一起来学k8s 40. kubernetes api操作

最新推荐文章于 2020-11-06 17:25:12 发布
最新推荐文章于 2020-11-06 17:25:12 发布
阅读量2.9k 收藏 1
点赞数
分类专栏: kubernetes 文章标签: kubernetes
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/tangwei0928/article/details/104440837
版权

kubernetes api操作

kubectl 通过访问 Kubernetes API 来执行命令。我们也可以通过对应的TLS key和token, 使用curl 或是 golang client做同样的事。

API 请求必须使用 JSON 格式来发送。 kubectl 的作用是将 .yaml 转换为 JSON 格式进行 API 请求。

通过证书访问

我们从查看 kubectl 的配置文件开始,需要:三个证书和 API server 的地址:

[root@master01 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://apiserver.k8s.local:8443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED


[root@master01 ~]# cat /root/.kube/config 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJd01ERXdOekV5TURRek5sb1hEVE13TURFd05ERXlNRFF6Tmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWllCkRVQ0N2enJwaXdCM2REcGhVK1BRRTFDVWFJVUQ4MG1UTjRSK1pyWHc4Qmc2WUxiQ1luN05IUExpZjNzU3owWTQKaHdWUkpJa3NaSWtzbVlGQ1lBUnIvQU5iZ0ZOZTFTRm9xaE5ZVlpHbnNGQjAzbEhzTnB2SHBKL1h3ZkZibldVcApZRlZvL0M2NEQzYmdmYTM4Q0M3LzJoRFhGMmFpd0syLzlnY2ZqMk91Z0w0UWNsU3VOclZCWlhLUkFyYkNMS3p3CkRuYmJ1bHByS2F2dXBaMnllL0JtN0ZaVjVtdFlJeXVhVXZtN1BaR0gvclo5UlduQzliSmRUbTNCWEtPZE9GajUKSEpoeHMwY0E2UXo0RGZZcEorWE5jYTJQRTFQZjZ3a1FUcHA1ZVBGcGo1aVljL1pkQUwwcW1BSzZYcjdWQ0lObgpZbFg1NFM1dzA0NEZsdlQ2MVVrQ0F3RUFBYU1qTUNFd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFKV2dQZy9BNk13eGxSQ2tkbG11TTlSd1MzaHEKNGJDeTQ1bUR4MGtMc21ESGFHakg3MWsyNGpJOGxjZDlzZU9rZ3JheWFpRFJEZ1piRTlXUmxldDE4TVovVkhuRApYSVFaZFRQVDZHaXNkelhnSGxIUWFRbmY3NDVnWVBiK2JhaUJvTjJENHJxbll2WXhVNUJQOTViT2ZwOGtHaHc2CkJ4YzZGYzV1Qzl6ZGRTRnZmUkpKUGs4NmszUHV1N05uMThWUHdDNHpFb1V2d0kyeUJ3Qlc5NmNCMlVBY3BxRHAKOGJWNGR6MTR2RFRPZ3p5UXpHQytWODU5eWR0ek84L1BxSGRRUmI0UktJVG9wNjc4dmZkWnpJTjRVN3dON1JwWQpQUFN1QjFvaGpkK21IRVE2cmRHcmdIYlNEODlsTTFSZG9VU05aaUNDZFQ4dlQ1NDlXVHJ3OWMzMXMzcz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    server: https://apiserver.k8s.local:8443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM4akNDQWRxZ0F3SUJBZ0lJSk9zeUlxZTgyL3N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TURBeE1EY3hNakEwTXpaYUZ3MHlNVEF4TURZeE1qQTBNemhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXpnajFsZFMreXVrbEp0ekQKbXltN2k4MFMrdmRwWDA4TkR2T0lSVE15VEhNR293RmZuU3I0Y0w3Tm80S1F0VGtkR0E1YmxWZXBhMktseWtxMwpmS01kcUd6WlJSK3JxcGdQZzVOU1lBOVIxcUZWUlQzZCt3RDV1UEJHN3E3K0pJRUNGMnVhdlE2N2JLVUtQUXJWCjNWTitUa013dndxUFd0UHE3VDRHd3hDQUNxL0psUzBYVWdycExHL0NrMmd3NmFEcWtRSTlOT0Z1WktjL0lnR0MKSkpZaWNybmdlRnNPUUpOTmIxWEt0WnhFaDMydkdPVVlkWGxzb0ZDYUtuTnQ2TzY3Y0tyalEwWmNVeHRzM1BKYQpWTEtpVjlZbnBrK09TbkJZV3g4ZmNEQkp1SUo1dzRUYSsvMjdaQW9iN0JPdnZPWXllTUY3UWo1MVVHd2hMNGFTCjFjNFpJUUlEQVFBQm95Y3dKVEFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJUStCYk1GVUoya3VucnBoYTBaMTNBVjF3SDMwdzFXdU12YQowR3RlUTBHdVNIdVZwcTRTREMxU2VDS0NFWE83ZXlkSnd6UXJibEJzUjVPUkdYUFE4Ly9DTjVOdEdnVk04cXZECmhEcW5rNlF6RG9LYzBvalU5Yk9ab0Q1QlRmdk5VQ0h3Nzc3SWhOWHFmYTVEUzF5MEduWk5YYmZGTDFpQldNdHIKbzhqZkZaekN2UDZ3RDdkZXFGZFJYZm1IR2I0cVhGZWNJMDZSR1dudHBmbzRoYjVYVy9Gd282bUhERjViTU51eQpoMGhMWVJCOW1QT3p6Wjh4ckVFQVk0RnJ5NVF6T2pkb3hGT0VFRk5lU2xwcVBMdjMranh3c0Jjc0RkWDI5Q2djCnh0NEZ3UXE0ZnA0MFVhcHhxdXAydWZwVVptbUtUZDNPbjNtZFN3NkF5dEdkN0U5UzFKVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBemdqMWxkUyt5dWtsSnR6RG15bTdpODBTK3ZkcFgwOE5Edk9JUlRNeVRITUdvd0ZmCm5TcjRjTDdObzRLUXRUa2RHQTVibFZlcGEyS2x5a3EzZktNZHFHelpSUitycXBnUGc1TlNZQTlSMXFGVlJUM2QKK3dENXVQQkc3cTcrSklFQ0YydWF2UTY3YktVS1BRclYzVk4rVGtNd3Z3cVBXdFBxN1Q0R3d4Q0FDcS9KbFMwWApVZ3JwTEcvQ2syZ3c2YURxa1FJOU5PRnVaS2MvSWdHQ0pKWWljcm5nZUZzT1FKTk5iMVhLdFp4RWgzMnZHT1VZCmRYbHNvRkNhS25OdDZPNjdjS3JqUTBaY1V4dHMzUEphVkxLaVY5WW5waytPU25CWVd4OGZjREJKdUlKNXc0VGEKKy8yN1pBb2I3Qk92dk9ZeWVNRjdRajUxVUd3aEw0YVMxYzRaSVFJREFRQUJBb0lCQUd6RnNCbTg2a2tua3ZTVQpZalE5Y1FUYWJHWFFUbklCd3V3Y3g5bDRzTnBKYzd5RTBoeWdmZTdQM0xLeEVJS01OMzdtdlpUM1pic0twbXBJCnpkdmdKWjB3Y2ZnYlF6N1o3bjdSUFJEM3BZWUJRSXBBb2p1TWhVb01sL1lVcnBsSS9uaXMxMUZ1UUthWDd2TFIKRUowN0loaGhRby9wSEV1Z1M0dWFUbW1YQVhJaDcyMzJUL1c1OWIzTVFocmNndmt4NkJ5ck85SGcvZ0kxWXZFUApPcFY4VXZoL1Y0bFd6cWU4eHVaVkUyYm5xSHJKN2prWUM4OGw4ZjdOWjNhTlFXVEZlQlZKa2ZiVG0reExpNityCmcxamRTZU96MmwzQUVmUEJFY3ZkV2Q0TVlFK0I2NmdVSDc3L3dJc21EMGtwSTViYko1bGxLMGREbndiNjNSTDgKMUpOYTl3MENnWUVBNGxoSG95UXcrb1ZMSWJVNEh0T0orU3BpQ0syd0M0VVZpTTdabCtPSXk4YUpGalRDcHk2agpMTjM2MVZWR3c3Q0lrOW1pV0I4UUMvbTl0VWdyMTRSWFo4Y3ZGelFQdmZ6dS81Ri84eFp4NWpFWlpxcFlTVTJ4Cnd4TDBTSzNrRVpwL1lXYUR6dHJmeVpWNlJleEJaOXpvNWZFR1lXaFRGSmZ1YmxDeEorR0M3RXNDZ1lFQTZRZDYKSGNQbHV2TTRYcXJzSzdRNUlib3VTU0kyUTFaSXZkaXJzQURoZVR3azg0dTJIZ1hGVDhJWDFDMUhzWnhuMmRiWgp4RTFRQnYyaXRETE1XMGdiRTFRNzlNZnBheWgxYlJuS1UzL3NGWXY3QkROQmZkdVU3Q0FJcEhieHBRb2sxMCtQCnhzalQ1ZTZmK2pzWmVmSEZjbzZxWGVIams3bXUzWFAvMXY1eTFNTUNnWUE4Rmw5K0tiOXU0aS9kMVBQL0N2MVgKemk2VVN6ZXU5emVPU0F0dnpSR2x0eUR4YWpRNm1hRHI2a29LbEViaThGeHhrNWNMZWNPU3lrdlljajVoU2xyQgp6Qmp1T2YzcjI5ZSt0T3VZcHQ2NTAxTUE5RHZYeWU1azhRVTB2aVVMbjA0dGx6OXFqS1JZS1h4NlQ0dlZmTW0vCk1Vc1dWTkdwWitQK0dTSE9pb2x0SFFLQmdDTmtzVldJQllLSm9vd3VaY1NWa1AvZ2FWdE9TUE9kVFZzWVo2dEoKMXZVMC8xL0dYcGpjdzRWRHM1N1VhY2srT2ovSjlEVnVrTE1mSHZGRHJlcEhYMlZtSzkwWDZBb1FrUlZMRDRIegpNZ1pyeG1weTVvV1pMbHRXMmprd242OHpoVGoycXAzRXJ2cURiZVR4eVFMT2gvRElYblAzOVRyZ3Z3Qi90K0lOCnI1OUZBb0dBRm5iKzQ1QUpaUVVYMU5HSVJjVGZ0MU0wUDcyalJJVmIzaU82ZEdRSTRjNFU0VGJrdFVvR3EycmQKRHhvb2hGOEd6NG9MOEVlY3E2R0NyNmVhcndMSGNYWWVwV0FxV08zb2dTY2dSdHN3N1dYVWV4blY1M3R3N212NQpnTkxQWWVUeCtrMDhwbDR1K0psMGgvZm8rbjFrbXdwbzVEUm9GaDZsMU1ocXJ6eHNRWEE9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

