Kubernetes是一个完全基于API的系统。使用curl或Postman等简单工具,在构建应用程序之前获取API信息更方便。
1、从查看 kubectl 的配置文件开始,需要:三个证书和 API server 的地址
# cat /root/.kube/config
2、我们将会把证书设为环境变量,在设置时候请检查每一个参数。我们从 client-certificate-data 开始。
export clientcert=$(grep client-cert ~/.kube/config |cut -d" " -f 6)
echo $clientcert
3、使用类似的命令将 client-key-data 保存为环境变量
export clientkey=$(grep client-key-data ~/.kube/config |cut -d" " -f 6)
echo $clientkey
4、然后是 certificate-authority-data
export certauth=$(grep certificate-authority-data ~/.kube/config |cut -d" " -f 6)
echo $certauth
5、加密这些变量,供 curl 使用:
[root@master k8s-cert]# echo $clientcert | base64 -d > ./client.pem
[root@master k8s-cert]# echo $clientkey | base64 -d > ./client-key.pem
[root@master k8s-cert]# echo $certauth | base64 -d > ./ca.pem
6、从配置文件中读取 server 地址:
kubectl config view |grep server
server: https://10.182.101.255:6443
7、使用 curl 和刚刚加密的密钥文件来访问 API server:
curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://10.182.101.255:6443/api/v1/pods
curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://10.182.101.255:6443/api/v1/namespace
export clientcert=$(grep client-cert ~/.kube/config |cut -d" " -f 6)
export clientkey=$(grep client-key-data ~/.kube/config |cut -d" " -f 6)
export certauth=$(grep certificate-authority-data ~/.kube/config |cut -d" " -f 6)
echo $clientcert | base64 -d > ./client.pem
echo $clientkey | base64 -d > ./client-key.pem
echo $certauth | base64 -d > ./ca.pem
curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://10.182.101.255:6443/api/v1/pods