Accessing Kubelet API
curl -sk https://localhost:10250/pods/
--anonymous-authis turned off, you will see a
403 Forbiddenresponse with message
Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)
AlwaysAllowyou'll see a list of pods.
Execing into a pod
curl -skv -X POST -H "X-Stream-Protocol-Version: v2.channel.k8s.io" -H "X-Stream-Protocol-Version: channel.k8s.io" "https://localhost:10250/exec/<namespace>/<pod name>/<container name>/?command=touch&command=hello_world&input=1&output=1&tty=1"
This gives a
302 Found response on v1.9 but execing into the pod directly shows no evidence of the file being created. On v1.11 there was an
Upgrade request required response - maybe TLS issue?
Changing kubelet settings
sudo systemctl daemon-reload sudo systemctl restart kubelet.service
Or, if the settings are in /var/lib/kubelet/config.yaml, edit the config file and then
sudo systemctl restart kubelet.service.