获取证书文件

echo `grep client-cert /root/.kube/config |cut -d" " -f 6` | base64 -d > /root/client.pem

echo `grep client-key-data /root/.kube/config |cut -d" " -f 6` | base64 -d > /root/client-key.pem

echo `grep certificate-authority-data /root/.kube/config |cut -d" " -f 6` | base64 -d > /root/ca.pem

获取apiserver

kubectl config view |grep server|cut -f 2- -d ":" | tr -d " "

利用证书访问

[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem  $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")
{
  "paths": [
    "/api",
    "/api/v1",
    "/apis",
    "/apis/",
    "/apis/admissionregistration.k8s.io",
    "/apis/admissionregistration.k8s.io/v1",
    "/apis/admissionregistration.k8s.io/v1beta1",
    "/apis/apiextensions.k8s.io",
    "/apis/apiextensions.k8s.io/v1",
    "/apis/apiextensions.k8s.io/v1beta1",
    "/apis/apiregistration.k8s.io",
    "/apis/apiregistration.k8s.io/v1",
    "/apis/apiregistration.k8s.io/v1beta1",
    "/apis/apps",
    "/apis/apps/v1",
    "/apis/authentication.k8s.io",
    "/apis/authentication.k8s.io/v1",
    "/apis/authentication.k8s.io/v1beta1",
    "/apis/authorization.k8s.io",
    "/apis/authorization.k8s.io/v1",
    "/apis/authorization.k8s.io/v1beta1",
    "/apis/autoscaling",
    "/apis/autoscaling/v1",
    "/apis/autoscaling/v2beta1",
    "/apis/autoscaling/v2beta2",
    "/apis/batch",
    "/apis/batch/v1",
    "/apis/batch/v1beta1",
    "/apis/certificates.k8s.io",
    "/apis/certificates.k8s.io/v1beta1",
    "/apis/coordination.k8s.io",
    "/apis/coordination.k8s.io/v1",
    "/apis/coordination.k8s.io/v1beta1",
    "/apis/crd.projectcalico.org",
    "/apis/crd.projectcalico.org/v1",
    "/apis/events.k8s.io",
    "/apis/events.k8s.io/v1beta1",
    "/apis/extensions",
    "/apis/extensions/v1beta1",
    "/apis/networking.k8s.io",
    "/apis/networking.k8s.io/v1",
    "/apis/networking.k8s.io/v1beta1",
    "/apis/node.k8s.io",
    "/apis/node.k8s.io/v1beta1",
    "/apis/policy",
    "/apis/policy/v1beta1",
    "/apis/rbac.authorization.k8s.io",
    "/apis/rbac.authorization.k8s.io/v1",
    "/apis/rbac.authorization.k8s.io/v1beta1",
    "/apis/scheduling.k8s.io",
    "/apis/scheduling.k8s.io/v1",
    "/apis/scheduling.k8s.io/v1beta1",
    "/apis/settings.k8s.io",
    "/apis/settings.k8s.io/v1alpha1",
    "/apis/storage.k8s.io",
    "/apis/storage.k8s.io/v1",
    "/apis/storage.k8s.io/v1beta1",
    "/healthz",
    "/healthz/autoregister-completion",
    "/healthz/etcd",
    "/healthz/log",
    "/healthz/ping",
    "/healthz/poststarthook/apiservice-openapi-controller",
    "/healthz/poststarthook/apiservice-registration-controller",
    "/healthz/poststarthook/apiservice-status-available-controller",
    "/healthz/poststarthook/bootstrap-controller",
    "/healthz/poststarthook/ca-registration",
    "/healthz/poststarthook/crd-informer-synced",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/kube-apiserver-autoregistration",
    "/healthz/poststarthook/rbac/bootstrap-roles",
    "/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/healthz/poststarthook/start-apiextensions-controllers",
    "/healthz/poststarthook/start-apiextensions-informers",
    "/healthz/poststarthook/start-kube-aggregator-informers",
    "/healthz/poststarthook/start-kube-apiserver-admission-initializer",
    "/livez",
    "/livez/autoregister-completion",
    "/livez/etcd",
    "/livez/log",
    "/livez/ping",
    "/livez/poststarthook/apiservice-openapi-controller",
    "/livez/poststarthook/apiservice-registration-controller",
    "/livez/poststarthook/apiservice-status-available-controller",
    "/livez/poststarthook/bootstrap-controller",
    "/livez/poststarthook/ca-registration",
    "/livez/poststarthook/crd-informer-synced",
    "/livez/poststarthook/generic-apiserver-start-informers",
    "/livez/poststarthook/kube-apiserver-autoregistration",
    "/livez/poststarthook/rbac/bootstrap-roles",
    "/livez/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/livez/poststarthook/start-apiextensions-controllers",
    "/livez/poststarthook/start-apiextensions-informers",
    "/livez/poststarthook/start-kube-aggregator-informers",
    "/livez/poststarthook/start-kube-apiserver-admission-initializer",
    "/logs",
    "/metrics",
    "/openapi/v2",
    "/readyz",
    "/readyz/autoregister-completion",
    "/readyz/etcd",
    "/readyz/log",
    "/readyz/ping",
    "/readyz/poststarthook/apiservice-openapi-controller",
    "/readyz/poststarthook/apiservice-registration-controller",
    "/readyz/poststarthook/apiservice-status-available-controller",
    "/readyz/poststarthook/bootstrap-controller",
    "/readyz/poststarthook/ca-registration",
    "/readyz/poststarthook/crd-informer-synced",
    "/readyz/poststarthook/generic-apiserver-start-informers",
    "/readyz/poststarthook/kube-apiserver-autoregistration",
    "/readyz/poststarthook/rbac/bootstrap-roles",
    "/readyz/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/readyz/poststarthook/start-apiextensions-controllers",
    "/readyz/poststarthook/start-apiextensions-informers",
    "/readyz/poststarthook/start-kube-aggregator-informers",
    "/readyz/poststarthook/start-kube-apiserver-admission-initializer",
    "/readyz/shutdown",
    "/version"
  ]
}

