1KUBERNETES(1)(kubernetes) KUBERNETES(1)(kubernetes)
2Eric Paris Jan 2015
6
9 kubectl proxy - Run a proxy to the Kubernetes API server
10
14 kubectl proxy [OPTIONS]
15
19 Creates a proxy server or application-level gateway between localhost
20 and the Kubernetes API Server. It also allows serving static content
21 over specified HTTP path. All incoming data enters through one port and
22 gets forwarded to the remote kubernetes API Server port, except for the
23 path matching the static content path.
24
28 --accept-hosts="^localhost$,^127\.0\.0\.1$,^\[::1\]$" Regular ex‐
29 pression for hosts that the proxy should accept.
30 --accept-paths="^.*" Regular expression for paths that the proxy
33 should accept.
34 --address="127.0.0.1" The IP address on which to serve on.
37 --api-prefix="/" Prefix to serve the proxied API under.
40 --disable-filter=false If true, disable request filtering in the
43 proxy. This is dangerous, and can leave you vulnerable to XSRF attacks,
44 when used with an accessible port.
45 --keepalive=0s keepalive specifies the keep-alive period for an
48 active network connection. Set to 0 to disable keepalive.
49 -p, --port=8001 The port on which to run the proxy. Set to 0 to
52 pick a random port.
53 --reject-methods="^$" Regular expression for HTTP methods that the
56 proxy should reject (example --reject-methods='POST,PUT,PATCH').
57 --reject-paths="^/api/./pods/./exec,^/api/./pods/./attach" Regular
60 expression for paths that the proxy should reject. Paths specified here
61 will be rejected even accepted by --accept-paths.
62 -u, --unix-socket="" Unix socket on which to run the proxy.
65 -w, --www="" Also serve static files from the given directory un‐
68 der the specified prefix.
69 -P, --www-prefix="/static/" Prefix to serve static files under, if
72 static file directory is specified.
73
77 --add-dir-header=false If true, adds the file directory to the
78 header of the log messages
79 --alsologtostderr=false log to standard error as well as files
82 --application-metrics-count-limit=100 Max number of application
85 metrics to store (per container)
86 --as="" Username to impersonate for the operation
89 --as-group=[] Group to impersonate for the operation, this flag
92 can be repeated to specify multiple groups.
93 --azure-container-registry-config="" Path to the file containing
96 Azure container registry configuration information.
97 --boot-id-file="/proc/sys/kernel/random/boot_id" Comma-separated
100 list of files to check for boot-id. Use the first one that exists.
101 --cache-dir="/builddir/.kube/cache" Default cache directory
104 --certificate-authority="" Path to a cert file for the certificate
107 authority
108 --client-certificate="" Path to a client certificate file for TLS
111 --client-key="" Path to a client key file for TLS
114 --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
117 CIDRs opened in GCE firewall for L7 LB traffic proxy health
118 checks
119 --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
122 CIDRs opened in GCE firewall for L4 LB traffic proxy health
123 checks
124 --cluster="" The name of the kubeconfig cluster to use
127 --container-hints="/etc/cadvisor/container_hints.json" location of
130 the container hints file
131 --containerd="/run/containerd/containerd.sock" containerd endpoint
134 --containerd-namespace="k8s.io" containerd namespace
137 --context="" The name of the kubeconfig context to use
140 --default-not-ready-toleration-seconds=300 Indicates the tolera‐
143 tionSeconds of the toleration for notReady:NoExecute that is added by
144 default to every pod that does not already have such a toleration.
145 --default-unreachable-toleration-seconds=300 Indicates the tolera‐
148 tionSeconds of the toleration for unreachable:NoExecute that is added
149 by default to every pod that does not already have such a toleration.
150 --disable-root-cgroup-stats=false Disable collecting root Cgroup
153 stats
154 --docker="unix:///var/run/docker.sock" docker endpoint
157 --docker-env-metadata-whitelist="" a comma-separated list of envi‐
160 ronment variable keys matched with specified prefix that needs to be
161 collected for docker containers
162 --docker-only=false Only report docker containers in addition to
165 root stats
166 --docker-root="/var/lib/docker" DEPRECATED: docker root is read
169 from docker info (this is a fallback, default: /var/lib/docker)
170 --docker-tls=false use TLS to connect to docker
173 --docker-tls-ca="ca.pem" path to trusted CA
176 --docker-tls-cert="cert.pem" path to client certificate
179 --docker-tls-key="key.pem" path to private key
182 --enable-load-reader=false Whether to enable cpu load reader
185 --event-storage-age-limit="default=0" Max length of time for which
188 to store events (per type). Value is a comma separated list of key val‐
189 ues, where the keys are event types (e.g.: creation, oom) or "default"
190 and the value is a duration. Default is applied to all non-specified
191 event types
192 --event-storage-event-limit="default=0" Max number of events to
195 store (per type). Value is a comma separated list of key values, where
196 the keys are event types (e.g.: creation, oom) or "default" and the
197 value is an integer. Default is applied to all non-specified event
198 types
199 --global-housekeeping-interval=1m0s Interval between global house‐
202 keepings
203 --housekeeping-interval=10s Interval between container housekeep‐
206 ings
207 --insecure-skip-tls-verify=false If true, the server's certificate
210 will not be checked for validity. This will make your HTTPS connections
211 insecure
212 --kubeconfig="" Path to the kubeconfig file to use for CLI re‐
215 quests.
