1KUBERNETES(1) Jan 2015 KUBERNETES(1)
2
3
4
6 kubectl proxy - Run a proxy to the Kubernetes API server
7
8
9
11 kubectl proxy [OPTIONS]
12
13
14
16 Creates a proxy server or application-level gateway between localhost
17 and the Kubernetes API Server. It also allows serving static content
18 over specified HTTP path. All incoming data enters through one port and
19 gets forwarded to the remote kubernetes API Server port, except for the
20 path matching the static content path.
21
22
23
25 --accept-hosts="^localhost$,^127\.0\.0\.1$,^\[::1\]$"
26 Regular expression for hosts that the proxy should accept.
27
28
29 --accept-paths="^.*"
30 Regular expression for paths that the proxy should accept.
31
32
33 --address="127.0.0.1"
34 The IP address on which to serve on.
35
36
37 --api-prefix="/"
38 Prefix to serve the proxied API under.
39
40
41 --disable-filter=false
42 If true, disable request filtering in the proxy. This is dangerous,
43 and can leave you vulnerable to XSRF attacks, when used with an acces‐
44 sible port.
45
46
47 --keepalive=0s
48 keepalive specifies the keep-alive period for an active network
49 connection. Set to 0 to disable keepalive.
50
51
52 -p, --port=8001
53 The port on which to run the proxy. Set to 0 to pick a random port.
54
55
56 --reject-methods="^$"
57 Regular expression for HTTP methods that the proxy should reject
58 (example --reject-methods='POST,PUT,PATCH').
59
60
61 --reject-paths="^/api/./pods/./exec,^/api/./pods/./attach"
62 Regular expression for paths that the proxy should reject. Paths
63 specified here will be rejected even accepted by --accept-paths.
64
65
66 -u, --unix-socket=""
67 Unix socket on which to run the proxy.
68
69
70 -w, --www=""
71 Also serve static files from the given directory under the speci‐
72 fied prefix.
73
74
75 -P, --www-prefix="/static/"
76 Prefix to serve static files under, if static file directory is
77 specified.
78
79
80
82 --allow-verification-with-non-compliant-keys=false
83 Allow a SignatureVerifier to use keys which are technically
84 non-compliant with RFC6962.
85
86
87 --alsologtostderr=false
88 log to standard error as well as files
89
90
91 --application-metrics-count-limit=100
92 Max number of application metrics to store (per container)
93
94
95 --as=""
96 Username to impersonate for the operation
97
98
99 --as-group=[]
100 Group to impersonate for the operation, this flag can be repeated
101 to specify multiple groups.
102
103
104 --azure-container-registry-config=""
105 Path to the file containing Azure container registry configuration
106 information.
107
108
109 --boot-id-file="/proc/sys/kernel/random/boot_id"
110 Comma-separated list of files to check for boot-id. Use the first
111 one that exists.
112
113
114 --cache-dir="/builddir/.kube/http-cache"
115 Default HTTP cache directory
116
117
118 --certificate-authority=""
119 Path to a cert file for the certificate authority
120
121
122 --client-certificate=""
123 Path to a client certificate file for TLS
124
125
126 --client-key=""
127 Path to a client key file for TLS
128
129
130 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
131 CIDRs opened in GCE firewall for LB traffic proxy health checks
132
133
134 --cluster=""
135 The name of the kubeconfig cluster to use
136
137
138 --container-hints="/etc/cadvisor/container_hints.json"
139 location of the container hints file
140
141
142 --containerd="unix:///var/run/containerd.sock"
143 containerd endpoint
144
145
146 --context=""
147 The name of the kubeconfig context to use
148
149
150 --default-not-ready-toleration-seconds=300
151 Indicates the tolerationSeconds of the toleration for
152 notReady:NoExecute that is added by default to every pod that does not
153 already have such a toleration.
154
155
156 --default-unreachable-toleration-seconds=300
157 Indicates the tolerationSeconds of the toleration for unreach‐
158 able:NoExecute that is added by default to every pod that does not
159 already have such a toleration.