利用token访问

创建serviceaccount

kubectl create serviceaccount  cluster-admin -n kube-system

clusterrolebinding绑定

kubectl create clusterrolebinding  curl-cluster-admin --clusterrole=cluster-admin   --serviceaccount=kube-system:cluster-admin

获取token

kubectl describe secrets $(kubectl get secrets -n kube-system |grep cluster-admin|cut -f1 -d ' ') -n kube-system | grep -E '^token' |cut -f2 -d':'|tr -d '\t'|tr -d ' '

获取apiserver

kubectl config view |grep server|cut -f 2- -d ":" | tr -d " "

利用token访问

[root@master01 ~]# curl -H "Authorization: Bearer $(kubectl describe secrets $(kubectl get secrets -n kube-system |grep cluster-admin|cut -f1 -d ' ') -n kube-system | grep -E ^token' |cut -f2 -d':'|tr -d '\t'|tr -d ' ')"  $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ") -k
{
  "paths": [
    "/api",
    "/api/v1",
    "/apis",
    "/apis/",
    "/apis/admissionregistration.k8s.io",
    "/apis/admissionregistration.k8s.io/v1",
    "/apis/admissionregistration.k8s.io/v1beta1",
    "/apis/apiextensions.k8s.io",
    "/apis/apiextensions.k8s.io/v1",
    "/apis/apiextensions.k8s.io/v1beta1",
    "/apis/apiregistration.k8s.io",
    "/apis/apiregistration.k8s.io/v1",
    "/apis/apiregistration.k8s.io/v1beta1",
    "/apis/apps",
    "/apis/apps/v1",
    "/apis/authentication.k8s.io",
    "/apis/authentication.k8s.io/v1",
    "/apis/authentication.k8s.io/v1beta1",
    "/apis/authorization.k8s.io",
    "/apis/authorization.k8s.io/v1",
    "/apis/authorization.k8s.io/v1beta1",
    "/apis/autoscaling",
    "/apis/autoscaling/v1",
    "/apis/autoscaling/v2beta1",
    "/apis/autoscaling/v2beta2",
    "/apis/batch",
    "/apis/batch/v1",
    "/apis/batch/v1beta1",
    "/apis/certificates.k8s.io",
    "/apis/certificates.k8s.io/v1beta1",
    "/apis/coordination.k8s.io",
    "/apis/coordination.k8s.io/v1",
    "/apis/coordination.k8s.io/v1beta1",
    "/apis/crd.projectcalico.org",
    "/apis/crd.projectcalico.org/v1",
    "/apis/events.k8s.io",
    "/apis/events.k8s.io/v1beta1",
    "/apis/extensions",
    "/apis/extensions/v1beta1",
    "/apis/networking.k8s.io",
    "/apis/networking.k8s.io/v1",
    "/apis/networking.k8s.io/v1beta1",
    "/apis/node.k8s.io",
    "/apis/node.k8s.io/v1beta1",
    "/apis/policy",
    "/apis/policy/v1beta1",
    "/apis/rbac.authorization.k8s.io",
    "/apis/rbac.authorization.k8s.io/v1",
    "/apis/rbac.authorization.k8s.io/v1beta1",
    "/apis/scheduling.k8s.io",
    "/apis/scheduling.k8s.io/v1",
    "/apis/scheduling.k8s.io/v1beta1",
    "/apis/settings.k8s.io",
    "/apis/settings.k8s.io/v1alpha1",
    "/apis/storage.k8s.io",
    "/apis/storage.k8s.io/v1",
    "/apis/storage.k8s.io/v1beta1",
    "/healthz",
    "/healthz/autoregister-completion",
    "/healthz/etcd",
    "/healthz/log",
    "/healthz/ping",
    "/healthz/poststarthook/apiservice-openapi-controller",
    "/healthz/poststarthook/apiservice-registration-controller",
    "/healthz/poststarthook/apiservice-status-available-controller",
    "/healthz/poststarthook/bootstrap-controller",
    "/healthz/poststarthook/ca-registration",
    "/healthz/poststarthook/crd-informer-synced",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/kube-apiserver-autoregistration",
    "/healthz/poststarthook/rbac/bootstrap-roles",
    "/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/healthz/poststarthook/start-apiextensions-controllers",
    "/healthz/poststarthook/start-apiextensions-informers",
    "/healthz/poststarthook/start-kube-aggregator-informers",
    "/healthz/poststarthook/start-kube-apiserver-admission-initializer",
    "/livez",
    "/livez/autoregister-completion",
    "/livez/etcd",
    "/livez/log",
    "/livez/ping",
    "/livez/poststarthook/apiservice-openapi-controller",
    "/livez/poststarthook/apiservice-registration-controller",
    "/livez/poststarthook/apiservice-status-available-controller",
    "/livez/poststarthook/bootstrap-controller",
    "/livez/poststarthook/ca-registration",
    "/livez/poststarthook/crd-informer-synced",
    "/livez/poststarthook/generic-apiserver-start-informers",
    "/livez/poststarthook/kube-apiserver-autoregistration",
    "/livez/poststarthook/rbac/bootstrap-roles",
    "/livez/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/livez/poststarthook/start-apiextensions-controllers",
    "/livez/poststarthook/start-apiextensions-informers",
    "/livez/poststarthook/start-kube-aggregator-informers",
    "/livez/poststarthook/start-kube-apiserver-admission-initializer",
    "/logs",
    "/metrics",
    "/openapi/v2",
    "/readyz",
    "/readyz/autoregister-completion",
    "/readyz/etcd",
    "/readyz/log",
    "/readyz/ping",
    "/readyz/poststarthook/apiservice-openapi-controller",
    "/readyz/poststarthook/apiservice-registration-controller",
    "/readyz/poststarthook/apiservice-status-available-controller",
    "/readyz/poststarthook/bootstrap-controller",
    "/readyz/poststarthook/ca-registration",
    "/readyz/poststarthook/crd-informer-synced",
    "/readyz/poststarthook/generic-apiserver-start-informers",
    "/readyz/poststarthook/kube-apiserver-autoregistration",
    "/readyz/poststarthook/rbac/bootstrap-roles",
    "/readyz/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/readyz/poststarthook/start-apiextensions-controllers",
    "/readyz/poststarthook/start-apiextensions-informers",
    "/readyz/poststarthook/start-kube-aggregator-informers",
    "/readyz/poststarthook/start-kube-apiserver-admission-initializer",
    "/readyz/shutdown",
    "/version"
  ]
}

