访问RESTful API
- 获取api服务地址
student@ubuntu:/root$kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://172.30.81.194:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
2.获取bearer token
student@ubuntu:/root$kubectl describe secrets default-token-2vfld
Name: default-token-2vfld
Namespace: default
Labels:
Annotations: kubernetes.io/service-account.name: default
kubernetes.io/service-account.uid: abfdfc63-f2f0-11e8-82d1-52540066b534
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tMnZmbGQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImFiZmRmYzYzLWYyZjAtMTFlOC04MmQxLTUyNTQwMDY2YjUzNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.fWTsTgecWmMELue_kVAA6w3dlEOdkulwPCSc-hvPLbNINj_B2xRmByWBcTZn54kasa5PwK80ZKiXUqs7LBNewO_xCtnAcYR18WYqo2wZ65mReQaqZuyV0JoDIpfs96uncgEyF-HhfuP4ahSPjS3uAtnAEtCYYwTxfXNNfOekaprvIIg-heeV5itaiAJjjmzFUiWcAyE9Qz2-8hFn4goWGldVdJOAC48oDqWWZ01Qs3PtlkSDij_rLDS94BrXkgbQderwQoJFecaDJsO0L5BT93u7fTw82g_KpKFVPtPc_KZPJ8WlGeih11E1oVa4BiWXa8jtMMUxEwVq1Bj4RH6YsQ
- curl使用bearer token访问
student@ubuntu:/root$token=$(kubectl describe secrets default-token-2vfld |grep token:|awk '{print $2}')
student@ubuntu:/root$curl https://172.30.81.194:6443/apis --header "Authorization: Bearer $token" -k
{
"kind": "APIGroupList",
"apiVersion": "v1",
"groups": [
{
"name": "apiregistration.k8s.io",
"versions": [
{
"groupVersion": "apiregistration.k8s.io/v1",
"version": "v1"
},
{
"groupVersion": "apiregistration.k8s.io/v1beta1",
"version": "v1beta1"
}
],
4.访问namesapces,rbac为授权,访问失败
student@ubuntu:/root$curl https://172.30.81.194:6443/api/v1/namespaces --header "Authorization: Bearer $token" -k
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "namespaces is forbidden: User \"system:serviceaccount:default:default\" cannot list resource \"namespaces\" in API group \"\" at the cluster scope",
"reason": "Forbidden",
"details": {
"kind": "namespaces"
},
"code": 403
5.默认pod使用的是该namespace下default serviceaccount
...
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-2vfld
readOnly: true
dnsPolicy: ClusterFirst
nodeName: node-193
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
...
volumes:
- name: default-token-2vfld
secret:
defaultMode: 420
secretName: default-token-2vfld
student@ubuntu:/root$kubectl exec -it busybox-58d7d5b949-bpfsj sh
/ # ls -l /var/run/secrets/kubernetes.io/serviceaccount/
total 0
lrwxrwxrwx 1 root root 13 Nov 30 02:46 ca.crt -> ..data/ca.crt
lrwxrwxrwx 1 root root 16 Nov 30 02:46 namespace -> ..data/namespace
lrwxrwxrwx 1 root root 12 Nov 30 02:46 token -> ..data/token
/ # cat /var/run/secrets/kubernetes.io/serviceaccount/token
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4tMnZmbGQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImFiZmRmYzYzLWYyZjAtMTFlOC04MmQxLTUyNTQwMDY2YjUzNCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.fWTsTgecWmMELue_kVAA6w3dlEOdkulwPCSc-hvPLbNINj_B2xRmByWBcTZn54kasa5PwK80ZKiXUqs7LBNewO_xCtnAcYR18WYqo2wZ65mReQaqZuyV0JoDIpfs96uncgEyF-HhfuP4ahSPjS3uAtnAEtCYYwTxfXNNfOekaprvIIg-heeV5itaiAJjjmzFUiWcAyE9Qz2-8hFn4goWGldVdJOAC48oDqWWZ01Qs3PtlkSDij_rLDS94BrXkgbQderwQoJFecaDJsO0L5BT93u7fTw82g_KpKFVPtPc_KZPJ8WlGeih11E1oVa4BiWXa8jtMMUxEwVq1Bj4RH6YsQ/ #
proxy访问api server
1.开启代理
student@ubuntu:/root$kubectl proxy -h
Creates a proxy server or application-level gateway between localhost and the
Kubernetes API Server. It also allows serving static content over specified HTTP
path. All incoming data enters through one port and gets forwarded to the remote
kubernetes API Server port, except for the path matching the static content
path.
