OpenShift 4 - 通过 REST API 操作 OpenShift
说明:
- 以下REST API是针对OpenShift 4的,不一定都适合OpenShift 3.11。
- 所有操作都针对my-project项目。
OpenShift API 访问机制
如何访问Rest API
使用Token直接访问Rest API
方法1
- 登录OpenShift,然后在线获取用户登录的TOKEN字符串。然后设置TOKEN和API_SERVER环境变量。
$ oc whoami -t
wMUsqoy2ecJoTpK5MtnjoCEy1nBXo86ADvFmYOO8BtU
$ export TOKEN=$(oc whoami -t)
$ export API_SERVER=$(oc whoami --show-server)
- 访问Rest API。
curl -k -X GET $APISERVER/api --header "Authorization: Bearer $TOKEN"
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.0.206.194:6443"
}
]
}
方法2
- 登录OpenShift,然后查看kubeconfig文件中的内容。
$ oc config view -o jsonpath='{"Cluster name\tServer\n"}{range .clusters[*]}{.name}{"\t"}{.cluster.server}{"\n"}{end}'
Cluster name Server
api-cluster-beijing-48f2-beijing-48f2-example-opentlc-com:6443 https://api.cluster-beijing-48f2.beijing-48f2.example.opentlc.com:6443
cluster-beijing-48f2 https://api.cluster-beijing-48f2.beijing-48f2.example.opentlc.com:6443
- 然后使用一个“Cluster name”离线获取用户登录的TOKEN字符串,然后设置TOKEN和API_SERVER环境变量。
export CLUSTER_NAME="cluster-beijing-48f2"
export API_SERVER=$(oc config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")
export TOKEN=$(oc get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 -d)
- 访问Rest API。
$ curl -k -X GET $APISERVER/api --header "Authorization: Bearer $TOKEN"
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.0.183.207:6443"
}
]
}
使用Proxy间接访问Rest API
- 在第一个窗口先登录OpenShift,然后运行API的访问代理。
$ oc proxy
Starting to serve on 127.0.0.1:8001
- 在第二个窗口通过代理访问API。
$ curl http://localhost:8001/api/
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.0.183.207:6443"
}
]
}
用Rest API操作OpenShift
信息获取当前用户
$ curl -k -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/user.openshift.io/v1/users/~
获取Project或namespace列表
$ curl -kX GET -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/project.openshift.io/v1/projects | grep projects
$ curl -kX GET -H "Authorization: Bearer $TOKEN" $API_SERVER/api/v1/namespaces | grep namespaces
新建my-project项目
- 方法1
$ curl -kX POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
$API_SERVER/apis/project.openshift.io/v1/projectrequests <<'EOF'
{
"kind": "ProjectRequest",
"apiVersion": "project.openshift.io/v1",
"metadata": {
"name": "my-project"
}
}
EOF
- 方法2
$ curl -LO https://raw.githubusercontent.com/liuxiaoyu-git/OpenShift-HOL/master/myproject1.json
$ curl -kX POST -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/project.openshift.io/v1/projects -d @my-project1.json
获得my-project项目或namespace的信息
$ curl -kX GET -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/project.openshift.io/v1/projects/my-project
获取cakephp-mysql-example模板
$ curl -k -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/template.openshift.io/v1/namespaces/openshift/templates/cakephp-mysql-example
根据cakephp-mysql-example模板创建应用
curl -kX POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
$API_SERVER/apis/template.openshift.io/v1/namespaces/my-project/templateinstances <<EOF
{
"kind": "TemplateInstance",
"apiVersion": "template.openshift.io/v1",
"metadata": {
"name": "my-templateinstance"
},
"spec": {
"template": $(curl -k \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
$API_SERVER/apis/template.openshift.io/v1/namespaces/openshift/templates/cakephp-mysql-example)
}
}
EOF
获取my-project项目中所有Pod
#注意不是“-kX”
curl -k -H "Authorization: Bearer $TOKEN" $API_SERVER/api/v1/namespaces/my-project/pods
获取my-project项目中名为XXX的Pod
curl -k -H "Authorization: Bearer $TOKEN" $API_SERVER/api/v1/namespaces/my-project/pods/XXX
删除my-project项目中名为XXX的Pod
curl -kX DELETE \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
$API_SERVER/api/v1/namespaces/my-project/pods/XXX <<'EOF'
{
}
EOF
获取my-project项目中所有BuildConfig
curl -kX GET -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/build.openshift.io/v1/namespaces/my-project/buildconfigs
获取my-project项目中名为XXX的BuildConfig
curl -kX GET -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/build.openshift.io/v1/namespaces/my-project/buildconfigs/XXX
创建mysecret的Secret
curl -k \
-X POST \
-d @- \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
$API_SERVER/api/v1/namespaces/my-project/secrets <<'EOF'
{
"kind": "Secret",
"apiVersion": "v1",
"metadata": {
"name": "my-secret"
},
"stringData": {
"NAME": "example"
}
}
EOF
删除my-project项目
$ curl -kX DELETE -H "Authorization: Bearer $TOKEN" $API_SERVER/apis/project.openshift.io/v1/projects/my-project
$ curl -kX DELETE -H "Authorization: Bearer $TOKEN" $API_SERVER/api/v1/namespaces/my-project
其它API参考
- OpenShift的Rest API说明可参见:
https://docs.okd.io/latest/rest_api/index.html
https://docs.openshift.com/container-platform/3.11/rest_api/examples.html - Java Client
- C# Client
- Python Client