1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7
9 kubectl proxy - Run a proxy to the Kubernetes API server
10
11
12
14 kubectl proxy [OPTIONS]
15
16
17
19 Creates a proxy server or application-level gateway between localhost
20 and the Kubernetes API Server. It also allows serving static content
21 over specified HTTP path. All incoming data enters through one port and
22 gets forwarded to the remote kubernetes API Server port, except for the
23 path matching the static content path.
24
25
26
28 --accept-hosts="^localhost$,^127\.0\.0\.1$,^\[::1\]$" Regular ex‐
29 pression for hosts that the proxy should accept.
30
31
32 --accept-paths="^.*" Regular expression for paths that the proxy
33 should accept.
34
35
36 --address="127.0.0.1" The IP address on which to serve on.
37
38
39 --api-prefix="/" Prefix to serve the proxied API under.
40
41
42 --disable-filter=false If true, disable request filtering in the
43 proxy. This is dangerous, and can leave you vulnerable to XSRF attacks,
44 when used with an accessible port.
45
46
47 --keepalive=0s keepalive specifies the keep-alive period for an
48 active network connection. Set to 0 to disable keepalive.
49
50
51 -p, --port=8001 The port on which to run the proxy. Set to 0 to
52 pick a random port.
53
54
55 --reject-methods="^$" Regular expression for HTTP methods that the
56 proxy should reject (example --reject-methods='POST,PUT,PATCH').
57
58
59 --reject-paths="^/api/./pods/./exec,^/api/./pods/./attach" Regular
60 expression for paths that the proxy should reject. Paths specified here
61 will be rejected even accepted by --accept-paths.
62
63
64 -u, --unix-socket="" Unix socket on which to run the proxy.
65
66
67 -w, --www="" Also serve static files from the given directory un‐
68 der the specified prefix.
69
70
71 -P, --www-prefix="/static/" Prefix to serve static files under, if
72 static file directory is specified.
73
74
75
77 --add-dir-header=false If true, adds the file directory to the
78 header of the log messages
79
80
81 --alsologtostderr=false log to standard error as well as files
82
83
84 --application-metrics-count-limit=100 Max number of application
85 metrics to store (per container)
86
87
88 --as="" Username to impersonate for the operation
89
90
91 --as-group=[] Group to impersonate for the operation, this flag
92 can be repeated to specify multiple groups.
93
94
95 --azure-container-registry-config="" Path to the file containing
96 Azure container registry configuration information.
97
98
99 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
100 list of files to check for boot-id. Use the first one that exists.
101
102
103 --cache-dir="/builddir/.kube/cache" Default cache directory
104
105
106 --certificate-authority="" Path to a cert file for the certificate
107 authority
108
109
110 --client-certificate="" Path to a client certificate file for TLS
111
112
113 --client-key="" Path to a client key file for TLS
114
115
116 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
117 CIDRs opened in GCE firewall for L7 LB traffic proxy health
118 checks
119
120
121 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
122 CIDRs opened in GCE firewall for L4 LB traffic proxy health
123 checks
124
125
126 --cluster="" The name of the kubeconfig cluster to use
127
128
129 --container-hints="/etc/cadvisor/container_hints.json" location of
130 the container hints file
131
132
133 --containerd="/run/containerd/containerd.sock" containerd endpoint
134
135
136 --containerd-namespace="k8s.io" containerd namespace
137
138
139 --context="" The name of the kubeconfig context to use
140
141
142 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
143 tionSeconds of the toleration for notReady:NoExecute that is added by
144 default to every pod that does not already have such a toleration.
145
146
147 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
148 tionSeconds of the toleration for unreachable:NoExecute that is added
149 by default to every pod that does not already have such a toleration.
150
151
152 --disable-root-cgroup-stats=false Disable collecting root Cgroup
153 stats
154
155
156 --docker="unix:///var/run/docker.sock" docker endpoint
157
158
159 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
160 ronment variable keys matched with specified prefix that needs to be
161 collected for docker containers
162
163
164 --docker-only=false Only report docker containers in addition to
165 root stats
166
167
168 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
169 from docker info (this is a fallback, default: /var/lib/docker)
170
171
172 --docker-tls=false use TLS to connect to docker
173
174
175 --docker-tls-ca="ca.pem" path to trusted CA
176
177
178 --docker-tls-cert="cert.pem" path to client certificate
179
180
181 --docker-tls-key="key.pem" path to private key
182
183
184 --enable-load-reader=false Whether to enable cpu load reader
185
186
187 --event-storage-age-limit="default=0" Max length of time for which
188 to store events (per type). Value is a comma separated list of key val‐
189 ues, where the keys are event types (e.g.: creation, oom) or "default"
190 and the value is a duration. Default is applied to all non-specified
191 event types
192
193
194 --event-storage-event-limit="default=0" Max number of events to
195 store (per type). Value is a comma separated list of key values, where
196 the keys are event types (e.g.: creation, oom) or "default" and the
197 value is an integer. Default is applied to all non-specified event
198 types
199
200
201 --global-housekeeping-interval=1m0s Interval between global house‐
202 keepings
203
204
205 --housekeeping-interval=10s Interval between container housekeep‐
206 ings
207
208
209 --insecure-skip-tls-verify=false If true, the server's certificate
210 will not be checked for validity. This will make your HTTPS connections
211 insecure
212
213
214 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
215 quests.
