221 words
1 minute
kubectl proxy
kubectl proxy
Learned about this today as a way of accessing the Kubernetes REST API.
Assuming you have kubectl setup and authorized against a cluster (I’m using DigitalOcean K8S) you can start a localhost proxy for talking to the API server in the cluster like this:
kubectl proxy --port 9000This starts a proxy running on localhost port 9000 which can be used to make authenticated API calls to the cluster. The authentication wrapper (which I think defaults to client certificates) is added automatically, so you can just hit http://localhost:9000/ using curl.
curl localhost:9000{ "paths": [ "/.well-known/openid-configuration", "/api", "/api/v1", "/apis", "/apis/", "/apis/admissionregistration.k8s.io", "/apis/admissionregistration.k8s.io/v1", "/apis/admissionregistration.k8s.io/v1beta1", "/apis/apiextensions.k8s.io",...Absolutely everything in Kubernetes is exposed via the API. Hitting the homepage, as above, shows a list of API paths. Then you can do things like this:
% # List nodes in the cluster% curl localhost:9000/api/v1/nodes{ "kind": "NodeList", "apiVersion": "v1", "metadata": { "resourceVersion": "18429049" }, "items": [ { "metadata": { "name": "..."
% # List pods (effectively containers) in the cluster:% curl localhost:9000/api/v1/pods{ "kind": "PodList", "apiVersion": "v1", "metadata": { "resourceVersion": "18429226" }, "items": [ { "metadata": { "name": "alpaca-prod", "namespace": "default", "uid": "50b03bf7-c46d-4ebb-ab93-df089940fa9c", "resourceVersion": "1207774", "creationTimestamp": "2021-10-31T21:18:08Z", "labels": {
% # Show Kubernetes version% curl localhost:9000/version{ "major": "1", "minor": "21", "gitVersion": "v1.21.5", "gitCommit": "aea7bbadd2fc0cd689de94a54e5b7b758869d691", "gitTreeState": "clean", "buildDate": "2021-09-15T21:04:16Z", "goVersion": "go1.16.8", "compiler": "gc", "platform": "linux/amd64"} kubectl proxy
https://mranv.pages.dev/posts/kubectl-proxy/