一起来学k8s 40. kubernetes api操作
kubernetes api操作
kubectl 通过访问 Kubernetes API 来执行命令。我们也可以通过对应的TLS key和token, 使用curl 或是 golang client做同样的事。
API 请求必须使用 JSON 格式来发送。 kubectl 的作用是将 .yaml 转换为 JSON 格式进行 API 请求。
通过证书访问
我们从查看 kubectl 的配置文件开始,需要:三个证书和 API server 的地址:
[root@master01 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://apiserver.k8s.local:8443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
[root@master01 ~]# cat /root/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01ERXdOekV5TURRek5sb1hEVE13TURFd05ERXlNRFF6Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWllCkRVQ0N2enJwaXdCM2REcGhVK1BRRTFDVWFJVUQ4MG1UTjRSK1pyWHc4Qmc2WUxiQ1luN05IUExpZjNzU3owWTQKaHdWUkpJa3NaSWtzbVlGQ1lBUnIvQU5iZ0ZOZTFTRm9xaE5ZVlpHbnNGQjAzbEhzTnB2SHBKL1h3ZkZibldVcApZRlZvL0M2NEQzYmdmYTM4Q0M3LzJoRFhGMmFpd0syLzlnY2ZqMk91Z0w0UWNsU3VOclZCWlhLUkFyYkNMS3p3CkRuYmJ1bHByS2F2dXBaMnllL0JtN0ZaVjVtdFlJeXVhVXZtN1BaR0gvclo5UlduQzliSmRUbTNCWEtPZE9GajUKSEpoeHMwY0E2UXo0RGZZcEorWE5jYTJQRTFQZjZ3a1FUcHA1ZVBGcGo1aVljL1pkQUwwcW1BSzZYcjdWQ0lObgpZbFg1NFM1dzA0NEZsdlQ2MVVrQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFKV2dQZy9BNk13eGxSQ2tkbG11TTlSd1MzaHEKNGJDeTQ1bUR4MGtMc21ESGFHakg3MWsyNGpJOGxjZDlzZU9rZ3JheWFpRFJEZ1piRTlXUmxldDE4TVovVkhuRApYSVFaZFRQVDZHaXNkelhnSGxIUWFRbmY3NDVnWVBiK2JhaUJvTjJENHJxbll2WXhVNUJQOTViT2ZwOGtHaHc2CkJ4YzZGYzV1Qzl6ZGRTRnZmUkpKUGs4NmszUHV1N05uMThWUHdDNHpFb1V2d0kyeUJ3Qlc5NmNCMlVBY3BxRHAKOGJWNGR6MTR2RFRPZ3p5UXpHQytWODU5eWR0ek84L1BxSGRRUmI0UktJVG9wNjc4dmZkWnpJTjRVN3dON1JwWQpQUFN1QjFvaGpkK21IRVE2cmRHcmdIYlNEODlsTTFSZG9VU05aaUNDZFQ4dlQ1NDlXVHJ3OWMzMXMzcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://apiserver.k8s.local:8443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJSk9zeUlxZTgyL3N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TURBeE1EY3hNakEwTXpaYUZ3MHlNVEF4TURZeE1qQTBNemhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXpnajFsZFMreXVrbEp0ekQKbXltN2k4MFMrdmRwWDA4TkR2T0lSVE15VEhNR293RmZuU3I0Y0w3Tm80S1F0VGtkR0E1YmxWZXBhMktseWtxMwpmS01kcUd6WlJSK3JxcGdQZzVOU1lBOVIxcUZWUlQzZCt3RDV1UEJHN3E3K0pJRUNGMnVhdlE2N2JLVUtQUXJWCjNWTitUa013dndxUFd0UHE3VDRHd3hDQUNxL0psUzBYVWdycExHL0NrMmd3NmFEcWtRSTlOT0Z1WktjL0lnR0MKSkpZaWNybmdlRnNPUUpOTmIxWEt0WnhFaDMydkdPVVlkWGxzb0ZDYUtuTnQ2TzY3Y0tyalEwWmNVeHRzM1BKYQpWTEtpVjlZbnBrK09TbkJZV3g4ZmNEQkp1SUo1dzRUYSsvMjdaQW9iN0JPdnZPWXllTUY3UWo1MVVHd2hMNGFTCjFjNFpJUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJUStCYk1GVUoya3VucnBoYTBaMTNBVjF3SDMwdzFXdU12YQowR3RlUTBHdVNIdVZwcTRTREMxU2VDS0NFWE83ZXlkSnd6UXJibEJzUjVPUkdYUFE4Ly9DTjVOdEdnVk04cXZECmhEcW5rNlF6RG9LYzBvalU5Yk9ab0Q1QlRmdk5VQ0h3Nzc3SWhOWHFmYTVEUzF5MEduWk5YYmZGTDFpQldNdHIKbzhqZkZaekN2UDZ3RDdkZXFGZFJYZm1IR2I0cVhGZWNJMDZSR1dudHBmbzRoYjVYVy9Gd282bUhERjViTU51eQpoMGhMWVJCOW1QT3p6Wjh4ckVFQVk0RnJ5NVF6T2pkb3hGT0VFRk5lU2xwcVBMdjMranh3c0Jjc0RkWDI5Q2djCnh0NEZ3UXE0ZnA0MFVhcHhxdXAydWZwVVptbUtUZDNPbjNtZFN3NkF5dEdkN0U5UzFKVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBemdqMWxkUyt5dWtsSnR6RG15bTdpODBTK3ZkcFgwOE5Edk9JUlRNeVRITUdvd0ZmCm5TcjRjTDdObzRLUXRUa2RHQTVibFZlcGEyS2x5a3EzZktNZHFHelpSUitycXBnUGc1TlNZQTlSMXFGVlJUM2QKK3dENXVQQkc3cTcrSklFQ0YydWF2UTY3YktVS1BRclYzVk4rVGtNd3Z3cVBXdFBxN1Q0R3d4Q0FDcS9KbFMwWApVZ3JwTEcvQ2syZ3c2YURxa1FJOU5PRnVaS2MvSWdHQ0pKWWljcm5nZUZzT1FKTk5iMVhLdFp4RWgzMnZHT1VZCmRYbHNvRkNhS25OdDZPNjdjS3JqUTBaY1V4dHMzUEphVkxLaVY5WW5waytPU25CWVd4OGZjREJKdUlKNXc0VGEKKy8yN1pBb2I3Qk92dk9ZeWVNRjdRajUxVUd3aEw0YVMxYzRaSVFJREFRQUJBb0lCQUd6RnNCbTg2a2tua3ZTVQpZalE5Y1FUYWJHWFFUbklCd3V3Y3g5bDRzTnBKYzd5RTBoeWdmZTdQM0xLeEVJS01OMzdtdlpUM1pic0twbXBJCnpkdmdKWjB3Y2ZnYlF6N1o3bjdSUFJEM3BZWUJRSXBBb2p1TWhVb01sL1lVcnBsSS9uaXMxMUZ1UUthWDd2TFIKRUowN0loaGhRby9wSEV1Z1M0dWFUbW1YQVhJaDcyMzJUL1c1OWIzTVFocmNndmt4NkJ5ck85SGcvZ0kxWXZFUApPcFY4VXZoL1Y0bFd6cWU4eHVaVkUyYm5xSHJKN2prWUM4OGw4ZjdOWjNhTlFXVEZlQlZKa2ZiVG0reExpNityCmcxamRTZU96MmwzQUVmUEJFY3ZkV2Q0TVlFK0I2NmdVSDc3L3dJc21EMGtwSTViYko1bGxLMGREbndiNjNSTDgKMUpOYTl3MENnWUVBNGxoSG95UXcrb1ZMSWJVNEh0T0orU3BpQ0syd0M0VVZpTTdabCtPSXk4YUpGalRDcHk2agpMTjM2MVZWR3c3Q0lrOW1pV0I4UUMvbTl0VWdyMTRSWFo4Y3ZGelFQdmZ6dS81Ri84eFp4NWpFWlpxcFlTVTJ4Cnd4TDBTSzNrRVpwL1lXYUR6dHJmeVpWNlJleEJaOXpvNWZFR1lXaFRGSmZ1YmxDeEorR0M3RXNDZ1lFQTZRZDYKSGNQbHV2TTRYcXJzSzdRNUlib3VTU0kyUTFaSXZkaXJzQURoZVR3azg0dTJIZ1hGVDhJWDFDMUhzWnhuMmRiWgp4RTFRQnYyaXRETE1XMGdiRTFRNzlNZnBheWgxYlJuS1UzL3NGWXY3QkROQmZkdVU3Q0FJcEhieHBRb2sxMCtQCnhzalQ1ZTZmK2pzWmVmSEZjbzZxWGVIams3bXUzWFAvMXY1eTFNTUNnWUE4Rmw5K0tiOXU0aS9kMVBQL0N2MVgKemk2VVN6ZXU5emVPU0F0dnpSR2x0eUR4YWpRNm1hRHI2a29LbEViaThGeHhrNWNMZWNPU3lrdlljajVoU2xyQgp6Qmp1T2YzcjI5ZSt0T3VZcHQ2NTAxTUE5RHZYeWU1azhRVTB2aVVMbjA0dGx6OXFqS1JZS1h4NlQ0dlZmTW0vCk1Vc1dWTkdwWitQK0dTSE9pb2x0SFFLQmdDTmtzVldJQllLSm9vd3VaY1NWa1AvZ2FWdE9TUE9kVFZzWVo2dEoKMXZVMC8xL0dYcGpjdzRWRHM1N1VhY2srT2ovSjlEVnVrTE1mSHZGRHJlcEhYMlZtSzkwWDZBb1FrUlZMRDRIegpNZ1pyeG1weTVvV1pMbHRXMmprd242OHpoVGoycXAzRXJ2cURiZVR4eVFMT2gvRElYblAzOVRyZ3Z3Qi90K0lOCnI1OUZBb0dBRm5iKzQ1QUpaUVVYMU5HSVJjVGZ0MU0wUDcyalJJVmIzaU82ZEdRSTRjNFU0VGJrdFVvR3EycmQKRHhvb2hGOEd6NG9MOEVlY3E2R0NyNmVhcndMSGNYWWVwV0FxV08zb2dTY2dSdHN3N1dYVWV4blY1M3R3N212NQpnTkxQWWVUeCtrMDhwbDR1K0psMGgvZm8rbjFrbXdwbzVEUm9GaDZsMU1ocXJ6eHNRWEE9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
获取证书文件
echo `grep client-cert /root/.kube/config |cut -d" " -f 6` | base64 -d > /root/client.pem
echo `grep client-key-data /root/.kube/config |cut -d" " -f 6` | base64 -d > /root/client-key.pem
echo `grep certificate-authority-data /root/.kube/config |cut -d" " -f 6` | base64 -d > /root/ca.pem
获取apiserver
kubectl config view |grep server|cut -f 2- -d ":" | tr -d " "
利用证书访问
[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/admissionregistration.k8s.io",
"/apis/admissionregistration.k8s.io/v1",
"/apis/admissionregistration.k8s.io/v1beta1",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1",
"/apis/apiextensions.k8s.io/v1beta1",
"/apis/apiregistration.k8s.io",
"/apis/apiregistration.k8s.io/v1",
"/apis/apiregistration.k8s.io/v1beta1",
"/apis/apps",
"/apis/apps/v1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2beta1",
"/apis/autoscaling/v2beta2",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v1beta1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1beta1",
"/apis/coordination.k8s.io",
"/apis/coordination.k8s.io/v1",
"/apis/coordination.k8s.io/v1beta1",
"/apis/crd.projectcalico.org",
"/apis/crd.projectcalico.org/v1",
"/apis/events.k8s.io",
"/apis/events.k8s.io/v1beta1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/networking.k8s.io",
"/apis/networking.k8s.io/v1",
"/apis/networking.k8s.io/v1beta1",
"/apis/node.k8s.io",
"/apis/node.k8s.io/v1beta1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1",
"/apis/rbac.authorization.k8s.io/v1beta1",
"/apis/scheduling.k8s.io",
"/apis/scheduling.k8s.io/v1",
"/apis/scheduling.k8s.io/v1beta1",
"/apis/settings.k8s.io",
"/apis/settings.k8s.io/v1alpha1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/autoregister-completion",
"/healthz/etcd",
"/healthz/log",
"/healthz/ping",
"/healthz/poststarthook/apiservice-openapi-controller",
"/healthz/poststarthook/apiservice-registration-controller",