216
217
218 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
219 trace
220
221
222 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
223 sor container
224
225
226 --log-dir="" If non-empty, write log files in this directory
227
228
229 --log-file="" If non-empty, use this log file
230
231
232 --log-file-max-size=1800 Defines the maximum size a log file can
233 grow to. Unit is megabytes. If the value is 0, the maximum file size is
234 unlimited.
235
236
237 --log-flush-frequency=5s Maximum number of seconds between log
238 flushes
239
240
241 --logtostderr=true log to standard error instead of files
242
243
244 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
245 Comma-separated list of files to check for machine-id. Use the
246 first one that exists.
247
248
249 --match-server-version=false Require server version to match
250 client version
251
252
253 -n, --namespace="" If present, the namespace scope for this CLI
254 request
255
256
257 --one-output=false If true, only write logs to their native sever‐
258 ity level (vs also writing to each lower severity level)
259
260
261 --password="" Password for basic authentication to the API server
262
263
264 --profile="none" Name of profile to capture. One of
265 (none|cpu|heap|goroutine|threadcreate|block|mutex)
266
267
268 --profile-output="profile.pprof" Name of the file to write the
269 profile to
270
271
272 --referenced-reset-interval=0 Reset interval for referenced bytes
273 (container_referenced_bytes metric), number of measurement cycles after
274 which referenced bytes are cleared, if set to 0 referenced bytes are
275 never cleared (default: 0)
276
277
278 --request-timeout="0" The length of time to wait before giving up
279 on a single server request. Non-zero values should contain a corre‐
280 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
281 out requests.
282
283
284 -s, --server="" The address and port of the Kubernetes API server
285
286
287 --skip-headers=false If true, avoid header prefixes in the log
288 messages
289
290
291 --skip-log-headers=false If true, avoid headers when opening log
292 files
293
294
295 --stderrthreshold=2 logs at or above this threshold go to stderr
296
297
298 --storage-driver-buffer-duration=1m0s Writes in the storage driver
299 will be buffered for this duration, and committed to the non memory
300 backends as a single transaction
301
302
303 --storage-driver-db="cadvisor" database name
304
305
306 --storage-driver-host="localhost:8086" database host:port
307
308
309 --storage-driver-password="root" database password
310
311
312 --storage-driver-secure=false use secure connection with database
313
314
315 --storage-driver-table="stats" table name
316
317
318 --storage-driver-user="root" database username
319
320
321 --tls-server-name="" Server name to use for server certificate
322 validation. If it is not provided, the hostname used to contact the
323 server is used
324
325
326 --token="" Bearer token for authentication to the API server
327
328
329 --update-machine-info-interval=5m0s Interval between machine info
330 updates.
331
332
333 --user="" The name of the kubeconfig user to use
334
335
336 --username="" Username for basic authentication to the API server
337
338
339 -v, --v=0 number for the log level verbosity
340
341
342 --version=false Print version information and quit
343
344
345 --vmodule= comma-separated list of pattern=N settings for
346 file-filtered logging
347
348
349 --warnings-as-errors=false Treat warnings received from the server
350 as errors and exit with a non-zero exit code
351
352
353
355 # To proxy all of the kubernetes api and nothing else.
356 kubectl proxy --api-prefix=/
357
358 # To proxy only part of the kubernetes api and also some static files.
359 # You can get pods info with 'curl localhost:8001/api/v1/pods'
360 kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/
361
362 # To proxy the entire kubernetes api at a different root.
363 # You can get pods info with 'curl localhost:8001/custom/api/v1/pods'
364 kubectl proxy --api-prefix=/custom/
365
366 # Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/
367 kubectl proxy --port=8011 --www=./local/www/
368
369 # Run a proxy to kubernetes apiserver on an arbitrary local port.
370 # The chosen port for the server will be output to stdout.
371 kubectl proxy --port=0
372
373 # Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api
374 # This makes e.g. the pods api available at localhost:8001/k8s-api/v1/pods/
375 kubectl proxy --api-prefix=/k8s-api
376
377
378
379
381 kubectl(1),
382
383
384
386 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
387 com) based on the kubernetes source material, but hopefully they have
388 been automatically generated since!
389
390
391
392Manuals User KUBERNETES(1)(kubernetes)