how to Access-Control-Allow-Origin setting？

[n-guitar]

I want run an api over https from my web app.
However, I can't run it because there is no setting for Access-Control-Allow-Origin.
For example, https://127.0.0.1:6443/api/v1/nodes

• Error

Access to fetch at 'https://127.0.0.1:6443/api/v1/nodes' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

• OK
  curl (local mac)

TOKEN=XXXXX
$ curl -X GET https://127.0.0.1:6443/api/v1/nodes --header "Authorization: Bearer $TOKEN" --insecure                                                      

• my k3s

# k3s --version
k3s version v1.20.5+k3s1 (355fff30)
go version go1.15.10

version: "3"
services:
  server:
    container_name: k3s-controller
    hostname: k3s-controller
    image: "rancher/k3s:${K3S_VERSION:-latest}"
    command: server
    tmpfs:
      - /run
      - /var/run
    privileged: true
    environment:
      - K3S_TOKEN=${K3S_TOKEN:?err}
      - K3S_KUBECONFIG_OUTPUT=/output/kubeconfig.yaml
      - K3S_KUBECONFIG_MODE=600
    volumes:
      - k3s-server:/var/lib/rancher/k3s
      - .:/output
    ports:
      - 6443:6443
      - 80:80
      - 443:443

  agent1:
    container_name: k3s-worker1
    hostname: k3s-worker1
    image: "rancher/k3s:${K3S_VERSION:-latest}"
    tmpfs:
      - /run
      - /var/run
    privileged: true
    environment:
      - K3S_URL=https://server:6443
      - K3S_TOKEN=${K3S_TOKEN:?err}
    ports:
      - 10080:80
      - 10443:443

  agent2:
    container_name: k3s-worker2
    hostname: k3s-worker2
    image: "rancher/k3s:${K3S_VERSION:-latest}"
    tmpfs:
      - /run
      - /var/run
    privileged: true
    environment:
      - K3S_URL=https://server:6443
      - K3S_TOKEN=${K3S_TOKEN:?err}
    ports:
      - 20080:80
      - 20443:443

volumes:
  k3s-server: {}

[brandond]

I think you're looking for: https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/#:~:text=--cors-allowed-origins

For K3s you can pass this as --kube-apiserver-arg=cors-allowed-origins=X

Keep in mind that the Kubernetes apiserver should not, in general, be exposed directly to the internet.

[n-guitar]

Thanks to your advice, I've solved the problem!

version: "3"
services:
  server:
    container_name: k3s-controller
    hostname: k3s-controller
    image: "rancher/k3s:${K3S_VERSION:-latest}"
    command:
      - server
      - --kube-apiserver-arg=cors-allowed-origins=['*']