(Kubernetes) Port forwarding from a NodePort port to a port outside its' range

I have a pod that runs on Kubernetes on a local machine (My Mac) and is defined to be accessible via nodePort 30036

  - protocol: TCP
    targetPort: 8081
    nodePort: 30036

I'd like to be able to access to this node using a port outside the ranges that were defined for nodePort usage (30000-32768). Something let's say like 8080. What are my options? Thank you!

As there is no information about the exact Kubernetes solution used, it could be hard to pinpoint the exact solution.

Assuming that there are 2 options:

• Docker Desktop with Kubernetes
• Minikube

Some solutions for them could be:

Docker Desktop with Kubernetes

Service of type LoadBalancer

Your Kubernetes cluster can use Service of type LoadBalancer and get linked to your localhost (your Mac localhost).

You can check this by running following example:

• $ kubectl create deployment nginx --image=nginx
• $ kubectl expose deployment nginx --port=80 --type=LoadBalancer
• $ kubectl get services

NAME         TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes   ClusterIP      10.96.0.1       <none>        443/TCP        10d
nginx        LoadBalancer   10.111.214.48   localhost     80:30032/TCP   77s

• curl 127.0.0.1:80 / curl kubernetes.docker.internal:80

<-- REDACTED --> 
<title>Welcome to nginx!</title>
<-- REDACTED --> 

A side note!

You can modify it further by using --port (port on your localhost) and --targetPort (port that is listening in your Pod) parameters when using $ kubectl expose ...

Change the NodePort port range

You can follow this in-depth answer that will show you how you can modify your kubeapi-server to change the NodePort port range (by logging to Docker VM):

• Stackoverflow.com: Questions: How to change the default nodeport port range on mac docker desktop

Use Ingress controller

You can also use an Ingress controller that will bind to your Mac's localhost and will allow you to use Ingress resource (it's mainly for HTTP/HTTPS but with some adjustments it can pass TCP/UDP traffic). Here you can find more information on that topic:

• Kubernetes.github.io: Ingress nginx
• Kubernetes.io: Docs: Concepts: Services networking: Ingress

Minikube

With Minikube there can be a lot of variation due to the --driver used.

Change the NodePort port range

Once again you can follow below answer to change the minikube NodePort port range:

• Stackoverflow.com: Questions: How to change the default nodeport port range on mac docker desktop

Use metallb

You can also use metallb to allocate the addresses for your Service of type LoadBalancer.

The steps to do it would be following:

• $ minikube start --driver=hyperkit
• $ minikube addons enable metallb
• $ minikube node list (notice the IP address of your minikube)
• $ minikube addons configure metallb (put the allocated range near the minikube ip like:
  • minikube ip: 192.168.64.11
  • metallb start: 192.168.64.100
  • metallb end: 192.168.64.110
• Create the workload and expose it with Service of type LoadBalancer
• $ curl SVC_EXTERNAL_IP:PORT

A side note!

--driver=hyperkit was used due to:

Because you are using a Docker driver on darwin, the terminal needs to be open to run it.

This message is related to the access of your minikube instance when using --driver=docker and it's limitations. You need to use minikube service SERVICE_NAME to access the Service (and the terminal must be running while you are at it).

A side note!

I'd reckon as a workaround measure you can also use a $ kubectl port-forward.

Additional resources:

• Kubernetes.io: Docs: Concepts: Services Networking: Service