minikube apiserver nginx proxy curl 호출

https://barisein.tistory.com/393

minikube apiserver curl 호출

기본 인증서로 proxy 구성

server {
        listen 8443 ssl;
        listen [::]:8443 ssl;

        ssl_certificate "{인증서 디렉토리}/client.crt";
        ssl_certificate_key "{인증서 디렉토리}/client.key";

        location / {
                proxy_pass https://192.168.49.2:8443;
        }
}

다른 윈도우에서 실행

# http 호출
curl http://{minikube PC IP}:8443 -v
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443
> GET / HTTP/1.1
> Host: 192.168.0.x:8443
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 400 Bad Request
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sun, 18 Feb 2024 07:53:34 GMT
< Content-Type: text/html
< Content-Length: 264
< Connection: close
<
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.18.0 (Ubuntu)</center>
</body>
</html>
* Closing connection
--------------------------

# https 호출
curl https://{minikube PC IP}:8443 -v
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443
* schannel: disabled automatic use of client certificate
* schannel: using IP address, SNI is not supported by OS.
* ALPN: curl offers http/1.1
* schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - 신뢰되지 않은 기관에서 인증서 체인을 발급했습니다.
* Closing connection
* schannel: shutting down SSL/TLS connection with 192.168.0.x port 8443
curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - 신뢰되지 않은 기관에서 인증서 체인을 발급했습니다.
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
--------------------------

# https 호출(CA인증서 무시)
curl -k https://{minikube PC IP}:8443
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443
* schannel: disabled automatic use of client certificate
* schannel: using IP address, SNI is not supported by OS.
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.1
> GET / HTTP/1.1
> Host: 192.168.0.x:8443
> User-Agent: curl/8.4.0
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 403 Forbidden
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sun, 18 Feb 2024 07:57:01 GMT
< Content-Type: application/json
< Content-Length: 217
< Connection: keep-alive
< Audit-Id: bcad7b13-caf2-434d-995a-db1942ece76a
< Cache-Control: no-cache, private
< X-Content-Type-Options: nosniff
< X-Kubernetes-Pf-Flowschema-Uid: 225e85c1-d101-4128-9db6-4aa104d0e0b5
< X-Kubernetes-Pf-Prioritylevel-Uid: 6a18ac4a-4ef3-46b8-b2b7-20c375e9d1ab
<
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {},
  "code": 403
}* Connection #0 to host 192.168.0.x left intact
--------------------------

# https 호출(CA인증서 적용)
curl --cacert {CA인증서 파일} https://{minikube PC IP}:8443 -v
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443
* schannel: disabled automatic use of client certificate
* schannel: using IP address, SNI is not supported by OS.
* ALPN: curl offers http/1.1
* schannel: added 1 certificate(s) from CA file 'ca.crt'
* schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED
* Closing connection
* schannel: shutting down SSL/TLS connection with 192.168.0.x port 8443
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
--------------------------

# https 호출(CA인증서 + Client 인증서 적용)
curl --cacert {CA인증서 파일} --cert {Client인증서 파일} --key {CA인증서 파일 키} https://{minikube PC IP}:8443
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443
* schannel: disabled automatic use of client certificate
* schannel: Failed to import cert file client.crt, last error is 0x80092002
* Closing connection
curl: (58) schannel: Failed to import cert file client.crt, last error is 0x80092002
--------------------------

윈도우에 Client 인증 허용(적용하지 않음)

https://superuser.com/questions/1679153/allowing-use-of-ssl-client-certificates-on-windows-10

Allowing Use of SSL Client Certificates on Windows 10

minikube와 동일한 PC에서 실행

# 이전 실행은 동일함

# https 호출(CA인증서 적용)
curl --cacert {CA인증서 파일} https://{minikube PC IP}:8443 -v
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: ca.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: O=system:masters; CN=minikube-user
*  start date: Jan 20 13:55:01 2024 GMT
*  expire date: Jan 20 13:55:01 2027 GMT
* SSL: certificate subject name 'minikube-user' does not match target host name '192.168.0.x'
* Closing connection 0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: certificate subject name 'minikube-user' does not match target host name '192.168.0.x'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
--------------------------

minikube client 인증서에서 nginx proxy서버의 IP 추가하여 재생성

https://barisein.tistory.com/394

minikube Client 인증서 생성하기

nginx에 IP 추가된 새 인증서 적용

# 설정은 변경할 것 없음
-----------------------
server {
        listen 8443 ssl;
        listen [::]:8443 ssl;

        ssl_certificate "{인증서 디렉토리}/client.crt";
        ssl_certificate_key "{인증서 디렉토리}/client.key";

		# 아래 옵션을 넣고 안넣고 상관없이 작동안됨
        #ssl_verify_client on;
        #ssl_client_certificate /home/barisein/.minikube/ca.crt;
        
        location / {
                proxy_pass https://192.168.49.2:8443;
        }
}
-----------------------

