K
Q

How to send http requests to the kubelet api server

6/6/2020

I have a kubernetes cluster on EKS, in which I would like to send requests to the kubelet server (not the kube-apiserver, but the kubelet, which runs on each of the worker nodes). My understanding is that the kubelet runs an http server on port 10250, so I opened the firewall (security group) in one of the worker nodes for that port so I can reach it from my IP. Example of a request:

curl -k https://public-ip-of-worker-node:10250/metrics/probes

but I get a 401 in response. I guess this is expected, as I am not authenticating in any way. So, how can I authenticate to the kubelet server? I can communicate without problem with the kube-apiserver using kubectl, so I do have enough permissions from the IAM side.

-- Simon Ernesto Cardenas Zarate
amazon-eks
amazon-iam
kubernetes

Similar Questions

how to assign only 1 secret key in Cluster Role?
Secure traffic between kubernetes ingress and service
How to choose an API gateway in Kubernetes?
my kubernetes cluster is down after reboot
Connecting to Istio ingress gateway gives a 404 error

1 Answer

6/6/2020

From the docs start the kubelet with the --authentication-token-webhook and the --kubeconfig flags.

Then you can create a service-account and define role and rolebinding on the service account and use the service accounts bearer token with the curl command to call the kubelet API.

-- Arghya Sadhu
Source: StackOverflow