[root@node5 ~]# kubectl proxy --helpToproxyallofthekubernetesapiandnothingelse,use:kubectlproxy--api-prefix=/Toproxyonlypartofthekubernetesapiandalsosomestaticfiles:kubectlproxy--www=/my/files--www-prefix=/static/--api-prefix=/api/Theaboveletsyou'curl localhost:8001/api/v1/pods'.Toproxytheentirekubernetesapiatadifferentroot,use:kubectlproxy--api-prefix=/custom/Theaboveletsyou'curl localhost:8001/custom/api/v1/pods'Usage:kubectlproxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix] [flags]Examples:# Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/$kubectlproxy--port=8011--www=./local/www/# Run a proxy to kubernetes apiserver on an arbitrary local port.# The chosen port for the server will be output to stdout.$kubectlproxy--port=0# Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api# This makes e.g. the pods api available at localhost:8011/k8s-api/v1/pods/$kubectlproxy--api-prefix=/k8s-apiFlags: --accept-hosts="^localhost$,^127//.0//.0//.1$,^//[::1//]$": Regular expression for hosts that the proxy should accept.
--accept-paths="^/.*":Regularexpressionforpathsthattheproxyshouldaccept. --api-prefix="/":PrefixtoservetheproxiedAPIunder. --disable-filter[=false]: If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.
-p,--port=8001:Theportonwhichtoruntheproxy.Setto0topickarandomport. --reject-methods="POST,PUT,PATCH":RegularexpressionforHTTPmethodsthattheproxyshouldreject. --reject-paths="^/api/.*/exec,^/api/.*/run":Regularexpressionforpathsthattheproxyshouldreject.-u,--unix-socket="":Unixsocketonwhichtoruntheproxy.-w,--www="":Alsoservestaticfilesfromthegivendirectoryunderthespecifiedprefix.-P,--www-prefix="/static/":Prefixtoservestaticfilesunder,ifstaticfiledirectoryisspecified.GlobalFlags:--alsologtostderr[=false]:logtostandarderroraswellasfiles --api-version="":TheAPIversiontousewhentalkingtotheserver --certificate-authority="":Pathtoacert.fileforthecertificateauthority. --client-certificate="":PathtoaclientkeyfileforTLS. --client-key="":PathtoaclientkeyfileforTLS. --cluster="":Thenameofthekubeconfigclustertouse --context="":Thenameofthekubeconfigcontexttouse --insecure-skip-tls-verify[=false]: If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.
--kubeconfig="":PathtothekubeconfigfiletouseforCLIrequests. --log-backtrace-at=:0:whenlogginghitslinefile:N,emitastacktrace --log-dir="":Ifnon-empty,writelogfilesinthisdirectory --log-flush-frequency=5s:Maximumnumberofsecondsbetweenlogflushes--logtostderr[=true]:logtostandarderrorinsteadoffiles--match-server-version[=false]:Requireserverversiontomatchclientversion --namespace="":Ifpresent,thenamespacescopeforthisCLIrequest. --password="":PasswordforbasicauthenticationtotheAPIserver.-s,--server="":TheaddressandportoftheKubernetesAPIserver --stderrthreshold=2:logsatorabovethisthresholdgotostderr --token="":BearertokenforauthenticationtotheAPIserver. --user="":Thenameofthekubeconfigusertouse --username="":UsernameforbasicauthenticationtotheAPIserver. --v=0:loglevelforVlogs --vmodule=:comma-separatedlistofpattern=Nsettingsforfile-filteredlogging
k8s API Server最主要的REST接口是资源对象的增删改查,另外还有一类特殊的REST接口—k8s Proxy API接口,这类接口的作用是代理REST请求,即kubernetes API Server把收到的REST请求转发到某个Node上的kubelet守护进程的REST端口上,由该kubelet进程负责响应。