zoukankan      html  css  js  c++  java
  • 【k8s】访问 api-server

    环境

    1. kubernetes 1.20.6
    2. Spring Boot 2.5.0-RC1

    目标

    访问 api-server 的几种方式。

    代理

    [root@master ~]# kubectl proxy --port=8080 &
    [1] 29975
    [root@master ~]# Starting to serve on 127.0.0.1:8080
    curl http://localhost:8080/api/
    {
      "kind": "APIVersions",
      "versions": [
        "v1"
      ],
      "serverAddressByClientCIDRs": [
        {
          "clientCIDR": "0.0.0.0/0",
          "serverAddress": "192.168.56.101:6443"
        }
      ]
    }
    

    无代理

    [root@master ~]# APISERVER=$(kubectl config view | grep server | cut -f 2- -d ":" | tr -d " ")
    [root@master ~]# TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d ' ')
    [root@master ~]# curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
    {
      "kind": "APIVersions",
      "versions": [
        "v1"
      ],
      "serverAddressByClientCIDRs": [
        {
          "clientCIDR": "0.0.0.0/0",
          "serverAddress": "192.168.56.101:6443"
        }
      ]
    }
    

    证书

    [root@master ~]# curl -k --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt --key /etc/kubernetes/pki/apiserver-kubelet-client.key https://192.168.56.01:6443/api
    {
      "kind": "APIVersions",
      "versions": [
        "v1"
      ],
      "serverAddressByClientCIDRs": [
        {
          "clientCIDR": "0.0.0.0/0",
          "serverAddress": "192.168.56.101:6443"
        }
      ]
    }
    

    Pod 的 sa

    [root@master ~]# kubectl exec spring-k8s -- sh -c 'curl -k -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default.svc/api'
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100   186  100   186    0     0   2188      0 --:--:-- --:--:-- --:--:--  2188
    {
      "kind": "APIVersions",
      "versions": [
        "v1"
      ],
      "serverAddressByClientCIDRs": [
        {
          "clientCIDR": "0.0.0.0/0",
          "serverAddress": "192.168.56.101:6443"
        }
      ]
    }
    

    总结

    介绍了几种访问 api-server 的方式。

    附录

  • 相关阅读:
    性能调试工具
    c++11笔记
    根据样式创建内嵌页面
    VMware安装两张网卡
    【赵强老师】使用Oracle的跟踪文件
    【赵强老师】Kafka的消息持久化
    【赵强老师】Kubernetes的探针
    【赵强老师】阿里云大数据ACP认证之阿里大数据产品体系
    【赵强老师】NoSQL数据库之Cassandra基础
    【赵强老师】使用Weblogic的WLST工具
  • 原文地址:https://www.cnblogs.com/jiangbo44/p/14956999.html
Copyright © 2011-2022 走看看