lizrice/kubelet-api.md

## 7 changes: 7 additions & 0 deletions kubelet-api.md
@@ -8,6 +8,13 @@ curl -sk https://localhost:10250/pods/

    * If `--anonymous-auth` is `true` and `--authorization-mode` is `Webhook` you'll see `403 Forbidden` response with message `Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)`
* If `--anonymous-auth` is `true` and `--authorization-mode` is `Webhook` you'll see `403 Forbidden` response with message `Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)`

    * If `--anonymous-auth` is `true` and `--authorization-mode` is `AlwaysAllow` you'll see a list of pods.
* If `--anonymous-auth` is `true` and `--authorization-mode` is `AlwaysAllow` you'll see a list of pods.


    ## Execing into a pod
## Execing into a pod


    ```bash
```bash

    curl -skv -X POST -H "X-Stream-Protocol-Version: v2.channel.k8s.io" -H "X-Stream-Protocol-Version: channel.k8s.io" "https://localhost:10250/exec/<namespace>/<pod name>/<container name>/?command=touch&command=hello_world&input=1&output=1&tty=1"
curl -skv -X POST -H "X-Stream-Protocol-Version: v2.channel.k8s.io" -H "X-Stream-Protocol-Version: channel.k8s.io" "https://localhost:10250/exec/<namespace>/<pod name>/<container name>/?command=touch&command=hello_world&input=1&output=1&tty=1"

    ```
```

    This gives a `302 Found` response on v1.9 but execing into the pod directly shows no evidence of the file being created. On v1.11 there was an `Upgrade request required` response - maybe TLS issue?
This gives a `302 Found` response on v1.9 but execing into the pod directly shows no evidence of the file being created. On v1.11 there was an `Upgrade request required` response - maybe TLS issue?


    ## Changing kubelet settings
## Changing kubelet settings


    Edit `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
Edit `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`


## 17 changes: 16 additions & 1 deletion kubelet-api.md
@@ -2,4 +2,19 @@


    ```bash
```bash

    curl -sk https://localhost:10250/pods/
curl -sk https://localhost:10250/pods/

    ```
```

    ```
```


    * If `--anonymous-auth` is turned off, you will see a `401 Unauthorized` response.
* If `--anonymous-auth` is turned off, you will see a `401 Unauthorized` response.

    * If `--anonymous-auth` is `true` and `--authorization-mode` is `Webhook` you'll see `403 Forbidden` response with message `Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)`
* If `--anonymous-auth` is `true` and `--authorization-mode` is `Webhook` you'll see `403 Forbidden` response with message `Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)`

    * If `--anonymous-auth` is `true` and `--authorization-mode` is `AlwaysAllow` you'll see a list of pods.
* If `--anonymous-auth` is `true` and `--authorization-mode` is `AlwaysAllow` you'll see a list of pods.


    ## Changing kubelet settings
## Changing kubelet settings


    Edit `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
Edit `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`


    ```bash
```bash

    sudo systemctl daemon-reload
sudo systemctl daemon-reload

    sudo systemctl restart kubelet.service
sudo systemctl restart kubelet.service

    ```
```


    Or, if the settings are in /var/lib/kubelet/config.yaml, edit the config file and then `sudo systemctl restart kubelet.service`.
Or, if the settings are in /var/lib/kubelet/config.yaml, edit the config file and then `sudo systemctl restart kubelet.service`.

## 5 changes: 5 additions & 0 deletions kubelet-api.md
@@ -0,0 +1,5 @@

    # Accessing Kubelet API
# Accessing Kubelet API


    ```bash
```bash

    curl -sk https://localhost:10250/pods/
curl -sk https://localhost:10250/pods/

    ```
```