Asking for help? Comment out what you need so we can get more information to help you!
Kubernetes version: v1.17
Cloud being used: (put bare-metal if not on a public cloud)
CNI and version:
CRI and version:
I am researching on whether there is security concern with Kubernetes port forwarding and common or best practice with it. Would you someone share thoughts? Thanks.
Below are my thought. Please correct me or provide information. Thanks.
I think port forwarding is a common practice, and as long as the localhost to which the pod port is forwarding is safe -in internal network behind firewall – should be fine.
Also, it seems the tunnel/route for access is(also questions here):
- localhost:localport → api server (through http or https? how to enable https here or mechanic to security security)
- from api server → Kubelet? (this should be common route, so no concern here?)