LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@qiita2021user(Qiita 2021)

OpenShift - oc command Tips - port-forward

Last updated at Posted at 2024-11-25

OpenShift の様々な操作で使用する oc コマンドの port-forward をご紹介します。

port-forward

oc port-forward は SSH Port Forwarding と同様の機能を実現します。

$ oc port-forward --help
Forward one or more local ports to a pod.

 Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.

 If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends
when the selected pod terminates, and a rerun of the command is needed to resume forwarding.

Examples:
  # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod
  oc port-forward pod/mypod 5000 6000

  # Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the
deployment
  oc port-forward deployment/mydeployment 5000 6000

  # Listen on port 8443 locally, forwarding to the targetPort of the service's port named "https" in a pod selected by
the service
  oc port-forward service/myservice 8443:https

  # Listen on port 8888 locally, forwarding to 5000 in the pod
  oc port-forward pod/mypod 8888:5000

  # Listen on port 8888 on all addresses, forwarding to 5000 in the pod
  oc port-forward --address 0.0.0.0 pod/mypod 8888:5000

  # Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod
  oc port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000

  # Listen on a random port locally, forwarding to 5000 in the pod
  oc port-forward pod/mypod :5000

Options:
    --address=[localhost]:
        Addresses to listen on (comma separated). Only accepts IP addresses or localhost as a value. When localhost is
        supplied, kubectl will try to bind on both 127.0.0.1 and ::1 and will fail if neither of these addresses are
        available to bind.

    --pod-running-timeout=1m0s:
        The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one pod is running

Usage:
  oc port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N]

Use "oc options" for a list of global command-line options (applies to all commands).

OCP Image Registry via port-forward

ここでは、OCP Image Registry の確認に使用してみます。

クラスタ外部からの OCP Image Registry へのアクセス状況を curl コマンド等で確認したい場合、OCP Image Registry の設定を変更する必要があります。

oc port-forward を使用する事で、上記の設定を行わずに確認してみます。

OCP Image Registry の Service / Route を確認します。Route が存在しないことから、クラスタ外部からアクセスできないことが分かります。

$ oc project -q
openshift-image-registry

$ oc get svc
NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE
image-registry            ClusterIP   172.30.71.156   <none>        5000/TCP    34d
image-registry-operator   ClusterIP   None            <none>        60000/TCP   34d

$ oc get route
No resources found in openshift-image-registry namespace.

$ oc get configs.imageregistry.operator.openshift.io/cluster -o jsonpath='{.spec.defaultRoute}{"\n"}'

$

oc port-forward を実行します。ここでは localhost:7777svc/image-registry:5000 にフォワードしてみます。

$ oc port-forward svc/image-registry 7777:5000 &
[1] 457820
$ Forwarding from 127.0.0.1:7777 -> 5000

ここで oc port-forward は、指定された svc/image-registry から Pod の一覧を取得し、そのうちの1つの Pod に、以下の API で接続します。

Pod Proxy Operations

Create Connect Portforward
connect POST requests to portforward of Pod
HTTP Request
POST /api/v1/namespaces/{namespace}/pods/{name}/portforward

curl コマンドで localhost:7777 経由で OCP Image Registry にアクセスしてみます。

$ curl -I -skL -H "Authorization: Bearer $(oc whoami -t)" https://localhost:7777/v2/
Handling connection for 7777
HTTP/2 200
content-type: application/json
docker-distribution-api-version: registry/2.0
x-registry-supports-signatures: 1
content-length: 2
date: Fri, 22 Nov 2024 03:49:40 GMT

Registry V2 Catalog を取得してみます。

$ curl -skL -H "Authorization: Bearer $(oc whoami -t)" https://localhost:7777/v2/_catalog | jq -r .
Handling connection for 7777
{
  "repositories": [
    "openshift/java",
    "openshift/java-runtime",
~中略~
    "openshift/ubi8-openjdk-11",
    "openshift/ubi8-openjdk-11-runtime",
    "openshift/ubi8-openjdk-17",
    "openshift/ubi8-openjdk-17-runtime",
    "openshift/ubi8-openjdk-21",
    "openshift/ubi8-openjdk-21-runtime",
    "openshift/ubi8-openjdk-8",
    "openshift/ubi8-openjdk-8-runtime"
  ]
}

openshift/ubi8-openjdk-11 の Tag 一覧を取得してみます。

$ curl -skL -H "Authorization: Bearer $(oc whoami -t)" https://localhost:7777/v2/openshift/ubi8-openjdk-11/tags/list | jq -rc .
Handling connection for 7777
{"name":"openshift/ubi8-openjdk-11","tags":["1.10","1.13","1.15","1.18","1.3","1.11","1.12","1.14","1.16","1.17"]}

これは、以下の ImageStreamImageStreamTag に対応しています。

$ oc get is ubi8-openjdk-11 -n openshift
NAME              IMAGE REPOSITORY                                                             TAGS                                                  UPDATED
ubi8-openjdk-11   image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11   1.10,1.11,1.12,1.13,1.14,1.15,1.16,1.17 + 2 more...   4 weeks ago

$ oc get istag -n openshift | grep "^ubi8-openjdk-11:"
ubi8-openjdk-11:1.18              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:b85cbdbc289752c91ac7f468cffef916fe9ab01865f3e32cfcc44ccdd633b168              4 weeks ago
ubi8-openjdk-11:1.10              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:e851770fd181ef49193111f7afcdbf872ad23f3a8234e0e07a742c4ca2882c3d              4 weeks ago
ubi8-openjdk-11:1.11              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:ce5c0becf829aca80734b4caf3ab6b76cb00f7d78f4e39fb136636a764dea7f6              4 weeks ago
ubi8-openjdk-11:1.13              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:868224c3b7c309b9e04003af70a5563af8e4c662f0c53f2a7606e0573c9fad85              4 weeks ago
ubi8-openjdk-11:1.15              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:9036a59a8275f9c205ef5fc674f38c0495275a1a7912029f9a784406bb00b1f5              4 weeks ago
ubi8-openjdk-11:1.16              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:425e2c7c355bea32be238aa2c7bdd363b6ab3709412bdf095efe28a8f6c07d84              4 weeks ago
ubi8-openjdk-11:1.17              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:67fee4b64b269f5666a1051d806635b675903ef56d07b7cc019d3d59ff1aa97c              4 weeks ago
ubi8-openjdk-11:1.12              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:3f00540ce2a3a01d2a147a7d73825fe78697be213a050bd09edae36266d6bc40              4 weeks ago
ubi8-openjdk-11:1.14              image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:0669a28577b41bb05c67492ef18a1d48a299ac54d1500df8f9f8f760ce4be24b              4 weeks ago
ubi8-openjdk-11:1.3               image-registry.openshift-image-registry.svc:5000/openshift/ubi8-openjdk-11@sha256:663eb81388ae8f824e7920c272f6d2e2274cf6c140d61416607261cdce9d50e2              4 weeks ago

以上のように、oc port-forward を使用することで設定変更なしで簡単に確認する事ができます。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?