Access Pod information using Master Public IP in Kubernetes

Question

I can get Pods information using http://localhost:8001/api/v1/pods from inside my cluster.

Is there any way to get pod informations using http://master-public-ip:8001/api/v1/pods ?

Answer 1

By default, the master only exposes HTTPS to the public internet, not HTTP. You should be able to hit https://admin:password@master-public-ip/api/v1/pods/, where password is the generated password for the admin user. This can be found either in the .kube/config file on your machine, or in the /srv/kubernetes/known_tokens.csv file on the master.

E.g. on the master VM:

$ cat /srv/kubernetes/known_tokens.csv 
mYpASSWORD,admin,admin
unused,kubelet,kubelet
...

Or on your machine:

$ cat ~/.kube/config
...
- name: my-cluster
  user:
    client-certificate-data: ...
    client-key-data: ...
    password: mYpASSWORD
    username: admin
...

$ curl --insecure https://admin:mYpASSWORD@master-public-ip/api/v1/pods/
...

To avoid using --insecure (i.e. actually verify the server certificate that your master is presenting), you can use the --cacert flag to specify the cluster certificate authority from your .kube/config file.

$ cat ~/.kube/config
...
- cluster:
    certificate-authority-data: bIgLoNgBaSe64eNcOdEdStRiNg
    server: https://master-public-ip
  name: my-cluster
...

$ echo bIgLoNgBaSe64eNcOdEdStRiNg | base64 -d > ca.crt

$ curl --cacert=ca.crt https://admin:mYpASSWORD@master-public-ip/api/v1/pods/
...