OpenShift takes advantage of a feature built into Kubernetes to support port forwarding to pods. This is implemented using HTTP along with a multiplexed streaming protocol such as SPDY or HTTP/2.
Developers can use the cli to port forward to a pod. The cli listens on each local port specified by the user, forwarding via the described protocol.
The Kubelet handles port forward requests from clients. Upon receiving a request, it upgrades the response and waits for the client to create port forwarding streams. When it receives a new stream, it copies data between the stream and the pod’s port.
Architecturally, there are options for forwarding to a pod’s
port. The supported implementation currently in OpenShift invokes nsenter
directly on the node host to enter the pod’s network namespace, then invokes
socat
to copy data between the stream and the pod’s port. However, a custom implementation could include running a "helper" pod that then runs
nsenter
and socat
, so that those binaries are not required to be installed on the host.