Definition

What It Does

When you run kubectl proxy, it starts a local HTTP server that handles authentication and communicates with the Kubernetes API server on your behalf. This allows you to access cluster resources via REST API endpoints without needing to handle tokens or certificates manually.

How to Use kubectl proxy

Basic Command


  kubectl proxy

This starts a proxy server at http://localhost:8001/ by default.

Accessing the Kubernetes API Through the Proxy

Once the proxy is running, you can use a web browser or a tool like curl to access cluster information. For example:


  curl http://localhost:8001/api/v1/namespaces/default/pods

This returns a list of pods in the default namespace.

Use Cases

  • Browsing the Kubernetes Dashboard (if deployed):
    Access it at:
    http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
  • Testing custom API clients or integrations:
    You can test calls to the Kubernetes API locally without managing tokens or certificates.
  • Inspecting live API data for learning or debugging:
    Easily fetch raw JSON data from various Kubernetes API endpoints.

Advanced Options


  kubectl proxy --port=8888 --address=0.0.0.0 --accept-hosts='^.*$'
  • --port=8888: Changes the port from the default 8001 to 8888.
  • --address=0.0.0.0: Allows access from external hosts (not just localhost).
  • --accept-hosts='^.*$': Accepts all hostnames. Use with caution for security reasons.

Security Consideration

By default, kubectl proxy only accepts connections from localhost and does not require additional authentication, relying on your local kubeconfig for access. Do not expose this proxy to the internet, especially with the --address=0.0.0.0 flag, unless you fully understand the security implications.

See Also