The kubectl proxy command is used to create a proxy server between your machine and the Kubernetes API server. This allows direct access to the API server without needing to expose it to the internet. Let’s explore how this works with some examples.
Example 1: Start a proxy server on port 8001.
kubectl proxy --port=8001
This command starts a proxy server on port 8001. You can verify its execution by accessing http://localhost:8001/ in your web browser, which should show the Kubernetes API server’s root endpoint.
Example 2: Start a proxy server with API server address.
kubectl proxy --port=8001 --api-server=http://api-server-address:8080
Here, replace http://api-server-address:8080 with your actual API server address. After executing, navigate to http://localhost:8001/api/ to verify connectivity.
Example 3: Start a proxy server and expose metrics.
kubectl proxy --port=8001 --accept-hosts='^localhost$,^127\.0\.0\.1$' --accept-paths='^/metrics$'
This command restricts access to metrics endpoint only. Verify by accessing http://localhost:8001/metrics in your browser.
Example 4: Start a proxy server and use a specific namespace.
kubectl proxy --port=8001 --namespace=kube-system
After running this, access http://localhost:8001/api/v1/namespaces/kube-system/ to confirm the proxy is correctly set to the specified namespace.
Example 5: Start a proxy server and enable verbose logging.
kubectl proxy --port=8001 --v=10
This increases verbosity, useful for debugging. Check logs for detailed output to confirm the proxy’s operation.
Example 6: Start a proxy server and bind to a specific address.
kubectl proxy --port=8001 --address=0.0.0.0
Use http://localhost:8001/ to verify accessibility from any interface on your machine.
Example 7: Start a proxy server and limit access to specific clients.
kubectl proxy --port=8001 --accept-hosts='^client1$,^client2$'
Replace client1 and client2 with actual client names or IPs. Verify by attempting access from these clients.
Example 8: Start a proxy server and use a custom certificate authority for TLS.
kubectl proxy --port=8001 --tls-cert-file=path/to/cert.pem --tls-private-key-file=path/to/key.pem
Ensure proper paths to certificate and key files. Verify by accessing https://localhost:8001/ and checking for secure connection.
Example 9: Start a proxy server and listen on a specific address and port.
kubectl proxy --address=192.168.1.100 --port=8888
Replace 192.168.1.100 with your desired IP address. Access http://192.168.1.100:8888/ to confirm connectivity.
Example 10: Start a proxy server and specify the API server to use.
kubectl proxy --api-server=https://api-server:6443
Use your actual API server URL. Verify by accessing http://localhost:8001/ and checking for proper API responses.
Also check similar articles.
Port Forwarding in Kubernetes with kubectl port-forward
Execute Commands in Kubernetes Pods with kubectl exec
Attach to Running Containers with kubectl attach
Retrieve Container Logs Using kubectl logs
Detailed Resource Inspection with kubectl describe
Discussion about this post