Access kubernetes secure API after running with docker

3/20/2016

I've created a kubenetes cluster on my Mac with docker-machine, following the documentation here:

http://kubernetes.io/docs/getting-started-guides/docker/

I can access the normal api from inside the instance on 127.0.0.1:8080, but I want to access it externally from my macbook. I know there is a secure port :6443, but I'm unsure how to set up the credentials to access this port.

There are lots of instructions on how to do it on custom installs of kubernetes, but I don't know how to do it inside the docker containers I'm running.

-- fizixx
kubernetes

2 Answers

3/21/2016

It's like a workaround but most of the time, I think KubeOnDocker setup is for developper that don't need the credentials mecanism :

When you start the KubeOnDocker, --config=/etc/kubernetes/manifests point to master.json. If you look the apiserver start command, you will see that --insecure-bind-address is 127.0.0.1. If you use --config=/etc/kubernetes/manifests-multi it will point to master-multi.json, --insecure-bind-address will be 0.0.0.0 and the apiserver will be accessible from everywhere.

Note that you will need to start etcd with manifests-multi.

# Not tested start
docker run \
  -d \
  --net=host \
  gcr.io/google_containers/etcd:2.2.1 \
    /usr/local/bin/etcd \
    --listen-client-urls=http://127.0.0.1:4001 \
    --advertise-client-urls=http://127.0.0.1:4001 \
    --data-dir=/var/etcd/data
-- Thibault Deheurles
Source: StackOverflow

3/21/2016

Likely, you will want to use Virtual Box's port forwarding capabilities. An example from the documentation:

VBoxManage modifyvm "MyVM" --natpf1 "k8srule,tcp,,6443,,6443"

This forwards port 6443 on all hosts interfaces to port 6443 of the guest. Port forwarding can also be configured through the VirtualBox UI.

-- Ryan Cox
Source: StackOverflow