"/healthz/poststarthook/apiservice-status-available-controller",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/ca-registration",
"/healthz/poststarthook/crd-informer-synced",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/kube-apiserver-autoregistration",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/healthz/poststarthook/start-kube-aggregator-informers",
"/healthz/poststarthook/start-kube-apiserver-admission-initializer",
"/livez",
"/livez/autoregister-completion",
"/livez/etcd",
"/livez/log",
"/livez/ping",
"/livez/poststarthook/apiservice-openapi-controller",
"/livez/poststarthook/apiservice-registration-controller",
"/livez/poststarthook/apiservice-status-available-controller",
"/livez/poststarthook/bootstrap-controller",
"/livez/poststarthook/ca-registration",
"/livez/poststarthook/crd-informer-synced",
"/livez/poststarthook/generic-apiserver-start-informers",
"/livez/poststarthook/kube-apiserver-autoregistration",
"/livez/poststarthook/rbac/bootstrap-roles",
"/livez/poststarthook/scheduling/bootstrap-system-priority-classes",
"/livez/poststarthook/start-apiextensions-controllers",
"/livez/poststarthook/start-apiextensions-informers",
"/livez/poststarthook/start-kube-aggregator-informers",
"/livez/poststarthook/start-kube-apiserver-admission-initializer",
"/logs",
"/metrics",
"/openapi/v2",
"/readyz",
"/readyz/autoregister-completion",
"/readyz/etcd",
"/readyz/log",
"/readyz/ping",
"/readyz/poststarthook/apiservice-openapi-controller",
"/readyz/poststarthook/apiservice-registration-controller",
"/readyz/poststarthook/apiservice-status-available-controller",
"/readyz/poststarthook/bootstrap-controller",
"/readyz/poststarthook/ca-registration",
"/readyz/poststarthook/crd-informer-synced",
"/readyz/poststarthook/generic-apiserver-start-informers",
"/readyz/poststarthook/kube-apiserver-autoregistration",
"/readyz/poststarthook/rbac/bootstrap-roles",
"/readyz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/readyz/poststarthook/start-apiextensions-controllers",
"/readyz/poststarthook/start-apiextensions-informers",
"/readyz/poststarthook/start-kube-aggregator-informers",
"/readyz/poststarthook/start-kube-apiserver-admission-initializer",
"/readyz/shutdown",
"/version"
]
}
利用token访问
创建serviceaccount
kubectl create serviceaccount cluster-admin -n kube-system
clusterrolebinding绑定
kubectl create clusterrolebinding curl-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:cluster-admin
获取token
kubectl describe secrets $(kubectl get secrets -n kube-system |grep cluster-admin|cut -f1 -d ' ') -n kube-system | grep -E '^token' |cut -f2 -d':'|tr -d '\t'|tr -d ' '
获取apiserver
kubectl config view |grep server|cut -f 2- -d ":" | tr -d " "
利用token访问
[root@master01 ~]# curl -H "Authorization: Bearer $(kubectl describe secrets $(kubectl get secrets -n kube-system |grep cluster-admin|cut -f1 -d ' ') -n kube-system | grep -E ^token' |cut -f2 -d':'|tr -d '\t'|tr -d ' ')" $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ") -k
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/admissionregistration.k8s.io",
"/apis/admissionregistration.k8s.io/v1",
"/apis/admissionregistration.k8s.io/v1beta1",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1",
"/apis/apiextensions.k8s.io/v1beta1",
"/apis/apiregistration.k8s.io",
"/apis/apiregistration.k8s.io/v1",
"/apis/apiregistration.k8s.io/v1beta1",
"/apis/apps",
"/apis/apps/v1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2beta1",
