从远程主机访问OpenShift转发的端口 [英] Access OpenShift forwarded ports from remote host
问题描述
我想使用端口转发连接到在OpenShift(3.9)内运行的PostgreSQL(9.6)集群,如
I would like to connect to a PostgreSQL (9.6) cluster that runs inside OpenShift (3.9) using port forwarding as described here. To this end I set up and sanity-check port forwarding on a jump host (outside the OpenShift cluster) like this:
oc port-forward $pod 5432:5432
netstat -ln | grep 5432 # "tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN"
psql -U postgres -h localhost # OK
psql -U postgres -h $(hostname -i) # error: "connection refused"
因此,似乎端口转发仅侦听localhost,而不侦听主机的其他IP地址.最终,我想通过另一个远程主机上的跳转主机连接到数据库,因此"localhost"将无法满足要求.
So it looks as if port forwarding listens only for localhost, but not the host's other IP address(es). Ultimately I want to connect to the database thru the jump host from another remote hosts, so `localhost' won't suffice.
如何设置(OpenShift)端口转发,使其也允许从远程主机访问转发的端口?我想Iptables(结合OpenShift端口转发)可以解决问题,但是我还不知道如何以及是否有更简单的方法. (跳转主机运行Debian 9.5.)
How can I set up (OpenShift) port forwarding in such a way that it will allow access to the forwarded port from remote hosts as well? I suppose Iptables (in combination with OpenShift port forwarding) could do the trick, but I do not yet know how and if there is a simpler approach. (The jump host runs Debian 9.5.)
更新一种将SSH隧道和OpenShift(Kubernetes)端口转发相结合的方法显然可以解决此问题.这是在下面接受的答案中提供的链接中建议的.
UPDATE An approach combining an SSH tunnel and OpenShift (Kubernetes) port forwarding apparently can solve this. This was suggested in a link provided in the accepted answer below.
在跳转主机(第一个会话)上:
on jump host (1st session):
ssh -N -L $(hostname -i):5432:localhost:5433 $(whoami)@$(hostname)
在跳转主机(第二届会议)上:
on jump host (2nd session):
oc port-forward $pod 5433:5432
在远程主机上:
psql -U postgres -h jump-host
推荐答案
您可以在在PR被合并,在上游kubernetes中发布并对该版本进行openshift更新之后,您将有一个简单的方法来实现这一目标(我想从现在起至少半年).目前,您还只能使用变通方法.
Afer the PR is merged, relased in upstream kubernetes and openshift updates to that version, you will have an easy way to achieve this (I would guess minimum half a year since now). For now you're stuck with workarounds.
这篇关于从远程主机访问OpenShift转发的端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
