concept proxy in category kubernetes
This is an excerpt from Manning's book Kubernetes in Action, Second Edition MEAP V05.
You may be interested in trying to access the API directly instead of through kubectl. As explained earlier, the Kubernetes API is web based, so you can use a web browser or the curl command to perform API operations, but the API server uses TLS and you typically need a client certificate or token for authentication. Fortunately, kubectl provides a special proxy that takes care of this, allowing you to talk to the API through the proxy using plain HTTP.
To run the proxy, execute the command:
It’s difficult to imagine what constitutes a complementary process, so I’ll give you some examples. In chapter 2, you deployed pods with one container that runs a Node.js application. The Node.js application only supports the HTTP protocol. To make it support HTTPS, we could add a bit more JavaScript code, but we can also do it without changing the existing application at all - by adding an additional container to the pod – a reverse proxy that converts HTTPS traffic to HTTP and forwards it to the Node.js container. The Node.js container is thus the primary container, whereas the container running the proxy is the sidecar container. Figure 5.6 shows this example.
$ kubectl port-forward kubia 8080 ... Forwarding from 127.0.0.1:8080 -> 8080 ... Forwarding from [::1]:8080 -> 8080
Figure 5.9 The long communication path between curl and the container when using port forwarding