216 --log-backtrace-at=:0 when logging hits line file:N, emit a stack
219 trace
220 --log-cadvisor-usage=false Whether to log the usage of the cAdvi‐
223 sor container
224 --log-dir="" If non-empty, write log files in this directory
227 --log-file="" If non-empty, use this log file
230 --log-file-max-size=1800 Defines the maximum size a log file can
233 grow to. Unit is megabytes. If the value is 0, the maximum file size is
234 unlimited.
235 --log-flush-frequency=5s Maximum number of seconds between log
238 flushes
239 --logtostderr=true log to standard error instead of files
242 --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
245 Comma-separated list of files to check for machine-id. Use the
246 first one that exists.
247 --match-server-version=false Require server version to match
250 client version
251 -n, --namespace="" If present, the namespace scope for this CLI
254 request
255 --one-output=false If true, only write logs to their native sever‐
258 ity level (vs also writing to each lower severity level
259 --password="" Password for basic authentication to the API server
262 --profile="none" Name of profile to capture. One of
265 (none|cpu|heap|goroutine|threadcreate|block|mutex)
266 --profile-output="profile.pprof" Name of the file to write the
269 profile to
270 --referenced-reset-interval=0 Reset interval for referenced bytes
273 (container_referenced_bytes metric), number of measurement cycles after
274 which referenced bytes are cleared, if set to 0 referenced bytes are
275 never cleared (default: 0)
276 --request-timeout="0" The length of time to wait before giving up
279 on a single server request. Non-zero values should contain a corre‐
280 sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
281 out requests.
282 -s, --server="" The address and port of the Kubernetes API server
285 --skip-headers=false If true, avoid header prefixes in the log
288 messages
289 --skip-log-headers=false If true, avoid headers when opening log
292 files
293 --stderrthreshold=2 logs at or above this threshold go to stderr
296 --storage-driver-buffer-duration=1m0s Writes in the storage driver
299 will be buffered for this duration, and committed to the non memory
300 backends as a single transaction
301 --storage-driver-db="cadvisor" database name
304 --storage-driver-host="localhost:8086" database host:port
307 --storage-driver-password="root" database password
310 --storage-driver-secure=false use secure connection with database
313 --storage-driver-table="stats" table name
316 --storage-driver-user="root" database username
319 --tls-server-name="" Server name to use for server certificate
322 validation. If it is not provided, the hostname used to contact the
323 server is used
324 --token="" Bearer token for authentication to the API server
327 --update-machine-info-interval=5m0s Interval between machine info
330 updates.
331 --user="" The name of the kubeconfig user to use
334 --username="" Username for basic authentication to the API server
337 -v, --v=0 number for the log level verbosity
340 --version=false Print version information and quit
343 --vmodule= comma-separated list of pattern=N settings for
346 file-filtered logging
347 --warnings-as-errors=false Treat warnings received from the server
350 as errors and exit with a non-zero exit code
351
355 # To proxy all of the kubernetes api and nothing else, use:
356 $ kubectl proxy --api-prefix=/
358 # To proxy only part of the kubernetes api and also some static files:
360 $ kubectl proxy --www=/my/files --www-prefix=/static/ --api-prefix=/api/
362 # The above lets you 'curl localhost:8001/api/v1/pods'.
364 # To proxy the entire kubernetes api at a different root, use:
366 $ kubectl proxy --api-prefix=/custom/
368 # The above lets you 'curl localhost:8001/custom/api/v1/pods'
370 # Run a proxy to kubernetes apiserver on port 8011, serving static content from ./local/www/
372 kubectl proxy --port=8011 --www=./local/www/
373 # Run a proxy to kubernetes apiserver on an arbitrary local port.
375 # The chosen port for the server will be output to stdout.
376 kubectl proxy --port=0
377 # Run a proxy to kubernetes apiserver, changing the api prefix to k8s-api
379 # This makes e.g. the pods api available at localhost:8001/k8s-api/v1/pods/
380 kubectl proxy --api-prefix=/k8s-api
381
386 kubectl(1),
387
391 January 2015, Originally compiled by Eric Paris (eparis at redhat dot
392 com) based on the kubernetes source material, but hopefully they have
393 been automatically generated since!
394Manuals User KUBERNETES(1)(kubernetes)