How to access Kubernetes API when using minkube?

Question

What is correct way to kubernetes cluster setup using minikube through the kubernetes api ? At the moment, I can't find a port through which the kubernetes cluster can be accessed.

Answer 1

The easiest way to access the Kubernetes API with when running minikube is to use

kubectl proxy --port=8080

You can then access the API with

curl http://localhost:8080/api/

This also allows you to browse the API in your browser. Start minikube using

minikube start --extra-config=apiserver.Features.EnableSwaggerUI=true

then start kubectl proxy, and navigate to http://localhost:8080/swagger-ui/ in your browser.

You can access the Kubernetes API with curl directly using

curl --cacert ~/.minikube/ca.crt --cert ~/.minikube/client.crt --key ~/.minikube/client.key https://`minikube ip`:8443/api/

but usually there is no advantage in doing so. Common browsers are not happy with the certificates minikube generates, so if you want to access the API with your browser you need to use kubectl proxy.

Answer 2

Running minikube start will automatically configure kubectl.

You can run minikube ip to get the IP that your minikube is on. The API server runs on 8443 by default.

---

Update: To access the API server directly, you'll need to use the custom SSL certs that have been generated. by minikube. The client certificate and key are typically stored at: ~/.minikube/apiserver.crt and ~/.minikube/apiserver.key. You'll have to load them into your HTTPS client when you make requests.

If you're using curl use the --cert and the --key options to use the cert and key file. Check the docs for more details.

---

Update2: The client certificate and key are typically stored at: ~/.minikube/profiles/minikube directory when you use the version >= 0.19 (more informations). You probably need to set the --insecure options to the curl client because of the self-signed certificate.

Answer 3

I went through lots of answers, but lots of them are wrong.

Before we do, we need IP and token.

How to get IP: minikube ip How to generate Token:

$export secret=kubectl get serviceaccount default -o json | jq -r '.secrets[].name'

$kubectl get secret $secret -o yaml | grep "token:" | awk {'print $2'} |  base64 -D > token

Note: base64 uses -D for mac, but -d for Linux.

Then, the correct command is:

#curl -v -k -H --cacert ~/.minikube/ca.crt -H "Authorization: Bearer $(cat ~/YOUR_TOKEN)"  "https://{YOUR_IP}:8443/api/v1/pods"

Answer 4

User Sven Marnach got me in the right direction however to get the correct server ip, crt and key location I ran kubectl config view.

$ kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority: /Users/user/.minikube/ca.crt
    server: https://127.0.0.1:32792
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /Users/user/.minikube/profiles/minikube/client.crt
    client-key: /Users/user/.minikube/profiles/minikube/client.key

$ curl --cacert ~/.minikube/ca.crt --cert ~/.minikube/profiles/minikube/client.crt --key ~/.minikube/profiles/minikube/client.key https://127.0.0.1:32792/api/
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "172.17.0.2:8443"
    }
  ]
}

 $ curl -s --cacert ~/.minikube/ca.crt --cert ~/.minikube/profiles/minikube/client.crt --key ~/.minikube/profiles/minikube/client.key https://127.0.0.1:32792/api/v1/pods | jq .items[].metadata | jq '"\(.name), \(.namespace), \(.selfLink)"'
"shell-demo, default, /api/v1/namespaces/default/pods/shell-demo"
"coredns-f9fd979d6-6b2nx, kube-system, /api/v1/namespaces/kube-system/pods/coredns-f9fd979d6-6b2nx"
"etcd-minikube, kube-system, /api/v1/namespaces/kube-system/pods/etcd-minikube"
"kube-apiserver-minikube, kube-system, /api/v1/namespaces/kube-system/pods/kube-apiserver-minikube"
"kube-controller-manager-minikube, kube-system, /api/v1/namespaces/kube-system/pods/kube-controller-manager-minikube"
"kube-proxy-bbck9, kube-system, /api/v1/namespaces/kube-system/pods/kube-proxy-bbck9"
"kube-scheduler-minikube, kube-system, /api/v1/namespaces/kube-system/pods/kube-scheduler-minikube"
"storage-provisioner, kube-system, /api/v1/namespaces/kube-system/pods/storage-provisioner"

Readers may also be interested in link.

Answer 5

For windows users, here is an alternative to the much simpler kubectl proxy command:

1. mount your local host's .minikube folder using "minikube mount [path-to-folder]:/host . This way, you will be able to access the certificates from within the node.If you don't know the exact path to this folder, you can get it by looking at the kubectl config view response.

2. On a different command prompt, take note of the IP of your kube api server. this can be done running from your host ( windows ) minikube ip. Note that this is the virtual IP within your minikube container.

3. Start a bash within the minikube container. docker exec -it {your-container-id} bash

4. Access to the folder you mounted on point 1). Now, simply curl to the Kubectl api server through its virtual ip from 2.):

   curl https://{your-ip-from-2}:8443/api --key ./ca.key --cert ./ca.crt Here we are passing the certs to be used. Notice how I am not using the proxy-client ones.

That's it. For learning purposes I think this is a more interesting method that directly proxying.

Answer 6

These instructions worked for me https://github.com/jenkinsci/kubernetes-plugin#configuration-on-minikube

Needed to generate & upload pfx file, along with the other steps mentioned there.

Answer 7

Most of the above answers are right in their own sense.

I will give my version of the answer:

1) What is the correct way to Kubernetes cluster setup using minikube through the Kubernetes API ?

Ans: I think this is pretty straight forward. Follow the installation steps mentions in the official k8s documentation for minikube installation

2) At the moment, I can't find a port through which the kubernetes cluster can be accessed.

Ans: This is too has a straight forward answer. You have to check your Kube config file. You can find it in your home directory ~/.kube/config. View this file and it will have the details.

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /Users/username/.minikube/ca.crt
    server: https://192.168.64.2:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    namespace: default
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /Users/username/.minikube/client.crt
    client-key: /Users/username/.minikube/client.key

The server detail mentioned here is your api-server endpoint to hit.

You can view this information using the kubectl command as well like this kubectl config view

Use below curl to hit the api-server using curl

curl https://192.168.64.2:8443/api/v1/pod --key /Users/sanjay/.minikube/client.key --cert /Users/sanjay/.minikube/client.crt --cacert /Users/sanjay/.minikube/ca.crt

Note: replace the ip port and the path as per your config file in above command.

Answer 8

Based on xichen's and Seba's answers above, this is how to acquire a token from a terminal:

$ function get_token() { secret=$(kubectl get serviceaccount "$1" -o jsonpath='{.secrets[0].name}') &&  kubectl get secret "$secret" -o jsonpath='{.data.token}' | base64 --decode; }
$ get_token target_account

I hope this would be useful for those who must use kubectl below 1.24 due to minikube issue with enabling ingress as stated in this question.

Answer 9

What did I need when I find this question:

minikube ssh
docker exec -it k8s_kube-apiserver_kube-apiserver-minikube_kube-system_cdcbce216c62c4407ac9a51ac013e7d7_8 kube-apiserver -h

or

docker exec -it -u root minikube /bin/bash
vi /etc/kubernetes/manifests/kube-apiserver.yaml