"/apis/autoscaling/v2beta2",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v1beta1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1beta1",
"/apis/coordination.k8s.io",
"/apis/coordination.k8s.io/v1",
"/apis/coordination.k8s.io/v1beta1",
"/apis/crd.projectcalico.org",
"/apis/crd.projectcalico.org/v1",
"/apis/events.k8s.io",
"/apis/events.k8s.io/v1beta1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/networking.k8s.io",
"/apis/networking.k8s.io/v1",
"/apis/networking.k8s.io/v1beta1",
"/apis/node.k8s.io",
"/apis/node.k8s.io/v1beta1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1",
"/apis/rbac.authorization.k8s.io/v1beta1",
"/apis/scheduling.k8s.io",
"/apis/scheduling.k8s.io/v1",
"/apis/scheduling.k8s.io/v1beta1",
"/apis/settings.k8s.io",
"/apis/settings.k8s.io/v1alpha1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/autoregister-completion",
"/healthz/etcd",
"/healthz/log",
"/healthz/ping",
"/healthz/poststarthook/apiservice-openapi-controller",
"/healthz/poststarthook/apiservice-registration-controller",
"/healthz/poststarthook/apiservice-status-available-controller",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/ca-registration",
"/healthz/poststarthook/crd-informer-synced",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/kube-apiserver-autoregistration",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/healthz/poststarthook/start-kube-aggregator-informers",
"/healthz/poststarthook/start-kube-apiserver-admission-initializer",
"/livez",
"/livez/autoregister-completion",
"/livez/etcd",
"/livez/log",
"/livez/ping",
"/livez/poststarthook/apiservice-openapi-controller",
"/livez/poststarthook/apiservice-registration-controller",
"/livez/poststarthook/apiservice-status-available-controller",
"/livez/poststarthook/bootstrap-controller",
"/livez/poststarthook/ca-registration",
"/livez/poststarthook/crd-informer-synced",
"/livez/poststarthook/generic-apiserver-start-informers",
"/livez/poststarthook/kube-apiserver-autoregistration",
"/livez/poststarthook/rbac/bootstrap-roles",
"/livez/poststarthook/scheduling/bootstrap-system-priority-classes",
"/livez/poststarthook/start-apiextensions-controllers",
"/livez/poststarthook/start-apiextensions-informers",
"/livez/poststarthook/start-kube-aggregator-informers",
"/livez/poststarthook/start-kube-apiserver-admission-initializer",
"/logs",
"/metrics",
"/openapi/v2",
"/readyz",
"/readyz/autoregister-completion",
"/readyz/etcd",
"/readyz/log",
"/readyz/ping",
"/readyz/poststarthook/apiservice-openapi-controller",
"/readyz/poststarthook/apiservice-registration-controller",
"/readyz/poststarthook/apiservice-status-available-controller",
"/readyz/poststarthook/bootstrap-controller",
"/readyz/poststarthook/ca-registration",
"/readyz/poststarthook/crd-informer-synced",
"/readyz/poststarthook/generic-apiserver-start-informers",
"/readyz/poststarthook/kube-apiserver-autoregistration",
"/readyz/poststarthook/rbac/bootstrap-roles",
"/readyz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/readyz/poststarthook/start-apiextensions-controllers",
"/readyz/poststarthook/start-apiextensions-informers",
"/readyz/poststarthook/start-kube-aggregator-informers",
"/readyz/poststarthook/start-kube-apiserver-admission-initializer",
"/readyz/shutdown",
"/version"
]
}
创建pod
cat > busybox.yaml <curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
-H 'Content-Type: application/yaml' \
-s -w "状态码是:%{http_code}\n" \
-d "$(cat /root/busybox.yaml)" \
$(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/
