使用k8s的api获取服务endpoint信息

本文主要研究一下如何使用k8s的api来获取服务endpoint信息

mac m2安装k8s

安装multipass

访问https://multipass.run/install,下载安装

创建实例

multipass launch --name primary --cpus 2 --disk 20G --memory 4G

安装microk8s

sudo snap install microk8s --classic
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
microk8s status --wait-ready

配置alias(~/.bash_aliases)

alias kubectl='microk8s kubectl'

查看是否ready

kubectl get node

不ready的话,大概率是pause镜像拉取不到,使用pullk8s来修正一下,稍微改动下

#!/bin/bash

check(){
  if [ "$1"x == "--microk8s"x ]
  then
    logs=`microk8s kubectl get pod --all-namespaces|tail -n +2|grep -v Running|while read line
    do
     declare -a arr=( $line )
     microk8s kubectl describe pod ${arr[1]} --namespace=${arr[0]}
    done|grep -i "image"|sed -nr 's/.*(failed to pull|Back-off pulling) image \"([^\"]+)\".*/\2/p'|uniq`
    echo ${logs}
  fi
}

pull(){
  image=$1
  imageName=${image/#registry\.k8s\.io\//}
  if [ "$image"x == "$imageName"x ]
  then
    imageName=${image/#gcr\.io\/google_containers\//}
  fi
  echo Pull $imageName ...
  if [ "$image"x == "$imageName"x ]
  then
    echo Pull $imageName ...
    docker pull $image
    exit 0
  fi
  hubimage=${imageName//\//\-}

  if [ -n ”$hubimage“ ]
  then
    echo Pull $imageName ...
    docker pull opsdockerimage/$hubimage
    docker tag opsdockerimage/$hubimage $1
    docker rmi opsdockerimage/$hubimage
    if [ "$2"x == "--microk8s"x ]
    then
      saveImage=${1#:}
      docker save $saveImage > ~/.docker_image.tmp.tar
      microk8s ctr image import ~/.docker_image.tmp.tar
      rm ~/.docker_image.tmp.tar
    fi
  fi
}

然后执行

pullk8s check --microk8s
pullk8s pull registry.k8s.io/pause:3.7 --microk8s
microk8s stop
microk8s start

示例

创建nginx

kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=8000 --target-port=80 --name=ngsvc
kubectl scale deployment nginx --replicas=3

使用kubectl查看

kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
kubernetes   ClusterIP   10.152.183.1            443/TCP    87m
ngsvc        ClusterIP   10.152.183.50           8000/TCP   3m44s

kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-77b4fdf86c-xbd6s   1/1     Running   0          18m
nginx-77b4fdf86c-g9gt5   1/1     Running   0          2m35s
nginx-77b4fdf86c-xq76f   1/1     Running   0          2m35s

kubectl get endpoints
NAME         ENDPOINTS                                         AGE
kubernetes   192.168.64.2:16443                                85m
ngsvc        10.1.226.133:80,10.1.226.134:80,10.1.226.135:80   64s

pod中使用api查看

kubectl get pods
kubectl exec -it nginx-77b4fdf86c-xbd6s sh


# 指向内部 API 服务器的主机名
APISERVER=https://kubernetes.default.svc

# 服务账号令牌的路径
SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount

# 读取 Pod 的名字空间
NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)

# 读取服务账号的持有者令牌
TOKEN=$(cat ${SERVICEACCOUNT}/token)

# 引用内部证书机构(CA)
CACERT=${SERVICEACCOUNT}/ca.crt

# 使用令牌访问 API
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/default/endpoints/ngsvc

返回如下:


{
  "kind": "Endpoints",
  "apiVersion": "v1",
  "metadata": {
    "name": "ngsvc",
    "namespace": "default",
    "uid": "bccd1acd-a8e2-419f-925e-8ae324bf2e8b",
    "resourceVersion": "5344",
    "creationTimestamp": "2023-07-22T05:57:24Z",
    "labels": {
      "app": "nginx"
    },
    "annotations": {
      "endpoints.kubernetes.io/last-change-trigger-time": "2023-07-22T05:58:26Z"
    },
    "managedFields": [
      {
        "manager": "kubelite",
        "operation": "Update",
        "apiVersion": "v1",
        "time": "2023-07-22T05:58:26Z",
        "fieldsType": "FieldsV1",
        "fieldsV1": {
          "f:metadata": {
            "f:annotations": {
              ".": {},
              "f:endpoints.kubernetes.io/last-change-trigger-time": {}
            },
            "f:labels": {
              ".": {},
              "f:app": {}
            }
          },
          "f:subsets": {}
        }
      }
    ]
  },
  "subsets": [
    {
      "addresses": [
        {
          "ip": "10.1.226.133",
          "nodeName": "primary",
          "targetRef": {
            "kind": "Pod",
            "namespace": "default",
            "name": "nginx-77b4fdf86c-xbd6s",
            "uid": "ebc83b51-a438-40a8-b543-17a14d98a267"
          }
        },
        {
          "ip": "10.1.226.134",
          "nodeName": "primary",
          "targetRef": {
            "kind": "Pod",
            "namespace": "default",
            "name": "nginx-77b4fdf86c-g9gt5",
            "uid": "956cda5b-1724-49f3-9bc6-96c523c3c946"
          }
        },
        {
          "ip": "10.1.226.135",
          "nodeName": "primary",
          "targetRef": {
            "kind": "Pod",
            "namespace": "default",
            "name": "nginx-77b4fdf86c-xq76f",
            "uid": "731f4544-2ccc-46c0-aeb6-610bd2a4fdf8"
          }
        }
      ],
      "ports": [
        {
          "port": 80,
          "protocol": "TCP"
        }
      ]
    }
  ]
}

容器外访问

获取api地址

kubectl get endpoints kubernetes
NAME         ENDPOINTS            AGE
kubernetes   192.168.64.2:16443   108m

查看token

/var/snap/microk8s/current/credentials/known_tokens.csv

获取admin的token

访问

curl -k --header "Authorization: Bearer ${token}" -X GET https://192.168.64.2:16443/api/v1/namespaces/default/endpoints/ngsvc

将上一步获取的token替换${token}即可

小结

k8s的api提供了获取endpoint的接口,可以根据service来获取对应pod的列表

doc

  • 使用multipass在mac搭建linux开发环境
  • github.com/OpsDocker/pullk8s
  • 从 Pod 中访问 Kubernetes API

你可能感兴趣的:(kubernetes,容器,云原生)