Examples:
# To proxy all of the kubernetes api and nothing else, use:
$ kubectl proxy --api-prefix=/
student@ubuntu:/root$kubectl proxy --address=0.0.0.0
Starting to serve on [::]:8001
2.通过代理访问api
root@ubuntu:~# curl 127.0.0.1:8001/api
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "172.30.81.194:6443"
}
]
}
root@ubuntu:~# curl 172.30.81.194:8001/api
jobs的操作
1.定义yaml文件
student@ubuntu:~/job$cat job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: sleepy
spec:
template:
spec:
containers:
- name: resting
image: busybox
command: ["/bin/sleep"]
args: ["3"]
restartPolicy: Never
2.创建job
student@ubuntu:~/job$kubectl get pod
NAME READY STATUS RESTARTS AGE
sleepy-6r4l7 0/1 Completed 0 18s
student@ubuntu:~/job$kubectl describe jobs.batch
Name: sleepy
Namespace: default
Selector: controller-uid=05ec9da1-f6a7-11e8-9072-52540066b534
Labels: controller-uid=05ec9da1-f6a7-11e8-9072-52540066b534
job-name=sleepy
Annotations:
Parallelism: 1
Completions: 1
Start Time: Mon, 03 Dec 2018 10:56:25 +0800
Completed At: Mon, 03 Dec 2018 10:56:33 +0800
Duration: 8s
Pods Statuses: 0 Running / 1 Succeeded / 0 Failed
Pod Template:
Labels: controller-uid=05ec9da1-f6a7-11e8-9072-52540066b534
job-name=sleepy
Containers:
resting:
Image: busybox
Port:
Host Port:
Command:
/bin/sleep
Args:
3
Environment:
Mounts:
Volumes:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal SuccessfulCreate 31s job-controller Created pod: sleepy-6r4l7
3.查看job
student@ubuntu:~/job$kubectl get pod
NAME READY STATUS RESTARTS AGE
sleepy-6r4l7 0/1 Completed 0 5m8s
student@ubuntu:~/job$kubectl get pod,job
NAME READY STATUS RESTARTS AGE
pod/sleepy-6r4l7 0/1 Completed 0 5m13s
NAME COMPLETIONS DURATION AGE
job.batch/sleepy 1/1 8s 5m13s
4.修改job completions
apiVersion: batch/v1
kind: Job
metadata:
name: sleepy
spec:
completions: 3
template:
spec:
containers:
- name: resting
image: busybox
command: ["/bin/sleep"]
args: ["3"]
restartPolicy: Never
- 查看pod
student@ubuntu:~/job$kubectl get pod,job
NAME READY STATUS RESTARTS AGE
pod/sleepy-576dd 0/1 Completed 0 22s
pod/sleepy-8n2c2 0/1 Completed 0 13s
pod/sleepy-sxk4t 0/1 Completed 0 59s
NAME COMPLETIONS DURATION AGE
job.batch/sleepy 3/3 54s 59s
6.修改job parallelism
student@ubuntu:~/job$cat job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: sleepy
spec:
completions: 5
parallelism: 2
template:
spec:
containers:
- name: resting
image: busybox
command: ["/bin/sleep"]
args: ["3"]
restartPolicy: Never
7.查看效果,一次创建2个,交替完成5个
student@ubuntu:~/job$kubectl create -f job.yaml ;while :;do kubectl get pod;sleep 1;done
job.batch/sleepy created
NAME READY STATUS RESTARTS AGE
sleepy-qzz58 0/1 ContainerCreating 0 0s
sleepy-t9dv6 0/1 Pending 0 0s
NAME READY STATUS RESTARTS AGE
sleepy-qzz58 0/1 ContainerCreating 0 1s
sleepy-t9dv6 0/1 ContainerCreating 0 1s
NAME READY STATUS RESTARTS AGE
sleepy-qzz58 0/1 ContainerCreating 0 2s
sleepy-t9dv6 0/1 ContainerCreating 0 2s
NAME READY STATUS RESTARTS AGE
sleepy-qzz58 0/1 ContainerCreating 0 3s
sleepy-t9dv6 0/1 ContainerCreating 0 3s
NAME READY STATUS RESTARTS AGE
sleepy-qzz58 0/1 ContainerCreating 0 5s
sleepy-t9dv6 0/1 ContainerCreating 0 5s
NAME READY STATUS RESTARTS AGE
sleepy-qzz58 1/1 Running 0 6s
sleepy-t9dv6 0/1 ContainerCreating 0 6s
NAME READY STATUS RESTARTS AGE
sleepy-qzz58 1/1 Running 0 7s
sleepy-t9dv6 1/1 Running 0 7s
NAME READY STATUS RESTARTS AGE
sleepy-qk6kx 0/1 ContainerCreating 0 0s
sleepy-qzz58 0/1 Completed 0 8s
sleepy-t9dv6 1/1 Running 0 8s