[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
> -H 'Content-Type: application/yaml' \
> -s -w "状态码是:%{http_code}\n" \
> -d "$(cat /root/busybox.yaml)" \
> $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "busybox",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/pods/busybox",
"uid": "6e834ed7-758f-4235-89aa-0b037ac531bb",
"resourceVersion": "165388",
"creationTimestamp": "2020-01-11T15:48:01Z"
},
"spec": {
"volumes": [
{
"name": "default-token-q49sn",
"secret": {
"secretName": "default-token-q49sn",
"defaultMode": 420
}
}
],
"containers": [
{
"name": "busybox",
"image": "busybox",
"command": [
"sleep",
"300"
],
"resources": {
},
"volumeMounts": [
{
"name": "default-token-q49sn",
"readOnly": true,
"mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
}
],
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "Always"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"serviceAccountName": "default",
"serviceAccount": "default",
"securityContext": {
},
"schedulerName": "default-scheduler",
"tolerations": [
{
"key": "node.kubernetes.io/not-ready",
"operator": "Exists",
"effect": "NoExecute",
"tolerationSeconds": 300
},
{
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"effect": "NoExecute",
"tolerationSeconds": 300
}
],
"priority": 0,
"enableServiceLinks": true
},
"status": {
"phase": "Pending",
"qosClass": "BestEffort"
}
}状态码是:201
[root@master01 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 62s
查看pod
curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
-X GET \
$(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/
[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
> -X GET \
> $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/
{
"kind": "PodList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/namespaces/default/pods/",
"resourceVersion": "165813"
},
"items": [
{
"metadata": {
"name": "busybox",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/pods/busybox",
"uid": "6e834ed7-758f-4235-89aa-0b037ac531bb",
"resourceVersion": "165416",
"creationTimestamp": "2020-01-11T15:48:01Z",
"annotations": {
"cni.projectcalico.org/podIP": "10.244.186.215/32",
"cni.projectcalico.org/podIPs": "10.244.186.215/32"
}
},
"spec": {
"volumes": [
{
"name": "default-token-q49sn",
"secret": {
"secretName": "default-token-q49sn",
"defaultMode": 420
}
}
],
"containers": [
{
"name": "busybox",
"image": "busybox",
"command": [
"sleep",
"300"
],
"resources": {
},
"volumeMounts": [
{
"name": "default-token-q49sn",
"readOnly": true,
"mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
}
],
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "Always"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"serviceAccountName": "default",
"serviceAccount": "default",
"nodeName": "node03",
"securityContext": {
},
"schedulerName": "default-scheduler",
"tolerations": [
{
"key": "node.kubernetes.io/not-ready",
"operator": "Exists",
"effect": "NoExecute",
"tolerationSeconds": 300
},
{
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"effect": "NoExecute",
"tolerationSeconds": 300
}
],
"priority": 0,
"enableServiceLinks": true
},
"status": {
"phase": "Running",
"conditions": [
{
"type": "Initialized",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T15:48:00Z"
},
{
"type": "Ready",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T15:48:09Z"
},
{
"type": "ContainersReady",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T15:48:09Z"
},
{
"type": "PodScheduled",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T15:48:01Z"