创建pod

cat > busybox.yaml <<EOF
apiVersion: v1
kind: Pod
metadata:
  name: busybox
  namespace: default
spec:
  containers:
  - name: busybox
    image: busybox
    command: ["sleep", "300"]
EOF

curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
-H 'Content-Type: application/yaml' \
-s -w "状态码是:%{http_code}\n" \
-d "$(cat /root/busybox.yaml)" \
$(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/

[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
> -H 'Content-Type: application/yaml' \
> -s -w "状态码是:%{http_code}\n" \
> -d "$(cat /root/busybox.yaml)" \
> $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/
{
  "kind": "Pod",
  "apiVersion": "v1",
  "metadata": {
    "name": "busybox",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/pods/busybox",
    "uid": "6e834ed7-758f-4235-89aa-0b037ac531bb",
    "resourceVersion": "165388",
    "creationTimestamp": "2020-01-11T15:48:01Z"
  },
  "spec": {
    "volumes": [
      {
        "name": "default-token-q49sn",
        "secret": {
          "secretName": "default-token-q49sn",
          "defaultMode": 420
        }
      }
    ],
    "containers": [
      {
        "name": "busybox",
        "image": "busybox",
        "command": [
          "sleep",
          "300"
        ],
        "resources": {
          
        },
        "volumeMounts": [
          {
            "name": "default-token-q49sn",
            "readOnly": true,
            "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
          }
        ],
        "terminationMessagePath": "/dev/termination-log",
        "terminationMessagePolicy": "File",
        "imagePullPolicy": "Always"
      }
    ],
    "restartPolicy": "Always",
    "terminationGracePeriodSeconds": 30,
    "dnsPolicy": "ClusterFirst",
    "serviceAccountName": "default",
    "serviceAccount": "default",
    "securityContext": {
      
    },
    "schedulerName": "default-scheduler",
    "tolerations": [
      {
        "key": "node.kubernetes.io/not-ready",
        "operator": "Exists",
        "effect": "NoExecute",
        "tolerationSeconds": 300
      },
      {
        "key": "node.kubernetes.io/unreachable",
        "operator": "Exists",
        "effect": "NoExecute",
        "tolerationSeconds": 300
      }
    ],
    "priority": 0,
    "enableServiceLinks": true
  },
  "status": {
    "phase": "Pending",
    "qosClass": "BestEffort"
  }
}状态码是:201


[root@master01 ~]# kubectl get pods
NAME      READY   STATUS    RESTARTS   AGE
busybox   1/1     Running   0          62s

