Run a proxy to the Kubernetes API server
To proxy all of the Kubernetes api and nothing else, use:
$ kubectl proxy --api-prefix=/
To proxy only part of the Kubernetes api and also some static files:
$ kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/
The above lets you ‘curl localhost:8001/api/v1/pods’.
To proxy the entire Kubernetes api at a different root, use:
$ kubectl proxy --api-prefix=/custom/
The above lets you curl localhost:8001/custom/api/v1/pods
kubectl proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix]
# Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/
kubectl proxy --port=8011 --www=./local/www/
# Run a proxy to kubernetes apiserver on an arbitrary local port.
# The chosen port for the server will be output to stdout.
kubectl proxy --port=0
# Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api
# This makes e.g. the pods api available at localhost:8011/k8s-api/v1/pods/
kubectl proxy --api-prefix=/k8s-api
--accept-hosts string Regular expression for hosts that the proxy should accept. (default "^localhost$,^127\.0\.0\.1$,^\[::1\]$")
--accept-paths string Regular expression for paths that the proxy should accept. (default "^/.*")
--address string The IP address on which to serve on. (default "127.0.0.1")
--api-prefix string Prefix to serve the proxied API under. (default "/")
--disable-filter If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.
-p, --port int The port on which to run the proxy. Set to 0 to pick a random port. (default 8001)
--reject-methods string Regular expression for HTTP methods that the proxy should reject. (default "POST,PUT,PATCH")
--reject-paths string Regular expression for paths that the proxy should reject. (default "^/api/.*/pods/.*/exec,^/api/.*/pods/.*/attach")
-u, --unix-socket string Unix socket on which to run the proxy.
-w, --www string Also serve static files from the given directory under the specified prefix.
-P, --www-prefix string Prefix to serve static files under, if static file directory is specified. (default "/static/")
--alsologtostderr log to standard error as well as files
--as string Username to impersonate for the operation
--certificate-authority string Path to a cert. file for the certificate authority
--client-certificate string Path to a client certificate file for TLS
--client-key string Path to a client key file for TLS
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
--log-backtrace-at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log-dir string If non-empty, write log files in this directory
--logtostderr log to standard error instead of files
--match-server-version Require server version to match client version
-n, --namespace string If present, the namespace scope for this CLI request
--password string Password for basic authentication to the API server
--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-s, --server string The address and port of the Kubernetes API server
--stderrthreshold severity logs at or above this threshold go to stderr (default 2)
--token string Bearer token for authentication to the API server
--user string The name of the kubeconfig user to use
--username string Username for basic authentication to the API server
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging