Since kubefwd doesn’t do more than changing your hosts file and and forwarding ports from your host machine to Kubernetes services like kubectl port-forward, the application which wants to access those services must be on the same network as kubefwd is running on. If you run kubefwd on your host machine, then your containers must be on the host network. As Docker Desktop runs containers in a virtual machine, this is not enough. You could however run kubefwd in a container running on the host network, which means the network of the virtual machine. I just don’t know how you could mount the hosts file from the virtual machine into the kubefwd container properly, but it would better on Windows since there is no /etc/hosts on the host machine.

An other and for me is the preferred way is not changing anything in the virtual machine, since it could break the whole Docker Desktop, so I would run kubefwd in the network namespace of the container you are running on Docker Desktop.

Example compose file

services:
  kubefwd:
    image: txn2/kubefwd
    command: ...
  app:
    image: bash
    command:
     - sleep
     - inf
    init: true
    network_mode: service:kubefwd

Since kubefwd and the app container shares the same hosts file, kubefwd would probably be able to change it and since they share the same loopback interface, the local ip addresses would work.

If you have multiple containers on your machine and you don’t want to run multiple kubefwd instances, then it is much more complicated and I don’t know the answer. I don’t see how netcat could help here, but if it can, I would like to know that too :slight_smile: Although I still think that you would rather use a more secure way to forward ports like SSH forwarding.

1 Like

@rimelek thank you so much for going an extra mile with such a detailed answer) and sorry for confusion in my initial question)

omg, that’s brilliant! why didn’t I think of that?)) thanks!