kubernetes CRDS 自定义apiserver
系统:
[root@reg k8s.io]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
golang版本
[root@reg k8s.io]# go version
go version go1.10.1 linux/amd64
GOPATH
[root@reg k8s.io]# go env | grep GOPATH
GOPATH="/root/qinzhao/"
clone代码
cd /root/qinzhao/src/k8s.io
git clone https://github.com/kubernetes/sample-apiserver.git
cd sample-apiserver
生成update-codegen
[root@reg sample-apiserver]# ./hack/update-codegen.sh
Generating deepcopy funcs
Generating clientset for wardle:v1alpha1,v1beta1 at k8s.io/sample-apiserver/pkg/client/clientset
Generating listers for wardle:v1alpha1,v1beta1 at k8s.io/sample-apiserver/pkg/client/listers
Generating informers for wardle:v1alpha1,v1beta1 at k8s.io/sample-apiserver/pkg/client/informers
Generating deepcopy funcs
Generating defaulters
Generating conversions
编译
[root@reg sample-apiserver]# go build -v -o sample-apiserver
...
k8s.io/sample-apiserver/vendor/k8s.io/apiserver/pkg/server/options
k8s.io/sample-apiserver/pkg/admission/plugin/banflunder
k8s.io/sample-apiserver/pkg/cmd/server
k8s.io/sample-apiserver
生成证书
openssl req -nodes -new -x509 -keyout ca.key -out ca.crt
openssl req -out client.csr -new -newkey rsa:4096 -nodes -keyout client.key -subj "/CN=development/O=system:masters"
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
openssl pkcs12 -export -in ./client.crt -inkey ./client.key -out client.p12 -passout pass:password
./sample-apiserver --secure-port 9443 --etcd-servers http://10.39.0.119:2379 --v=7 \
--client-ca-file ca.crt \
--kubeconfig admin.conf \
--authentication-kubeconfig admin.conf \
--authorization-kubeconfig admin.conf
...
I1224 22:41:44.565866 8601 round_trippers.go:441] Response Status: 200 OK in 1 milliseconds
I1224 22:41:44.565870 8601 round_trippers.go:441] Response Status: 200 OK in 1 milliseconds
I1224 22:41:44.653354 8601 clientconn.go:551] parsed scheme: ""
I1224 22:41:44.653500 8601 clientconn.go:557] scheme "" not registered, fallback to default scheme
I1224 22:41:44.653599 8601 resolver_conn_wrapper.go:116] ccResolverWrapper: sending new addresses to cc: [{10.39.0.119:2379 0 }]
I1224 22:41:44.653712 8601 balancer_v1_wrapper.go:125] balancerWrapper: got update addr from Notify: [{10.39.0.119:2379 }]
I1224 22:41:44.654448 8601 balancer_v1_wrapper.go:245] clientv3/balancer: pin "10.39.0.119:2379"
I1224 22:41:44.654490 8601 balancer_v1_wrapper.go:125] balancerWrapper: got update addr from Notify: [{10.39.0.119:2379 }]
[root@reg sample-apiserver]# ./sample-apiserver -h
Launch a wardle API server
Usage:
[flags]
Flags:
--admission-control-config-file string File with admission control configuration.
--alsologtostderr log to standard error as well as files
--audit-dynamic-configuration Enables dynamic audit configuration. This feature also requires the DynamicAuditing feature flag
--audit-log-batch-buffer-size int The size of the buffer to store events before batching and writing. Only used in batch mode. (default 10000)
--audit-log-batch-max-size int The maximum size of a batch. Only used in batch mode. (default 1)
--audit-log-batch-max-wait duration The amount of time to wait before force writing the batch that hadn't reached the max size. Only used in batch mode.
[root@reg sample-apiserver]# curl -fv -k --cert ./client.p12:password https://10.39.0.102:9443/apis/wardle.k8s.io/v1alpha1/namespaces/default/flunders
* About to connect() to 10.39.0.102 port 9443 (#0)
* Trying 10.39.0.102...
* Connected to 10.39.0.102 (10.39.0.102) port 9443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* unable to load client cert: -8018 (SEC_ERROR_UNKNOWN_PKCS11_ERROR)
* NSS error -8018 (SEC_ERROR_UNKNOWN_PKCS11_ERROR)
* Unknown PKCS #11 error.
* Closing connection 0
curl: (58) unable to load client cert: -8018 (SEC_ERROR_UNKNOWN_PKCS11_ERROR)
搞定(除了证书的问题 (^^))
http --verify=no --cert client.crt --cert-key client.key https://10.39.0.102:9443/apis/wardle.k8s.io/v1alpha1/namespaces/default/flunders
后面apiserver-builder会替换掉sample-apiserver
参考:
apiserver-builder
sample-apiserver