Chapter 6 - Discovering API Groups

heiko_s

There is a typo in chapter 6 - Discovering API Groups:

We can take a closer look at the output of the request for current APIs. Each of the name values can be appended to the URL to see details of that group. For example, you could drill down to find included objects at this URL:
https://localhost:6443/apis/apiregistrationk8s.io/v1beta1

The URL is missing a dot:
https://localhost:6443/apis/apiregistration.k8s.io/v1beta1

Using the setup from the labs, the following URL will also work:
https://k8smaster:6443/apis/apiregistration.k8s.io/v1beta1

When using a web browser or curl, the result is ultimately this:

kind    "Status"
apiVersion  "v1"
metadata    {}
status  "Failure"
message "forbidden: User \"system:anonymous\" cannot get path \"/apis/apiregistrationk8s.io/v1beta1\""
reason  "Forbidden"
details {}
code    403
 

This is expected when I don't use authentication. As demonstrated in the previous lab, we can use curl when we supply the keys:
curl --cert client.pem --key client-key.pem --cacert ca.pem https://k8smaster:6443/apis/apiregistration.k8s.io/v1beta1

Copying these .pem keys to other machines allows remote access. I'm still looking for a way to include these keys so the browser (Firefox) will use them.