Kubectl Connection via Apinizer Reverse Proxy (Windows)
1. Retrieving Cluster Information
Run the following command to get the Kubernetes API server address and port:
kubectl cluster-info
Note the Kubernetes control plane address and port from the output. This information will be used when defining the reverse proxy in Apinizer.
2. Adding a Reverse Proxy in Apinizer
Create a reverse proxy definition in Apinizer for the relevant cluster. Use the address from the kubectl cluster-info output as the backend.
Request Policy Configuration
To ensure the Kubernetes API works properly with kubectl, add the following header transformations under Request Policy → Business Rule:
| Action Type | Source Variable | Variable Data Type | Target Value Source Type | Value |
|---|---|---|---|---|
Modify | accept-encoding | String | Specify the Value | identity |
Delete | accept-encoding | - | - | - |
If these header transformations are not applied, kubectl requests gzip-compressed and specially formatted responses from Kubernetes. While processing these responses, Apinizer may truncate the JSON, causing an unexpected end of JSON input error.
3. Generating a Token
Run the following commands on a machine that has access to the Kubernetes cluster:
Create service account:
kubectl create serviceaccount kube-user -n kube-system
Assign cluster-admin role:
kubectl create clusterrolebinding kube-user-admin --clusterrole=cluster-admin --serviceaccount=kube-system:kube-user
Generate token (valid for 1 year):
kubectl create token kube-user -n kube-system --duration=8760h
Copy the token value from the output of the last command and store it securely. This token will be used in the kubeconfig file in the next step. When the token expires, repeat this step to generate a new one.
4. Preparing the Kubeconfig File
On Windows, kubectl reads cluster connection information from the %USERPROFILE%\.kube\config file. This file is usually located at:
C:\Users\YOUR_USERNAME\.kube\config
To create the file, run the following commands in CMD:
mkdir %USERPROFILE%\.kube
notepad %USERPROFILE%\.kube\config
When Notepad opens, paste the following template, fill in the required fields, and save:
apiVersion: v1
clusters:
- cluster:
server: <Apinizer reverse proxy URL>
insecure-skip-tls-verify: true
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kube-user
name: kube-user@kubernetes
current-context: kube-user@kubernetes
kind: Config
preferences: {}
users:
- name: kube-user
user:
token: <PASTE_TOKEN_FROM_STEP_3_HERE>
The insecure-skip-tls-verify: true setting is required because Apinizer’s TLS certificate differs from the Kubernetes certificate.