本文主要是介绍3.13 与k8s API交互,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
文章目录
- 1、查询K8S API服务器地址
- 2、访问K8S API服务器
上一节中介绍了可以通过 环境变量或者Downward API的方式传递元数据,该方法简洁易用,但时只可以向容器传递部分元数据,如果想获取更多的信息可以本节介绍的k8s API方式,可以与K8S API服务器进行访问来获取更多关于元数据的信息。我们创建查询各种k8s 资源,包括创建、查询和删除pod 、service、job等各种资源信息,都是通过与K8S API服务器进行交互执行的。
1、查询K8S API服务器地址
通过执行kubectl cluster-info命令可以获取K8S-API服务器地址。
[root@k8s-master01 ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.137.100:6443
KubeDNS is running at https://192.168.137.100:6443/api/v1/namespaces/kube-
2、访问K8S API服务器
本节介绍如何在pod中通过SericeAccount与k8s API服务器通信,如果pod可以访问k8s API的信息,就可以获取集群中其它资源的信息。在Secret中介绍了ServiceAccount的作用,所有创建的pod如不特别指定用到的ServiceAccount,都会用到k8s 提供的默认的ServiceAccount。pod中默认挂载的/var/run/secrets/kubernetes.io/serviceaccount路径下的Sercret包含了集群的认证信息,ServiceAccout就是通过该认证信息访问K8S API服务器,服务器认证通过后会把集群的资源信息返回给pod中。
下面在通过默认的ServiceAccount方式访问k8s API服务器之前,首先要对默认的ServiceAccout授权,k8s默认采用的RBAC认证授权机制,后续章节会介绍,本案例中先通过下述命令授予默认ServiceAccout服务账户管理员权限:
kubectl create clusterrolebinding serviceaccounts-cluster-admin \--clusterrole=cluster-admin \--group=system:serviceaccounts
pod对于K8S API服务来说是访问的客户端,pod客户端访问K8S API服务器应该通过认证证书进行访问,如下命令指定pod中ServiceAccount的认证证书
export CURL_CA_BUNDLE=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
ServiceAccount要获取k8s API服务器的授权,还应设置认证的token,通过下述命令设置:
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
下面开始访问k8s API服务器之前,要先获得服务器地址,之前已经用kubectl cluster-info获取到了服务器的位置,服务器映射在pod中的虚拟的地址可以通过env命令获取,如下所示
[root@k8s-master01 ~]# kubectl exec nginxpod -it -- /bin/sh
# env
MYSERVICE_PORT_8080_TCP_ADDR=10.106.129.199
MYSERVICE_SERVICE_HOST=10.106.129.199
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
MYSERVICE_PORT_8080_TCP_PORT=8080
HOSTNAME=nginxpod
MYSERVICE_PORT_8080_TCP_PROTO=tcp
HOME=/root
MYSERVICE_SERVICE_PORT=8080
MYSERVICE_PORT=tcp://10.106.129.199:8080
PKG_RELEASE=1~buster
MYSERVICE_PORT_8080_TCP=tcp://10.106.129.199:8080
TERM=xterm
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
NGINX_VERSION=1.19.0
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
NJS_VERSION=0.4.1
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
MYSERVICE_SERVICE_PORT_HTTP=8080
KUBERNETES_SERVICE_HOST=10.96.0.1
PWD=/
通过env命令可以发现k8s api服务器为https://10.96.0.1:443
首先通过下述命令获取k8s资源的组合版本信息
# curl -H "Authorization: Bearer $TOKEN" https://10.96.0.1:443
{"paths": ["/api","/api/v1","/apis","/apis/","/apis/admissionregistration.k8s.io","/apis/admissionregistration.k8s.io/v1beta1","/apis/apiextensions.k8s.io","/apis/apiextensions.k8s.io/v1beta1","/apis/apiregistration.k8s.io","/apis/apiregistration.k8s.io/v1","/apis/apiregistration.k8s.io/v1beta1","/apis/apps","/apis/apps/v1","/apis/apps/v1beta1","/apis/apps/v1beta2","/apis/authentication.k8s.io","/apis/authentication.k8s.io/v1","/apis/authentication.k8s.io/v1beta1","/apis/authorization.k8s.io","/apis/authorization.k8s.io/v1","/apis/authorization.k8s.io/v1beta1","/apis/autoscaling","/apis/autoscaling/v1","/apis/autoscaling/v2beta1","/apis/autoscaling/v2beta2","/apis/batch","/apis/batch/v1","/apis/batch/v1beta1","/apis/certificates.k8s.io","/apis/certificates.k8s.io/v1beta1","/apis/coordination.k8s.io","/apis/coordination.k8s.io/v1","/apis/coordination.k8s.io/v1beta1","/apis/events.k8s.io","/apis/events.k8s.io/v1beta1","/apis/extensions","/apis/extensions/v1beta1","/apis/networking.k8s.io","/apis/networking.k8s.io/v1","/apis/networking.k8s.io/v1beta1","/apis/node.k8s.io","/apis/node.k8s.io/v1beta1","/apis/policy","/apis/policy/v1beta1","/apis/rbac.authorization.k8s.io","/apis/rbac.authorization.k8s.io/v1","/apis/rbac.authorization.k8s.io/v1beta1","/apis/scheduling.k8s.io","/apis/scheduling.k8s.io/v1","/apis/scheduling.k8s.io/v1beta1","/apis/storage.k8s.io","/apis/storage.k8s.io/v1","/apis/storage.k8s.io/v1beta1","/healthz","/healthz/autoregister-completion","/healthz/etcd","/healthz/log","/healthz/ping","/healthz/poststarthook/apiservice-openapi-controller","/healthz/poststarthook/apiservice-registration-controller","/healthz/poststarthook/apiservice-status-available-controller","/healthz/poststarthook/bootstrap-controller","/healthz/poststarthook/ca-registration","/healthz/poststarthook/crd-informer-synced","/healthz/poststarthook/generic-apiserver-start-informers","/healthz/poststarthook/kube-apiserver-autoregistration","/healthz/poststarthook/rbac/bootstrap-roles","/healthz/poststarthook/scheduling/bootstrap-system-priority-classes","/healthz/poststarthook/start-apiextensions-controllers","/healthz/poststarthook/start-apiextensions-informers","/healthz/poststarthook/start-kube-aggregator-informers","/healthz/poststarthook/start-kube-apiserver-admission-initializer","/logs","/metrics","/openapi/v2","/version"]
}#
可以获取Jobs的资源信息,在前面章节创建Job时apiVersion填的都是batch/v1版本,可以通过下述命令获取,可以发现job支持create、delete、update、list等增删改查操作
# curl -H "Authorization: Bearer $TOKEN" https://10.96.0.1:443/apis/batch/v1
{"kind": "APIResourceList","apiVersion": "v1","groupVersion": "batch/v1","resources": [{"name": "jobs","singularName": "","namespaced": true,"kind": "Job","verbs": ["create","delete","deletecollection","get","list","patch","update","watch"],"categories": ["all"],"storageVersionHash": "mudhfqk/qZY="},{"name": "jobs/status","singularName": "","namespaced": true,"kind": "Job","verbs": ["get","patch","update"]}]
}#
可以获取default默认空间的jobs的所有信息,通过下述命令获取,发现只有一个Job,并且时Complete状态。
# curl -H "Authorization: Bearer $TOKEN" https://10.96.0.1:443/apis/batch/v1/namespaces/default/jobs
{"kind": "JobList","apiVersion": "batch/v1","metadata": {"selfLink": "/apis/batch/v1/namespaces/default/jobs","resourceVersion": "12165417"},"items": [{"metadata": {"name": "myjob","namespace": "default","selfLink": "/apis/batch/v1/namespaces/default/jobs/myjob","uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794","resourceVersion": "12148288","creationTimestamp": "2020-10-20T15:47:20Z","labels": {"controller-uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794","job-name": "myjob"},"annotations": {"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"batch/v1\",\"kind\":\"Job\",\"metadata\":{\"annotations\":{},\"name\":\"myjob\",\"namespace\":\"default\"},\"spec\":{\"template\":{\"metadata\":{\"name\":\"mypod\"},\"spec\":{\"containers\":[{\"command\":[\"/bin/sh\",\"-c\",\"sleep 