Kubernetes Port Forwarding - Error listen tcp4 127.0.0.1:88: bind: permission denied

Jaf picture Jaf · Dec 14, 2018 · Viewed 12.8k times · Source

I am using minikube on my local machine. Getting this error while using kubernetes port forwarding. Can anyone help?

mjafary$ kubectl port-forward  sa-frontend 88:80

Unable to listen on port 88: All listeners failed to create with the following errors: 
Unable to create listener: Error listen tcp4 127.0.0.1:88: bind: permission denied, Unable to create listener: Error listen tcp6 [::1]:88: bind: permission denied
error: Unable to listen on any of the requested ports: [{88 80}] 

Answer

user48678 picture user48678 · Mar 6, 2019

kubectl fails to open the port 88 because it is a privileged port. All ports <1024 require special permissions.

There are many ways to solve your problem.

  • You can stick to ports >= 1024, and use for example the port 8888 instead of 88: kubectl port-forward sa-frontend 8888:80
  • You could use kubectl as root: sudo kubectl port-forward sa-frontend 88:80 (not recommended, kubectl would then look for its config as root)
  • You could grant the kubectl binary the capability to open privileged ports. This answer explains in depth how to do this.

If you want to go for the 3rd option, here is a short way of doing it:

sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/kubectl

This will let kubectl open any port while still running with the privileges of a regular user. You can check if this worked by using

sudo getcap /usr/bin/kubectl 
/usr/bin/kubectl = cap_net_bind_service+eip

Be aware that this grants the permission to whoever uses the binary. If you want finer grained permissions, use authbind.