# 설정 변경후 재기동
# 인증서가 바뀌면 재기동을 해줘야 함
sudo systemctl reload nginx

# https 호출(CA인증서 적용)
curl --cacert {CA인증서 파일} https://{minikube PC IP}:8443 -v
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: ca.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: O=system:masters; CN=minikube-user
*  start date: Feb 17 13:32:17 2024 GMT
*  expire date: Feb 16 13:32:17 2025 GMT
*  subjectAltName: host "192.168.0.x" matched cert's IP address!
*  issuer: CN=minikubeCA
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/1.1
> Host: 192.168.0.x:8443
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sun, 18 Feb 2024 08:45:32 GMT
< Content-Type: application/json
< Content-Length: 217
< Connection: keep-alive
< Audit-Id: 7ea8cd57-e1dd-4b70-bf5d-5a10476d3ca7
< Cache-Control: no-cache, private
< X-Content-Type-Options: nosniff
< X-Kubernetes-Pf-Flowschema-Uid: 225e85c1-d101-4128-9db6-4aa104d0e0b5
< X-Kubernetes-Pf-Prioritylevel-Uid: 6a18ac4a-4ef3-46b8-b2b7-20c375e9d1ab
<
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {},
  "code": 403
* Connection #0 to host 192.168.0.x left intact
}
--------------------------

# https 호출(CA인증서 + Client 인증서 적용)
curl --cacert {CA인증서 파일} --cert {Client인증서 파일} --key {CA인증서 파일 키} https://{minikube PC IP}:8443
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: ca.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: O=system:masters; CN=minikube-user
*  start date: Feb 17 13:32:17 2024 GMT
*  expire date: Feb 16 13:32:17 2025 GMT
*  subjectAltName: host "192.168.0.x" matched cert's IP address!
*  issuer: CN=minikubeCA
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/1.1
> Host: 192.168.0.x:8443
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sun, 18 Feb 2024 09:02:02 GMT
< Content-Type: application/json
< Content-Length: 217
< Connection: keep-alive
< Audit-Id: 0d4d62cf-fac9-4100-a4f0-5420ec9f2b78
< Cache-Control: no-cache, private
< X-Content-Type-Options: nosniff
< X-Kubernetes-Pf-Flowschema-Uid: 225e85c1-d101-4128-9db6-4aa104d0e0b5
< X-Kubernetes-Pf-Prioritylevel-Uid: 6a18ac4a-4ef3-46b8-b2b7-20c375e9d1ab
<
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {},
  "code": 403
* Connection #0 to host 192.168.0.x left intact
}
--------------------------

bootstrap 토근 생성

https://barisein.tistory.com/397

minikube token 생성

nginx에 bootstrap 토큰 적용

# 토큰 적용
-----------------------
server {
        listen 8443 ssl;
        listen [::]:8443 ssl;

        ssl_certificate "{인증서 디렉토리}/client.crt";
        ssl_certificate_key "{인증서 디렉토리}/client.key";
   
        location / {
                proxy_pass https://192.168.49.2:8443;
                proxy_set_header Authorization "Bearer {토큰}";
        }
}
-----------------------

# 설정 변경후 재기동
sudo systemctl reload nginx

# https 호출(CA인증서 + Client 인증서 적용)
curl --cacert {CA인증서 파일} --cert {Client인증서 파일} --key {CA인증서 파일 키} https://{minikube PC IP}:8443
--------------------------
*   Trying 192.168.0.x:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: ca.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: O=system:masters; CN=minikube-user
*  start date: Feb 17 13:32:17 2024 GMT
*  expire date: Feb 16 13:32:17 2025 GMT
*  subjectAltName: host "192.168.0.x" matched cert's IP address!
*  issuer: CN=minikubeCA
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/1.1
> Host: 192.168.0.x:8443
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sun, 18 Feb 2024 15:23:38 GMT
< Content-Type: application/json
< Content-Length: 224
< Connection: keep-alive
< Audit-Id: e52b4ac0-56b5-46db-8985-90a266e3e744
< Cache-Control: no-cache, private
< X-Content-Type-Options: nosniff
< X-Kubernetes-Pf-Flowschema-Uid: 225e85c1-d101-4128-9db6-4aa104d0e0b5
< X-Kubernetes-Pf-Prioritylevel-Uid: 6a18ac4a-4ef3-46b8-b2b7-20c375e9d1ab
<
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "forbidden: User \"system:{bootstrp token id}\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {},
  "code": 403
* Connection #0 to host 192.168.0.4 left intact
}
--------------------------

# https 호출(CA인증서 + Client 인증서 적용): uri 변경
# 여기까지만 접근이 됨
curl --cacert {CA인증서 파일} --cert {Client인증서 파일} --key {CA인증서 파일 키} https://{minikube PC IP}:8443/api/v1
--------------------------
*   Trying 192.168.0.4:8443...
* Connected to 192.168.0.x (192.168.0.x) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: ca.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: O=system:masters; CN=minikube-user
*  start date: Feb 17 13:32:17 2024 GMT
*  expire date: Feb 16 13:32:17 2025 GMT
*  subjectAltName: host "192.168.0.x" matched cert's IP address!
*  issuer: CN=minikubeCA
*  SSL certificate verify ok.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /api/v1 HTTP/1.1
> Host: 192.168.0.x:8443
> User-Agent: curl/7.81.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.18.0 (Ubuntu)
< Date: Sun, 18 Feb 2024 15:26:03 GMT
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Audit-Id: bd164eb9-fd0b-42ca-9ba5-3d44432e5e98
< Cache-Control: no-cache, private
< X-Kubernetes-Pf-Flowschema-Uid: 225e85c1-d101-4128-9db6-4aa104d0e0b5
< X-Kubernetes-Pf-Prioritylevel-Uid: 6a18ac4a-4ef3-46b8-b2b7-20c375e9d1ab
<
{
  "kind": "APIResourceList",
  "groupVersion": "v1",
  "resources": [
    {
      "name": "bindings",

중략

    }
  ]
* Connection #0 to host 192.168.0.4 left intact
}
--------------------------