Port forwarding for embedded cluster


#1

Besides the admin console, our application also sets up some other port forwardings to some services, but it seems that those port forwardings are not automatically set up when we use the script for the embedded cluster. Any idea on how to fix this?


#2

We don’t set this up automatically, but you can do so by creating a nodePort service like this that has an annotation of kots.io/when: "{{repl IsKurl}}". That way the application will be exposed on the host like kotsadm is in a kurl cluster.


#3

Thanks! We are using the ports here https://kots.io/reference/v1beta1/application/#ports, are they supposed to be set up automatically?
I find that if you do kubectl kots admin-console, these port forwardings are set up, but if you run the embedded cluster script, only the admin console is set up but those ports are not.


#4

We intentionally do not automatically set those ports up as we can’t be sure that they’re secure and authenticated - if a kurl install is visible to the entire VPC, that may not be acceptable. Exposing a port on the device of someone with appropriate kubectl access is much safer in that regard.


#5

I see, thanks! This is very helpful!