160
161
162 --docker="unix:///var/run/docker.sock"
163 docker endpoint
164
165
166 --docker-env-metadata-whitelist=""
167 a comma-separated list of environment variable keys that needs to
168 be collected for docker containers
169
170
171 --docker-only=false
172 Only report docker containers in addition to root stats
173
174
175 --docker-root="/var/lib/docker"
176 DEPRECATED: docker root is read from docker info (this is a fall‐
177 back, default: /var/lib/docker)
178
179
180 --docker-tls=false
181 use TLS to connect to docker
182
183
184 --docker-tls-ca="ca.pem"
185 path to trusted CA
186
187
188 --docker-tls-cert="cert.pem"
189 path to client certificate
190
191
192 --docker-tls-key="key.pem"
193 path to private key
194
195
196 --enable-load-reader=false
197 Whether to enable cpu load reader
198
199
200 --event-storage-age-limit="default=0"
201 Max length of time for which to store events (per type). Value is a
202 comma separated list of key values, where the keys are event types
203 (e.g.: creation, oom) or "default" and the value is a duration. Default
204 is applied to all non-specified event types
205
206
207 --event-storage-event-limit="default=0"
208 Max number of events to store (per type). Value is a comma sepa‐
209 rated list of key values, where the keys are event types (e.g.: cre‐
210 ation, oom) or "default" and the value is an integer. Default is
211 applied to all non-specified event types
212
213
214 --global-housekeeping-interval=1m0s
215 Interval between global housekeepings
216
217
218 --google-json-key=""
219 The Google Cloud Platform Service Account JSON Key to use for
220 authentication.
221
222
223 --housekeeping-interval=10s
224 Interval between container housekeepings
225
226
227 --insecure-skip-tls-verify=false
228 If true, the server's certificate will not be checked for validity.
229 This will make your HTTPS connections insecure
230
231
232 --kubeconfig=""
233 Path to the kubeconfig file to use for CLI requests.
234
235
236 --log-backtrace-at=:0
237 when logging hits line file:N, emit a stack trace
238
239
240 --log-cadvisor-usage=false
241 Whether to log the usage of the cAdvisor container
242
243
244 --log-dir=""
245 If non-empty, write log files in this directory
246
247
248 --log-flush-frequency=5s
249 Maximum number of seconds between log flushes
250
251
252 --logtostderr=true
253 log to standard error instead of files
254
255
256 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
257 Comma-separated list of files to check for machine-id. Use the
258 first one that exists.
259
260
261 --match-server-version=false
262 Require server version to match client version
263
264
265 --mesos-agent="127.0.0.1:5051"
266 Mesos agent address
267
268
269 --mesos-agent-timeout=10s
270 Mesos agent timeout
271
272
273 -n, --namespace=""
274 If present, the namespace scope for this CLI request
275
276
277 --request-timeout="0"
278 The length of time to wait before giving up on a single server
279 request. Non-zero values should contain a corresponding time unit (e.g.
280 1s, 2m, 3h). A value of zero means don't timeout requests.
281
282
283 -s, --server=""
284 The address and port of the Kubernetes API server
285
286
287 --stderrthreshold=2
288 logs at or above this threshold go to stderr
289
290
291 --storage-driver-buffer-duration=1m0s
292 Writes in the storage driver will be buffered for this duration,
293 and committed to the non memory backends as a single transaction
294
295
296 --storage-driver-db="cadvisor"
297 database name
298
299
300 --storage-driver-host="localhost:8086"
301 database host:port
302
303
304 --storage-driver-password="root"
305 database password
306
307
308 --storage-driver-secure=false
309 use secure connection with database
310
311
312 --storage-driver-table="stats"
313 table name
314
315
316 --storage-driver-user="root"
317 database username
318
319
320 --token=""
321 Bearer token for authentication to the API server
322
323
324 --user=""
325 The name of the kubeconfig user to use
326
327
328 -v, --v=0
329 log level for V logs
330
331
332 --version=false
333 Print version information and quit
334
335
336 --vmodule=
337 comma-separated list of pattern=N settings for file-filtered log‐
338 ging
339
340
341
343 # To proxy all of the kubernetes api and nothing else, use:
344
345 $ kubectl proxy --api-prefix=/
346
347 # To proxy only part of the kubernetes api and also some static files:
348
349 $ kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/
350
351 # The above lets you 'curl localhost:8001/api/v1/pods'.
352
353 # To proxy the entire kubernetes api at a different root, use:
354
355 $ kubectl proxy --api-prefix=/custom/
356
357 # The above lets you 'curl localhost:8001/custom/api/v1/pods'
358
359 # Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/
360 kubectl proxy --port=8011 --www=./local/www/
361
362 # Run a proxy to kubernetes apiserver on an arbitrary local port.
363 # The chosen port for the server will be output to stdout.
364 kubectl proxy --port=0
365
366 # Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api
367 # This makes e.g. the pods api available at localhost:8001/k8s-api/v1/pods/
368 kubectl proxy --api-prefix=/k8s-api
369
370
371
372
374 kubectl(1),
375
376
377
379 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
380 com) based on the kubernetes source material, but hopefully they have
381 been automatically generated since!
382
383
384
385Eric Paris kubernetes User Manuals KUBERNETES(1)