K
Q

How to force apiserver proxy to use HTTPS in connection to container

9/9/2016

I'm trying to connect to skydns etcd server through apiserver proxy, using this doc http://kubernetes.io/docs/user-guide/accessing-the-cluster/#manually-constructing-apiserver-proxy-urls with command

curl --cacert /etc/kubernetes/certs/ca.crt --header "Authorization: Bearer J9bAdaBGyQUEESCz7k412afmpskoHig7" -sS --cert /etc/pki/etcd/etcd-dns.crt --key /etc/pki/etcd/etcd-dns.key https://95.164.68.160:6443/api/v1/proxy/namespaces/2701e09a-b9f7-4b77-b4ad-8438a974ddfe/services/service-f1g5a:2379/v2/keys

but have the error

Error: 'dial tcp 10.254.63.2:2379: i/o timeout'

Trying to reach: 'http://10.254.63.2:2379/v2/keys'

it looks like it tries to connect to http instead of https

doc says, that

proxy to target may use HTTP or HTTPS as chosen by proxy using available information

what information does it use? how to force using of https?

-- aborilov
kubernetes
proxy
ssl

Similar Questions

Kubernetes- Minion cannot talk to master
Kubernetes REST API - Create deployment
kubernetes - "govc: network 'vm network' not found" when deploying cluster
How can one set up Kubernetes DNS using an IP that is not host specific to the Kubernetes API

1 Answer

9/9/2016

You can prefix the service name with "https:" The following formats are recognized:

# Proxies to the first port in the service, using http
https://<master>/api/v1/namespaces/myns/services/myservice/proxy/...

# Proxies to the specified port in the service, using http
https://<master>/api/v1/namespaces/myns/services/myservice:myport/proxy/...

# Proxies to the specified port, using https
https://<master>/api/v1/namespaces/myns/services/https:myservice:myport/proxy/...
-- Jordan Liggitt
Source: StackOverflow