Kubernetes. HTTPS API return `Unauthorized`

Question

Kubernetes API request curl https://192.168.0.139 --cacert /home/mongeo/ku-certs/ca.pem return Unauthorized

Request curl localhost:8080 worked good.

My kube-proxy and kube-apiserver standart (coreos+k8s tutorial)

How do I get data on HTTPS?

Answer 1

Did you specify --token-auth-file=<file> and/or --basic-auth-file=<otherfile> or one of the other authentication modes? I don't know that https endpoint will work without one of these (maybe it should, but it doesn't, apparently). Check out https://kubernetes.io/docs/admin/authentication/

Answer 2

Hi this is what I did for token,

1. Find address Server Api

   • open /etc/kubernetes/kubelet.conf

     example: server: https://10.1.32.120:6443

2. Find token

   • open /etc/kubernetes/pki/tokens.csv

     example: 4c95a1a22d19b20811,kubeadm-node-csr,07ccbf35-e206-11e6-ab8f-0010184e550e,system:kubelet-bootstrap

3. In this case the token is 4c95a1a22d19b20811
4. If use postman, add header Authorization: Bearer 4c95a1a22d19b20811

Answer 3

A simple way to access the Kubernetes API from an external network is to create an SSH tunnel, e.g.

ssh -L 9000:localhost:8080 [email protected]

This will forward connection from your local port 9000 to localhost:8080 on your server.

As long as the SSH tunnel is open, you can query the API on port 9000 of your machine.