Drill: Use Port-Forward to Test Services and Pods

Goal

Use kubectl port-forward to directly access pods and services for debugging without exposing them externally.

Setup

• kubectl configured with cluster access
• A running pod or service to test

Commands

Port-forward to a specific pod:

kubectl port-forward pod/<pod-name> 8080:80 -n <namespace>

Port-forward to a service:

kubectl port-forward svc/<service-name> 8080:80 -n <namespace>

Forward to a deployment (picks a pod automatically):

kubectl port-forward deployment/<deploy-name> 8080:80 -n <namespace>

Use a random local port:

kubectl port-forward pod/<pod-name> :80 -n <namespace>

Forward multiple ports:

kubectl port-forward pod/<pod-name> 8080:80 8443:443 -n <namespace>

Listen on all interfaces (not just localhost):

kubectl port-forward --address 0.0.0.0 pod/<pod-name> 8080:80 -n <namespace>

Test from another terminal once forwarding is active:

curl http://localhost:8080/health
curl -v http://localhost:8080/

What to Look For

• If port-forward succeeds but curl fails, the issue is inside the container
• If port-forward fails, check pod status and container port configuration
• Compare service port-forward vs pod port-forward to test service routing
• Port-forward bypasses ingress, service mesh, and network policies

Common Mistakes

• Forgetting that port-forward bypasses service mesh and network policies (not a production test)
• Not checking that the container actually listens on the specified port
• Running port-forward in the foreground and losing it when the terminal closes
• Confusing local port (left of colon) with remote port (right of colon)

Cleanup

Stop the port-forward with Ctrl+C. No cluster-side cleanup needed.