Kubernetes API request curl https://192.168.0.139 --cacert /home/mongeo/ku-certs/ca.pem return Unauthorized

Request curl localhost:8080 worked good.

My kube-proxy and kube-apiserver standart (coreos+k8s tutorial)

How do I get data on HTTPS?

Did you specify --token-auth-file=<file> and/or --basic-auth-file=<otherfile> or one of the other authentication modes? I don't know that https endpoint will work without one of these (maybe it should, but it doesn't, apparently). Check out https://kubernetes.io/docs/admin/authentication/

Hi this is what I did for token,

1. Find address Server Api - open /etc/kubernetes/kubelet.conf ——>example : server: https://10.1.32.120:6443
2. Find token, open /etc/kubernetes/pki/tokens.csv ———>example : 4c95a1a22d19b20811,kubeadm-node-csr,07ccbf35-e206-11e6-ab8f-0010184e550e,system:kubelet-bootstrap
3. In this case the token is —>4c95a1a22d19b20811
4. If use postman, add header —> Authorization: Bearer 4c95a1a22d19b20811

A simple way to access the Kubernetes API from an external network is to create an SSH tunnel, e.g.

ssh -L 9000:localhost:8080 roto@master.node

This will forward connection from your local port 9000 to localhost:8080 on your server.

As long as the SSH tunnel is open, you can query the API on port 9000 of your machine.

There are several ways to authenticate in the API. Simplest way for you to get authorized is to send Authentication header with "bearer TOKEN_VALUE" value. You can look at Kubernetes API configuration on your server to look up defined tokens. The header can be sent with http request using web browser extension.

finally, i figured this out:

lincai@pdbuddy:~/blackbox$ curl -v --cacert ./ca.pem --key ./admin-key.pem --cert ./admin.pem  https://xxxx/api/v1/
* Hostname was NOT found in DNS cache

> 
< HTTP/1.1 200 OK

curl https://192.168.0.139 —key ./admin-key.pem —cert ./admin.pem —cacert ./ca.pem