kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update socks5-proxy-access-api.md 

If using `localhost` instead of <API_SERVER_IP_ADRESS>, you get a certificate error:
```
kubectl get pods
I0520 16:29:08.178277   41261 versioner.go:58] Get https://localhost:6443/version?timeout=5s: dial tcp 127.0.0.1:6443: connect: connection refused
Unable to connect to the server: x509: certificate is valid for ccqserv225, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, not localhost
```

Please also note that I have a warning message if I unset the `https_proxy` env variable:
```
 ⚙ kubectl get pods 
I0520 16:35:27.955076   43865 versioner.go:56] Remote kubernetes server unreachable
NAME                     READY   STATUS    RESTARTS   AGE
hub-54c6457f66-vlq2l     1/1     Running   0          4h27m
proxy-7b5b8dfb9d-dxrkz   1/1     Running   0          4h27m
# Whereas with the https_proxy variable:
 ⚙ export https_proxy=socks5://localhost:1080     
 ⚙ kubectl get pods                          
NAME                     READY   STATUS    RESTARTS   AGE
hub-54c6457f66-vlq2l     1/1     Running   0          4h28m
proxy-7b5b8dfb9d-dxrkz   1/1     Running   0          4h28m
```
Any idea is welcome here.
This commit is contained in:
Fabrice Jammes 2022-05-20 16:38:22 +02:00 committed by GitHub
parent a5907b3e72
commit 34140f1087
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
content/en/docs/tasks/extend-kubernetes/socks5-proxy-access-api.md
View File

@ -87,14 +87,14 @@ When you set the `https_proxy` variable, tools such as `curl` route HTTPS traffi
you configured. For this to work, the tool must support SOCKS5 proxying.
{{< note >}}
In the URL https://localhost/api, `localhost` does not refer to your local client computer.
In the URL https://localhost:6443/api, `localhost` does not refer to your local client computer.
Instead, it refers to the endpoint on the remote server knows as `localhost`.
The `curl` tool sends the hostname from the HTTPS URL over SOCKS, and the remote server
resolves that locally (to an address that belongs to its loopback interface).
{{</ note >}}
```shell
curl -k -v https://localhost/api
curl -k -v https://localhost:6443/api
```
To use the official Kubernetes client `kubectl` with a proxy, set the `proxy-url` element
@ -105,7 +105,7 @@ apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LRMEMMW2 # shortened for readability
server: https://localhost # the "Kubernetes API" in the diagram above
server: https://<API_SERVER_IP_ADRESS>:6443 # the "Kubernetes API" server, i.e. IP adress of kubernetes-remote-server.example
proxy-url: socks5://localhost:1080 # the "SSH SOCKS5 proxy" in the diagram above (DNS resolution over socks is built-in)
name: default
contexts:
@ -142,4 +142,4 @@ Type `unset https_proxy` in a terminal to stop forwarding http traffic through t
## Further reading
* [OpenSSH remote login client](https://man.openbsd.org/ssh)
* [OpenSSH remote login client](https://man.openbsd.org/ssh)