I have to debug my pod which is sending request toward api-server .
I want to disable TLS communication toward api server and capture traffic in http .Tried multiple option but it didn;t work .
My k8s version is 1.21 .Any one have idea or document .
hashtag#kubernetes hashtag#troubleshooting hashtag#apiserver hashtag#TLS
Rather than do that, why not do some sort of debugging proxy, like the one documented in this blog post by the Postman people? kube-apiserver is really not going to want to run w/o encryption, so you’d set up the proxy to use TLS on its outgoing side, and edit your kubeconfig file to point to the proxy. Postman is designed to log API calls made through it, so you’d be set up to watch what traffic runs on the channel.
I did tried with proxy nginx by using ingress controller but it seems it didn’t work
I don’t see why that would work; the kubernetes service doesn’t route through the ingress controller. You want the proxy to sit between kubectl and that service. I’m not sure exactly how you’d set up Postman either, since you need the outgoing end from Postman to use the certificate and key settings that kubectl normally uses. But that’s the thing to try.
Its not about kubectl .
I have pod/application which connecting to api-server through rest api on port 6443 and that traffic need to capture without tls .
or i want to deploy proxy in b/w application pod and kube-apiserver pod where application pod is using kubernetes default service to communicate with apiserver
What information do you need to do your debugging? Is it sufficient to know which APIs are called? If so, consider using K8s’ auditing facility, which you can fine tune enough to see api calls of a certain class or in a certain namespace. this might suffice, depending on what you’re actually doing.
Yes i need to know which api , pod requesting toward api-server .