}
],
"hostIP": "192.168.33.203",
"podIP": "10.244.186.215",
"podIPs": [
{
"ip": "10.244.186.215"
}
],
"startTime": "2020-01-11T15:48:00Z",
"containerStatuses": [
{
"name": "busybox",
"state": {
"running": {
"startedAt": "2020-01-11T15:48:09Z"
}
},
"lastState": {
},
"ready": true,
"restartCount": 0,
"image": "busybox:latest",
"imageID": "docker-pullable://busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a",
"containerID": "docker://480703525d1b3dec521d026f1648e4b44b4a2860520e88f304433f041fd7a1dc",
"started": true
}
],
"qosClass": "BestEffort"
}
}
]
}
删除pod
curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
-X DELETE \
-w "\n状态码是:%{http_code}\n" \
$(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/busybox
[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
> -X DELETE \
> -w "\n状态码是:%{http_code}\n" \
> $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/busybox
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "busybox",
"namespace": "default",
"selfLink": "/api/v1/namespaces/default/pods/busybox",
"uid": "b1861bbd-3fd8-439b-8616-5544cdfc2457",
"resourceVersion": "166932",
"creationTimestamp": "2020-01-11T16:00:07Z",
"deletionTimestamp": "2020-01-11T16:00:57Z",
"deletionGracePeriodSeconds": 30,
"annotations": {
"cni.projectcalico.org/podIP": "10.244.186.216/32",
"cni.projectcalico.org/podIPs": "10.244.186.216/32",
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"busybox\",\"namespace\":\"default\"},\"spec\":{\"containers\":[{\"command\":[\"sleep\",\"300\"],\"image\":\"busybox\",\"name\":\"busybox\"}]}}\n"
}
},
"spec": {
"volumes": [
{
"name": "default-token-q49sn",
"secret": {
"secretName": "default-token-q49sn",
"defaultMode": 420
}
}
],
"containers": [
{
"name": "busybox",
"image": "busybox",
"command": [
"sleep",
"300"
],
"resources": {
},
"volumeMounts": [
{
"name": "default-token-q49sn",
"readOnly": true,
"mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
}
],
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "Always"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"serviceAccountName": "default",
"serviceAccount": "default",
"nodeName": "node03",
"securityContext": {
},
"schedulerName": "default-scheduler",
"tolerations": [
{
"key": "node.kubernetes.io/not-ready",
"operator": "Exists",
"effect": "NoExecute",
"tolerationSeconds": 300
},
{
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"effect": "NoExecute",
"tolerationSeconds": 300
}
],
"priority": 0,
"enableServiceLinks": true
},
"status": {
"phase": "Running",
"conditions": [
{
"type": "Initialized",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T16:00:07Z"
},
{
"type": "Ready",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T16:00:12Z"
},
{
"type": "ContainersReady",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T16:00:12Z"
},
{
"type": "PodScheduled",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2020-01-11T16:00:08Z"
}
],
"hostIP": "192.168.33.203",
"podIP": "10.244.186.216",
"podIPs": [
{
"ip": "10.244.186.216"
}
],
"startTime": "2020-01-11T16:00:07Z",
"containerStatuses": [
{
"name": "busybox",
"state": {
"running": {
"startedAt": "2020-01-11T16:00:11Z"
}
},
"lastState": {
},
"ready": true,
"restartCount": 0,
"image": "busybox:latest",
"imageID": "docker-pullable://busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a",
"containerID": "docker://25d74619fddd784cd434aee1b0252f70acc0e1ad7107a564ed361ed38b7b3ea0",
"started": true
}
],
"qosClass": "BestEffort"
}
}
状态码是:200