Proxying traffic to services

Proxying traffic to services

Connecting to Services

Motivation

Not all Services running a Kubernetes cluster are exposed externally. However Services only exposed internally to a cluster with a clusterIp are accessible through an apiserver proxy.

Users may use Proxy to connect to Kubernetes Services in a cluster that are not externally exposed.

Note: Services running a type LoadBalancer or type NodePort may be exposed externally and accessed without the need for a Proxy.

Connecting to an internal Service

Connect to a internal Service using the Proxy command, and the Service Proxy url.

To visit the nginx service go to the Proxy URL at http://127.0.0.1:8001/api/v1/namespaces/default/services/nginx/proxy/

kubectl proxy

Starting to serve on 127.0.0.1:8001
curl http://127.0.0.1:8001/api/v1/namespaces/default/services/nginx/proxy/

Builtin Cluster Services

A common usecase is to connect to Services running as part of the cluster itself. A user can print out these Services and their Proxy Urls with kubectl cluster-info.

kubectl cluster-info

Kubernetes master is running at https://104.197.5.247
GLBCDefaultBackend is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Metrics-server is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/https:metrics-server:/proxy

Last modified September 30, 2020: SIG CLI docs - guide changes (d705a6d1)