Introducing Autopilot, an AI coding assistant
gradient
How to use Kubectl Proxy

How to use Kubectl Proxy

Sep 8, 2022
3 min read

Kubernetes is among the most popular container orchestration frameworks on the market today. It enables you to deploy containerized applications in clusters and scale them as needed. Most Kubernetes users rely on kubectl, an open-source CLI, to interact with their Kubernetes setup.

This guide will show you how to use the kubectl proxy command to communicate with your cluster’s API server without having to pass through authentication and authorization every time.

What is Kubectl Proxy?

A Kubernetes cluster is designed to be isolated from external access by default. Services in the cluster can easily make requests of other services in the cluster, but for an external service to communicate with the cluster resources, it needs to pass through authentication and authorization steps. This ensures that no external entity can access or modify your cluster’s internal resources.

To expose internal services, you can add or create type: NodePort or type: LoadBalancer. But what if you want to access the resources through your development environment? What if you want to ping a server hosted in your Kubernetes cluster from your laptop to test whether it returns the correct response?

Typically, you’d generate a token to communicate with the Kubernetes API server and attach it to every request you send to your cluster. However, this is a very cumbersome process. And if you have multiple local processes that need to send requests to the cluster, it gets more complicated.

The kubectl proxy command makes this process more convenient while maintaining the secure architecture of Kubernetes clusters. It creates a communication channel between your local machine and your Kubernetes API server by reading the cluster configuration and credentials from your kube-config file. You can then use the local port exposed by kubectl to relay requests to your cluster without having to provide security credentials with each request.

How does Kubectl Proxy work?

Here’s how you can use the kubectl proxy command:

bash

You’ll receive a similar output:

bash

A proxy has been started, and now you can directly access the Kubernetes API by sending requests to http://127.0.0.1:8080/api. Here’s a curl command to fetch the details of a pod named “nginx”:

bash

Exploring Kubectl Proxy in detail

The kubectl proxy command offers a few options:

  • address: This option helps you to change the IP address of the exposed proxy. Its default value is 127.0.0.1 (i.e. localhost)
bash
  • port: You’ve already seen this in the example command we used above. It enables you to choose which port the proxy will be exposed from. If you do not provide this option, port 8001 will be used for exposing the proxy.
bash
  • api-prefix: This option allows you to add a prefix to the API route for the Kubernetes API server.
bash

Alternatives to Kubectl Proxy

If kubectl proxy does not meet your requirements, there are a few alternatives that might come in handy:

  • hostNetwork: If you want to expose the applications in a pod to all devices connected to your host network, you can set hostNetwork: true for them. However, each pod may be shut down and restarted in a different node. This can change its base IP address, so it might not be the best solution for you. This solution is useful only when a direct connection to the host network is needed.
  • hostPort: This option is applicable to containers only. You can expose an individual container’s port on the host IP address by adding hostPort: 8080 to the container node in your pod’s definition. This method, however, has the same shortcoming as the previous one — on each restart of the pod, the base IP address might change, so you can’t rely on it for longer durations. Ales Nosek does a great job of explaining these two options on his blog.
  • NodePort: This is another method you can use to expose services from your K8s cluster. Creating a service of type: NodePort and setting a nodePort value for it opens up the set port on all nodes of the cluster for public access. Any requests received by the ports are forwarded directly to the service. You can read more about it here.

Final thoughts

You’ll often need to access the Kubernetes API on your cluster from your dev machine. The kubectl proxy command is meant to help you do just that as simply as possible. In this guide, we demonstrated how to use the command and shared some alternative methods.

If you're looking to easily access and manage your Kubernetes cluster in a maintenance-free platform, try using Airplane. With Airplane, you can quickly build internal tools from REST API calls, SQL queries, Python scripts, Javascript functions, and more. When combined with Airplane Views, these scripts can function as fully-functional dashboards, admin panels, database monitoring UIs, and more.

Sign up for free or book a demo to get started and build your first powerful internal tool within minutes.

Share this article:
Kumar Harsh
Kumar is a software developer and technical author. He has written for a number of software companies including LogRocket and Career Karma.

Subscribe to new blog posts from Airplane.