Skip to main content

1. Retrieving Cluster Information

Run the following command to get the Kubernetes API server address and port: 
kubectl cluster-info
Note the Kubernetes control plane address and port from the output. This information will be used when defining the reverse proxy in Apinizer.

2. Adding a Reverse Proxy in Apinizer

Create a reverse proxy definition in Apinizer for the relevant cluster. Use the address from the kubectl cluster-info output as the backend.

Request Policy Configuration

To ensure the Kubernetes API works properly with kubectl, add the following header transformations under Request Policy → Business Rule:
Action TypeSource VariableVariable Data TypeTarget Value Source TypeValue
Modifyaccept-encodingStringSpecify the Valueidentity
Deleteaccept-encoding---
If these header transformations are not applied, kubectl requests gzip-compressed and specially formatted responses from Kubernetes. While processing these responses, Apinizer may truncate the JSON, causing an unexpected end of JSON input error.

3. Generating a Token

Run the following commands on a machine that has access to the Kubernetes cluster: Create service account: 
kubectl create serviceaccount kube-user -n kube-system
Assign cluster-admin role: 
kubectl create clusterrolebinding kube-user-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kube-user
Generate token (valid for 1 year): 
kubectl create token kube-user -n kube-system --duration=8760h
Copy the token value from the output of the last command and store it securely. This token will be used in the kubeconfig file in the next step. When the token expires, repeat this step to generate a new one.

4. Preparing the Kubeconfig File

On Windows, kubectl reads cluster connection information from the %USERPROFILE%\.kube\config file. This file is usually located at: 
C:\Users\YOUR_USERNAME\.kube\config
To create the file, run the following commands in CMD: 
mkdir %USERPROFILE%\.kube
notepad %USERPROFILE%\.kube\config
When Notepad opens, paste the following template, fill in the required fields, and save: 
apiVersion: v1
clusters:
- cluster:
    server: <Apinizer reverse proxy URL>
    insecure-skip-tls-verify: true
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kube-user
  name: kube-user@kubernetes
current-context: kube-user@kubernetes
kind: Config
preferences: {}
users:
- name: kube-user
  user:
    token: <PASTE_TOKEN_FROM_STEP_3_HERE>
The insecure-skip-tls-verify: true setting is required because Apinizer’s TLS certificate differs from the Kubernetes certificate.