本文主要研究一下如何使用k8s的api来获取服务endpoint信息
访问https://multipass.run/install,下载安装
multipass launch --name primary --cpus 2 --disk 20G --memory 4G
sudo snap install microk8s --classic
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
microk8s status --wait-ready
~/.bash_aliases
)alias kubectl='microk8s kubectl'
kubectl get node
不ready的话,大概率是pause镜像拉取不到,使用pullk8s来修正一下,稍微改动下
#!/bin/bash
check(){
if [ "$1"x == "--microk8s"x ]
then
logs=`microk8s kubectl get pod --all-namespaces|tail -n +2|grep -v Running|while read line
do
declare -a arr=( $line )
microk8s kubectl describe pod ${arr[1]} --namespace=${arr[0]}
done|grep -i "image"|sed -nr 's/.*(failed to pull|Back-off pulling) image \"([^\"]+)\".*/\2/p'|uniq`
echo ${logs}
fi
}
pull(){
image=$1
imageName=${image/#registry\.k8s\.io\//}
if [ "$image"x == "$imageName"x ]
then
imageName=${image/#gcr\.io\/google_containers\//}
fi
echo Pull $imageName ...
if [ "$image"x == "$imageName"x ]
then
echo Pull $imageName ...
docker pull $image
exit 0
fi
hubimage=${imageName//\//\-}
if [ -n ”$hubimage“ ]
then
echo Pull $imageName ...
docker pull opsdockerimage/$hubimage
docker tag opsdockerimage/$hubimage $1
docker rmi opsdockerimage/$hubimage
if [ "$2"x == "--microk8s"x ]
then
saveImage=${1#:}
docker save $saveImage > ~/.docker_image.tmp.tar
microk8s ctr image import ~/.docker_image.tmp.tar
rm ~/.docker_image.tmp.tar
fi
fi
}
然后执行
pullk8s check --microk8s
pullk8s pull registry.k8s.io/pause:3.7 --microk8s
microk8s stop
microk8s start
kubectl create deployment nginx --image=nginx
kubectl expose deployment nginx --port=8000 --target-port=80 --name=ngsvc
kubectl scale deployment nginx --replicas=3
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.152.183.1 443/TCP 87m
ngsvc ClusterIP 10.152.183.50 8000/TCP 3m44s
kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-77b4fdf86c-xbd6s 1/1 Running 0 18m
nginx-77b4fdf86c-g9gt5 1/1 Running 0 2m35s
nginx-77b4fdf86c-xq76f 1/1 Running 0 2m35s
kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 192.168.64.2:16443 85m
ngsvc 10.1.226.133:80,10.1.226.134:80,10.1.226.135:80 64s
kubectl get pods
kubectl exec -it nginx-77b4fdf86c-xbd6s sh
# 指向内部 API 服务器的主机名
APISERVER=https://kubernetes.default.svc
# 服务账号令牌的路径
SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
# 读取 Pod 的名字空间
NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
# 读取服务账号的持有者令牌
TOKEN=$(cat ${SERVICEACCOUNT}/token)
# 引用内部证书机构(CA)
CACERT=${SERVICEACCOUNT}/ca.crt
# 使用令牌访问 API
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/default/endpoints/ngsvc
返回如下:
{
"kind": "Endpoints",
"apiVersion": "v1",
"metadata": {
"name": "ngsvc",
"namespace": "default",
"uid": "bccd1acd-a8e2-419f-925e-8ae324bf2e8b",
"resourceVersion": "5344",
"creationTimestamp": "2023-07-22T05:57:24Z",
"labels": {
"app": "nginx"
},
"annotations": {
"endpoints.kubernetes.io/last-change-trigger-time": "2023-07-22T05:58:26Z"
},
"managedFields": [
{
"manager": "kubelite",
"operation": "Update",
"apiVersion": "v1",
"time": "2023-07-22T05:58:26Z",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:metadata": {
"f:annotations": {
".": {},
"f:endpoints.kubernetes.io/last-change-trigger-time": {}
},
"f:labels": {
".": {},
"f:app": {}
}
},
"f:subsets": {}
}
}
]
},
"subsets": [
{
"addresses": [
{
"ip": "10.1.226.133",
"nodeName": "primary",
"targetRef": {
"kind": "Pod",
"namespace": "default",
"name": "nginx-77b4fdf86c-xbd6s",
"uid": "ebc83b51-a438-40a8-b543-17a14d98a267"
}
},
{
"ip": "10.1.226.134",
"nodeName": "primary",
"targetRef": {
"kind": "Pod",
"namespace": "default",
"name": "nginx-77b4fdf86c-g9gt5",
"uid": "956cda5b-1724-49f3-9bc6-96c523c3c946"
}
},
{
"ip": "10.1.226.135",
"nodeName": "primary",
"targetRef": {
"kind": "Pod",
"namespace": "default",
"name": "nginx-77b4fdf86c-xq76f",
"uid": "731f4544-2ccc-46c0-aeb6-610bd2a4fdf8"
}
}
],
"ports": [
{
"port": 80,
"protocol": "TCP"
}
]
}
]
}
kubectl get endpoints kubernetes
NAME ENDPOINTS AGE
kubernetes 192.168.64.2:16443 108m
/var/snap/microk8s/current/credentials/known_tokens.csv
获取admin的token
curl -k --header "Authorization: Bearer ${token}" -X GET https://192.168.64.2:16443/api/v1/namespaces/default/endpoints/ngsvc
将上一步获取的token替换${token}即可
k8s的api提供了获取endpoint的接口,可以根据service来获取对应pod的列表