The Kubelet handles port forward requests from clients. Upon receiving a request, it upgrades the response and waits for the client to create port forwarding streams. When it receives a new stream, it copies data between the stream and the pod’s port.
Architecturally, there are options for forwarding to a pod’s port. The supported
implementation currently in OKD invokes
nsenter directly on the
node host to enter the pod’s network namespace, then invokes
socat to copy
data between the stream and the pod’s port. However, a custom implementation
could include running a "helper" pod that then runs
that those binaries are not required to be installed on the host.