查看pod

curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
-X GET \
$(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/

[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
> -X GET \
> $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/
{
  "kind": "PodList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/api/v1/namespaces/default/pods/",
    "resourceVersion": "165813"
  },
  "items": [
    {
      "metadata": {
        "name": "busybox",
        "namespace": "default",
        "selfLink": "/api/v1/namespaces/default/pods/busybox",
        "uid": "6e834ed7-758f-4235-89aa-0b037ac531bb",
        "resourceVersion": "165416",
        "creationTimestamp": "2020-01-11T15:48:01Z",
        "annotations": {
          "cni.projectcalico.org/podIP": "10.244.186.215/32",
          "cni.projectcalico.org/podIPs": "10.244.186.215/32"
        }
      },
      "spec": {
        "volumes": [
          {
            "name": "default-token-q49sn",
            "secret": {
              "secretName": "default-token-q49sn",
              "defaultMode": 420
            }
          }
        ],
        "containers": [
          {
            "name": "busybox",
            "image": "busybox",
            "command": [
              "sleep",
              "300"
            ],
            "resources": {
              
            },
            "volumeMounts": [
              {
                "name": "default-token-q49sn",
                "readOnly": true,
                "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
              }
            ],
            "terminationMessagePath": "/dev/termination-log",
            "terminationMessagePolicy": "File",
            "imagePullPolicy": "Always"
          }
        ],
        "restartPolicy": "Always",
        "terminationGracePeriodSeconds": 30,
        "dnsPolicy": "ClusterFirst",
        "serviceAccountName": "default",
        "serviceAccount": "default",
        "nodeName": "node03",
        "securityContext": {
          
        },
        "schedulerName": "default-scheduler",
        "tolerations": [
          {
            "key": "node.kubernetes.io/not-ready",
            "operator": "Exists",
            "effect": "NoExecute",
            "tolerationSeconds": 300
          },
          {
            "key": "node.kubernetes.io/unreachable",
            "operator": "Exists",
            "effect": "NoExecute",
            "tolerationSeconds": 300
          }
        ],
        "priority": 0,
        "enableServiceLinks": true
      },
      "status": {
        "phase": "Running",
        "conditions": [
          {
            "type": "Initialized",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2020-01-11T15:48:00Z"
          },
          {
            "type": "Ready",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2020-01-11T15:48:09Z"
          },
          {
            "type": "ContainersReady",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2020-01-11T15:48:09Z"
          },
          {
            "type": "PodScheduled",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2020-01-11T15:48:01Z"
          }
        ],
        "hostIP": "192.168.33.203",
        "podIP": "10.244.186.215",
        "podIPs": [
          {
            "ip": "10.244.186.215"
          }
        ],
        "startTime": "2020-01-11T15:48:00Z",
        "containerStatuses": [
          {
            "name": "busybox",
            "state": {
              "running": {
                "startedAt": "2020-01-11T15:48:09Z"
              }
            },
            "lastState": {
              
            },
            "ready": true,
            "restartCount": 0,
            "image": "busybox:latest",
            "imageID": "docker-pullable://busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a",
            "containerID": "docker://480703525d1b3dec521d026f1648e4b44b4a2860520e88f304433f041fd7a1dc",
            "started": true
          }
        ],
        "qosClass": "BestEffort"
      }
    }
  ]
}

删除pod

curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
-X DELETE \
-w "\n状态码是:%{http_code}\n" \
$(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/busybox

[root@master01 ~]# curl --cert /root/client.pem --key /root/client-key.pem --cacert /root/ca.pem \
> -X DELETE \
> -w "\n状态码是:%{http_code}\n" \
> $(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")/api/v1/namespaces/default/pods/busybox
{
  "kind": "Pod",
  "apiVersion": "v1",
  "metadata": {
    "name": "busybox",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/pods/busybox",
    "uid": "b1861bbd-3fd8-439b-8616-5544cdfc2457",
    "resourceVersion": "166932",
    "creationTimestamp": "2020-01-11T16:00:07Z",
    "deletionTimestamp": "2020-01-11T16:00:57Z",
    "deletionGracePeriodSeconds": 30,
    "annotations": {
      "cni.projectcalico.org/podIP": "10.244.186.216/32",
      "cni.projectcalico.org/podIPs": "10.244.186.216/32",
      "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"busybox\",\"namespace\":\"default\"},\"spec\":{\"containers\":[{\"command\":[\"sleep\",\"300\"],\"image\":\"busybox\",\"name\":\"busybox\"}]}}\n"
    }
  },
  "spec": {
    "volumes": [
      {
        "name": "default-token-q49sn",
        "secret": {
          "secretName": "default-token-q49sn",
          "defaultMode": 420
        }
      }
    ],
    "containers": [
      {
        "name": "busybox",
        "image": "busybox",
        "command": [
          "sleep",
          "300"
        ],
        "resources": {
          
        },
        "volumeMounts": [
          {
            "name": "default-token-q49sn",
            "readOnly": true,
            "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
          }
        ],
        "terminationMessagePath": "/dev/termination-log",
        "terminationMessagePolicy": "File",
        "imagePullPolicy": "Always"
      }
    ],
    "restartPolicy": "Always",
    "terminationGracePeriodSeconds": 30,
    "dnsPolicy": "ClusterFirst",
    "serviceAccountName": "default",
    "serviceAccount": "default",
    "nodeName": "node03",
    "securityContext": {
      
