问题
Kubernetes API request curl https://192.168.0.139 --cacert /home/mongeo/ku-certs/ca.pem return Unauthorized
Request curl localhost:8080 worked good.
My kube-proxy and kube-apiserver standart (coreos+k8s tutorial)
How do I get data on HTTPS?
回答1:
Did you specify --token-auth-file=<file> and/or --basic-auth-file=<otherfile> or one of the other authentication modes? I don't know that https endpoint will work without one of these (maybe it should, but it doesn't, apparently). Check out https://kubernetes.io/docs/admin/authentication/
回答2:
Hi this is what I did for token,
Find address Server Api
open
/etc/kubernetes/kubelet.confexample:
server: https://10.1.32.120:6443
Find token
open
/etc/kubernetes/pki/tokens.csvexample:
4c95a1a22d19b20811,kubeadm-node-csr,07ccbf35-e206-11e6-ab8f-0010184e550e,system:kubelet-bootstrap
- In this case the token is
4c95a1a22d19b20811 - If use postman, add header
Authorization: Bearer 4c95a1a22d19b20811
回答3:
A simple way to access the Kubernetes API from an external network is to create an SSH tunnel, e.g.
ssh -L 9000:localhost:8080 roto@master.node
This will forward connection from your local port 9000 to localhost:8080 on your server.
As long as the SSH tunnel is open, you can query the API on port 9000 of your machine.
回答4:
There are several ways to authenticate in the API. Simplest way for you to get authorized is to send Authentication header with "bearer TOKEN_VALUE" value. You can look at Kubernetes API configuration on your server to look up defined tokens. The header can be sent with http request using web browser extension.
回答5:
finally, i figured this out:
lincai@pdbuddy:~/blackbox$ curl -v --cacert ./ca.pem --key ./admin-key.pem --cert ./admin.pem https://xxxx/api/v1/
* Hostname was NOT found in DNS cache
>
< HTTP/1.1 200 OK
回答6:
curl https://192.168.0.139 —key ./admin-key.pem —cert ./admin.pem —cacert ./ca.pem
来源:https://stackoverflow.com/questions/34306082/kubernetes-https-api-return-unauthorized