Kubernetes Port Forwarding - Error listen tcp4 127.0.0.1:88: bind: permission denied
I am using minikube on my local machine. Getting this error while using kubernetes port forwarding. Can anyone help?
mjafary$ kubectl port-forward sa-frontend 88:80
Unable to listen on port 88: All listeners failed to create with the following errors:
Unable to create listener: Error listen tcp4 127.0.0.1:88: bind: permission denied, Unable to create listener: Error listen tcp6 [::1]:88: bind: permission denied
error: Unable to listen on any of the requested ports: [{88 80}]
Answer
kubectl fails to open the port 88 because it is a privileged port. All ports <1024 require special permissions.
There are many ways to solve your problem.
- You can stick to ports >= 1024, and use for example the port 8888 instead of 88:
kubectl port-forward sa-frontend 8888:80 - You could use
kubectlas root:sudo kubectl port-forward sa-frontend 88:80(not recommended, kubectl would then look for its config as root) - You could grant the
kubectlbinary the capability to open privileged ports. This answer explains in depth how to do this.
If you want to go for the 3rd option, here is a short way of doing it:
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/bin/kubectl
This will let kubectl open any port while still running with the privileges of a regular user. You can check if this worked by using
sudo getcap /usr/bin/kubectl
/usr/bin/kubectl = cap_net_bind_service+eip
Be aware that this grants the permission to whoever uses the binary. If you want finer grained permissions, use authbind.