    },
    "schedulerName": "default-scheduler",
    "tolerations": [
      {
        "key": "node.kubernetes.io/not-ready",
        "operator": "Exists",
        "effect": "NoExecute",
        "tolerationSeconds": 300
      },
      {
        "key": "node.kubernetes.io/unreachable",
        "operator": "Exists",
        "effect": "NoExecute",
        "tolerationSeconds": 300
      }
    ],
    "priority": 0,
    "enableServiceLinks": true
  },
  "status": {
    "phase": "Running",
    "conditions": [
      {
        "type": "Initialized",
        "status": "True",
        "lastProbeTime": null,
        "lastTransitionTime": "2020-01-11T16:00:07Z"
      },
      {
        "type": "Ready",
        "status": "True",
        "lastProbeTime": null,
        "lastTransitionTime": "2020-01-11T16:00:12Z"
      },
      {
        "type": "ContainersReady",
        "status": "True",
        "lastProbeTime": null,
        "lastTransitionTime": "2020-01-11T16:00:12Z"
      },
      {
        "type": "PodScheduled",
        "status": "True",
        "lastProbeTime": null,
        "lastTransitionTime": "2020-01-11T16:00:08Z"
      }
    ],
    "hostIP": "192.168.33.203",
    "podIP": "10.244.186.216",
    "podIPs": [
      {
        "ip": "10.244.186.216"
      }
    ],
    "startTime": "2020-01-11T16:00:07Z",
    "containerStatuses": [
      {
        "name": "busybox",
        "state": {
          "running": {
            "startedAt": "2020-01-11T16:00:11Z"
          }
        },
        "lastState": {
          