NAME READY STATUS RESTARTS AGE
sleepy-nsbg8 0/1 ContainerCreating 0 0s
sleepy-qk6kx 0/1 ContainerCreating 0 1s
sleepy-qzz58 0/1 Completed 0 9s
sleepy-t9dv6 0/1 Completed 0 9s
8.添加job 运行时长
student@ubuntu:~/job$cat job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: sleepy
spec:
completions: 5
parallelism: 2
activeDeadlineSeconds: 15
template:
spec:
containers:
- name: resting
image: busybox
command: ["/bin/sleep"]
args: ["3"]
restartPolicy: Never
9.查看运行效果,15后运行的pod被杀掉
student@ubuntu:~/job$kubectl create -f job.yaml ;while :;do kubectl get pod;echo ;sleep 1;done
job.batch/sleepy created
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 ContainerCreating 0 0s
sleepy-dsj2d 0/1 ContainerCreating 0 0s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 ContainerCreating 0 1s
sleepy-dsj2d 0/1 ContainerCreating 0 1s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 ContainerCreating 0 3s
sleepy-dsj2d 0/1 ContainerCreating 0 3s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 ContainerCreating 0 4s
sleepy-dsj2d 0/1 ContainerCreating 0 4s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 ContainerCreating 0 5s
sleepy-dsj2d 0/1 ContainerCreating 0 5s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 1/1 Running 0 6s
sleepy-dsj2d 1/1 Running 0 6s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 1/1 Running 0 7s
sleepy-dsj2d 1/1 Running 0 7s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 Completed 0 8s
sleepy-dsj2d 0/1 Completed 0 8s
sleepy-llhls 0/1 ContainerCreating 0 0s
sleepy-s7jrs 0/1 ContainerCreating 0 0s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 Completed 0 10s
sleepy-dsj2d 0/1 Completed 0 10s
sleepy-llhls 0/1 ContainerCreating 0 2s
sleepy-s7jrs 0/1 ContainerCreating 0 2s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 Completed 0 11s
sleepy-dsj2d 0/1 Completed 0 11s
sleepy-llhls 0/1 ContainerCreating 0 3s
sleepy-s7jrs 0/1 ContainerCreating 0 3s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 Completed 0 12s
sleepy-dsj2d 0/1 Completed 0 12s
sleepy-llhls 0/1 ContainerCreating 0 4s
sleepy-s7jrs 0/1 ContainerCreating 0 4s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 Completed 0 13s
sleepy-dsj2d 0/1 Completed 0 13s
sleepy-llhls 0/1 ContainerCreating 0 5s
sleepy-s7jrs 0/1 ContainerCreating 0 5s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 Completed 0 14s
sleepy-dsj2d 0/1 Completed 0 14s
sleepy-llhls 1/1 Running 0 6s
sleepy-s7jrs 1/1 Running 0 6s
NAME READY STATUS RESTARTS AGE
sleepy-4hbdn 0/1 Completed 0 16s
sleepy-dsj2d 0/1 Completed 0 16s
sleepy-llhls 1/1 Terminating 0 8s
sleepy-s7jrs 1/1 Terminating 0 8s
student@ubuntu:~/job$kubectl get jobs.batch
NAME COMPLETIONS DURATION AGE
sleepy 2/5 29s 29s
cronjob
1.创建cronjob
student@ubuntu:~/job$cat cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: sleepy
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: testing
image: busybox
command: ["/bin/sleep"]
args: ["3"]
restartPolicy: Never
2.查看
student@ubuntu:~/job$kubectl get cronjobs.batch
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
sleepy */1 * * * * False 0 19s 5m2s
student@ubuntu:~/job$kubectl get jobs.batch
NAME COMPLETIONS DURATION AGE
sleepy-1543808040 1/1 8s 2m17s
sleepy-1543808100 1/1 9s 77s
sleepy-1543808160 1/1 8s 17s
student@ubuntu:~/job$kubectl get pod
NAME READY STATUS RESTARTS AGE
sleepy-1543808040-sb4jh 0/1 Completed 0 2m20s
sleepy-1543808100-s2dnk 0/1 Completed 0 80s
sleepy-1543808160-gvvhw 0/1 Completed 0 20s