60\"],\"image\":\"busybox\",\"imagePullPolicy\":\"IfNotPresent\",\"name\":\"my-busybox\"}],\"restartPolicy\":\"OnFailure\"}}}}\n"}},"spec": {"parallelism": 1,"completions": 1,"backoffLimit": 6,"selector": {"matchLabels": {"controller-uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794"}},"template": {"metadata": {"name": "mypod","creationTimestamp": null,"labels": {"controller-uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794","job-name": "myjob"}},"spec": {"containers": [{"name": "my-busybox","image": "busybox","command": ["/bin/sh","-c","sleep 60"],"resources": {},"terminationMessagePath": "/dev/termination-log","terminationMessagePolicy": "File","imagePullPolicy": "IfNotPresent"}],"restartPolicy": "OnFailure","terminationGracePeriodSeconds": 30,"dnsPolicy": "ClusterFirst","securityContext": {},"schedulerName": "default-scheduler"}}},"status": {"conditions": [{"type": "Complete","status": "True","lastProbeTime": "2020-10-20T15:48:21Z","lastTransitionTime": "2020-10-20T15:48:21Z"}],"startTime": "2020-10-20T15:47:20Z","completionTime": "2020-10-20T15:48:21Z","succeeded": 1}}]
}#
如果有多个job,还可以只获取指定的job信息,通过下述命令获取myjob的资源信息
# curl -H "Authorization: Bearer $TOKEN" https://10.96.0.1:443/apis/batch/v1/namespaces/default/jobs/myjob
{"kind": "Job","apiVersion": "batch/v1","metadata": {"name": "myjob","namespace": "default","selfLink": "/apis/batch/v1/namespaces/default/jobs/myjob","uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794","resourceVersion": "12148288","creationTimestamp": "2020-10-20T15:47:20Z","labels": {"controller-uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794","job-name": "myjob"},"annotations": {"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"batch/v1\",\"kind\":\"Job\",\"metadata\":{\"annotations\":{},\"name\":\"myjob\",\"namespace\":\"default\"},\"spec\":{\"template\":{\"metadata\":{\"name\":\"mypod\"},\"spec\":{\"containers\":[{\"command\":[\"/bin/sh\",\"-c\",\"sleep 60\"],\"image\":\"busybox\",\"imagePullPolicy\":\"IfNotPresent\",\"name\":\"my-busybox\"}],\"restartPolicy\":\"OnFailure\"}}}}\n"}},"spec": {"parallelism": 1,"completions": 1,"backoffLimit": 6,"selector": {"matchLabels": {"controller-uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794"}},"template": {"metadata": {"name": "mypod","creationTimestamp": null,"labels": {"controller-uid": "df6da4d9-3f48-4d7a-b03f-dc85fa8f7794","job-name": "myjob"}},"spec": {"containers": [{"name": "my-busybox","image": "busybox","command": ["/bin/sh","-c","sleep 60"],"resources": {},"terminationMessagePath": "/dev/termination-log","terminationMessagePolicy": "File","imagePullPolicy": "IfNotPresent"}],"restartPolicy": "OnFailure","terminationGracePeriodSeconds": 30,"dnsPolicy": "ClusterFirst","securityContext": {},"schedulerName": "default-scheduler"}}},"status": {"conditions": [{"type": "Complete","status": "True","lastProbeTime": "2020-10-20T15:48:21Z","lastTransitionTime": "2020-10-20T15:48:21Z"}],"startTime": "2020-10-20T15:47:20Z","completionTime": "2020-10-20T15:48:21Z","succeeded": 1}
}#
其他资源对象的信息依然可以通过上述方式获取,通过上述ServiceAccount方式,pod就内部就可以访问整个集群中的所有资源对象信息了,并可以对资源对象进行增删改查等操作。
这篇关于3.13 与k8s API交互的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