        },
        "ready": true,
        "restartCount": 0,
        "image": "busybox:latest",
        "imageID": "docker-pullable://busybox@sha256:6915be4043561d64e0ab0f8f098dc2ac48e077fe23f488ac24b665166898115a",
        "containerID": "docker://25d74619fddd784cd434aee1b0252f70acc0e1ad7107a564ed361ed38b7b3ea0",
        "started": true
      }
    ],
    "qosClass": "BestEffort"
  }
}
状态码是:200
隔壁小翔
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
会议OA项目之我的会议排座&批审功能
qq_66924116的博客
07-26 9343
会议排座犹如我们日常生活中的餐桌礼仪一般来说,面朝大门的座位是留给最年长或者最尊贵的客人的,所谓面朝大门即为尊说的就是这个,常遵循;而大门旁边的位置则是主人坐的。那么工作时我们经常参加的会议也有一定的讲究如我们常见的如图。............
码支付源码最新可用,支持三网免挂本地回调
08-31
1.去除云端限制 2.全部走本地任务 3.真正的加快回调速度 4.支持微信商业码 5.不受额度限制 6.支持邮箱提醒 7.支持H5开关/语音提示(小部分浏览器不兼容) 8.支持支付宝h5备注功能 MYM码支付系统 前台codepay.maomi66.cn 后台codepay.maomi66.cn/Admin 后台账号 admin 123456 欢迎测试
Convert Base64 to Image and Image to Base64 in Java
huaishuming的专栏
11-29 7万+
A converter class to encode an image to base64 string or to decode a base64 string back to image. The code is self explanatory, just run this class and you fill 3 different images file in your tempora
JS常用工具函数-中文按拼音排序
风萧萧兮易水寒
07-07 2万+
汉字转拼音 /* --- description: Pinyin, to get chinese pinyin from chinese. provides: [Pinyin] ... */ //(function( window, undefined ){ // var Pinyin = new Class({ var pinyin = (function() { var Piny...
Http长短链接及WebSocket
q1312882392的博客
08-15 385
HTTP协议与TCP/IP协议的关系 TCP/IP是个协议组,可分为三个层次:网络层、传输层和应用层。 在网络层有IP协议、ICMP协议、ARP协议、RARP协议和BOOTP协议。 在传输层中有TCP协议与UDP协议。 在应用层有:TCP包括FTP、HTTP、TELNET、SMTP等协议;UDP包括DNS、TFTP等协议。 HTTP的长连接和短连接本质上是TCP长连接和短连接。HTTP属于应用层协...
K8S1.20.6资源对象监控kube-state-metrics-2.0.0镜像及资源清单文件
12-28
KubernetesK8S)集群环境中,对资源对象进行监控是确保系统稳定性和性能优化的关键环节。`kube-state-metrics`是一个核心组件,用于收集K8S集群的状态数据,并将其转换为时序数据,方便进一步分析和可视化。在...
k8s知识点概要.docx
01-31
Kubernetes,简称K8s,是一个开源的容器管理系统,专门用于管理和部署容器化的应用程序。它源自Google的Borg项目,旨在简化容器的部署、扩展和管理,实现应用的自动化运维。K8s通过编排和调度容器,确保服务的高可用...
k8s证书修改为10年文件
06-13
Kubernetes(简称k8s)环境中,证书是保障集群安全和通信的重要组成部分。默认情况下,k8s的证书有效期通常为一年,但这可能会导致在证书即将到期时需要频繁进行更新,增加了管理负担。本教程将详细介绍如何将k8s...
k8skubernetes)集群的两种搭建方式(二进制方式)
02-21
总结起来,通过二进制方式搭建k8s集群是一项细致的工作,需要对k8s组件和依赖关系有深入理解。这种方式虽然相对复杂,但能提供更高的灵活性和自定义性,适合于需要精细控制和优化的环境。对于新手来说,建议先熟悉k8...
kubernetes之kube-apiserver-v1.21.14.tar.gz下载
11-03
`kube-apiserver`是Kubernetes集群的核心组件之一,它是整个系统的入口点,提供RESTful API服务,使得客户端能够与集群进行交互。`kube-apiserver-v1.21.14.tar.gz`是一个包含该组件特定版本的压缩包,适用于...
k8s-ansible:利用ansible自动化安装k8s高可用利用率
01-31
在IT行业中,Kubernetes(简称k8s)已经成为容器编排领域的主流选择,而Ansible则是一款强大的自动化工具,能够简化IT基础设施的管理和部署。本文将深入探讨如何使用Ansible来自动化安装高可用性的Kubernetes集群,...
Spark On K8s实战教程分享
最新发布
06-05
KubernetesK8s)中,Pod 是最小的可调度单元。当 Spark 任务运行在 K8s 上时,无论是 Driver 还是 Executor 都由一个单独的 Pod 来表示。每个 Pod 都被分配了一个唯一的 IP 地址,并且可以包含一个或多个容器...
k8s之kube-controller-manager
11-03
kube-controller-manager是k8s集群管理的关键部分,它运行一系列控制器,这些控制器是k8s实现其自动化操作的核心。下面将详细阐述kube-controller-manager的功能、工作原理及其相关知识点。 1. **kube-controller-...
K8S用户权限管理工具permission-manager-v1.6.0
12-13
3. **动态更新**:在权限需求变化时,permission-manager能快速地更新Role和RoleBinding,无需手动操作K8S API。 4. **审计和日志记录**:提供权限变更的日志记录,便于追踪和审计,有助于满足合规性要求。 5. **...
kubernetes-dashboard-amd64.tgz
03-29
标签 "K8S" 是 Kubernetes 的常见缩写,它是一个开源容器编排系统,用于自动化容器化应用程序的部署、扩展和管理。Kubernetes 提供了一个平台,使得开发者和操作员能够轻松地在云或本地环境中管理容器化的应用程序。...
JS汉字得到拼音
jslfl的专栏
07-16 1万+
这是转自oschina的,转载地址可惜没找到了 /* --- description: Pinyin, to get chinese pinyin from chinese. license: MIT-style authors: Bill Lue requires: core/1.2.1: '*' provides: [...
钉钉平台接入文档
热门推荐
Easzz的博客
08-13 9万+
钉钉平台接入文档Auth-date: [add by Easzz 2017-07-18]1.接入说明由于业务发展,需要接入钉钉平台,特整理了一份简明的接入文档,此文档旨在帮助用户快速熟悉钉钉平台,调用钉钉相关接口,以实现具体的业务逻辑。详细的官方文档地址:https://open-doc.dingtalk.com/2.入门2.1相关术语解释 企业内部应用:企业自建应用,只能用于本企业内部 第三方应用
CSS函数(一)
qq_37094185的博客
11-06 3万+
CSS函数(一) 大家都知道js函数,你们清楚css的函数么? rgb() 对,没错,这就是一个典型的css函数。 那大家知道css有多少函数么,鄙人从w3cplus摘录了一些常用的css函数,w3cplus将其分为9大类,如下: 属性函数:attr() 颜色函数:rgb()、rgba()、hsl()、hsla()、hwb()、color-mod() 背景图片函数:linear-gradient()、radial-gradient()、conic-gradient()、repeating-li
基于STM32和W5500实现AirPlay音频播放
WIZnet2012专栏
02-19 6029
AirPlay是苹果公司推出的一套无线音视频解决方案,我们手里的iPhone、iPad甚至是Apple Watch等设备还有电脑上的iTunes都支持AirPlay。使用AirPlay可以方便的使移动设备的音频流,视频流可以投射到音箱和显示设备上,而无需蓝牙设备的配对过程。但是支持AirPlay功能的音响设备普遍都比较昂贵,而且家里的3.5毫米的插口的老音箱也没有利用起来,本着“喜新不厌旧,改造旧...
kubernetes K8S超详细安装部署手册
02-02
kubernetes的本质是一组服务器集群,它可以在集群的每个节点上运行特定的 程序,来对节点中的容器进行管理。目的是实现资源管理的自动化,主要提供了 如下的主要功能: 自我修复:一旦某一个容器崩溃,能够在1秒中左右迅速启动新的容器 弹性伸缩:可以根据需要,自动对集群中正在运行的容器数量进行调整 服务发现:服务可以通过自动发现的形式找到它所依赖的服务 负载均衡:如果一个服务起动了多个容器,能够自动实现请求的负载均衡 版本回退:如果发现新发布的程序版本有问题,可以立即回退到原来的版本 存储编排:可以根据容器自身的需求自动创建存储卷

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值