zoukankan      html  css  js  c++  java
  • curl 访问k8s api

    https://www.cnblogs.com/tylerzhou/p/11094872.html

    下载jq 

    chmod +x jq
    mv jq /usr/bin/

    启用非安全端口

    kubectl proxy --port=8080

     查看默认namespace pod列表

     curl localhost:8080/api/v1/namespaces/default/pods/ | jq -r '.items[].metadata.name'

    HTTPS访问

    创建一个namespace

    kubectl create ns  test

    创建role

    kubectl create role pods-reader --verb=get,list,watch --resource=pods --namespace=test

    创建rolebinding

    kind: RoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: default-role-binding
      namespace: test
    subjects:
      - kind: ServiceAccount 
        name: default
    roleRef:
      kind: Role
      name: pod-reader
      apiGroup: rbac.authorization.k8s.io

    创建一个带有curl的测试pod

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: centos
      namespace: test
    spec:
      replicas: 1
      selector:
        matchLabels:
          name: centos
      template:
        metadata:
          labels:
            name: centos
        spec:
          nodeName: master
          containers:
          - image: centos:7
            imagePullPolicy: Never
            name: centos
            command:
            - /bin/sh
            - -c
            - tail -f /dev/null

    结果测试:

    curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"  https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)/pods

    或者

    TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
    curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $TOKEN" -s  https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/default/pods/

    使用已有的token访问

    TOKEN=$(kubectl describe secrets $(kubectl get secrets -n kube-system |grep admin |cut -f1 -d ' ') -n kube-system |grep -E '^token' |cut -f2 -d':'|tr -d '	'|tr -d ' ')
    
    APISERVER=$(kubectl config view |grep server|cut -f 2- -d ":" | tr -d " ")

    访问kube-system下pod

    curl -H "Authorization: Bearer $TOKEN" $APISERVER/api/v1/namespaces/default/pods/ --insecure 

  • 相关阅读:
    简单下拉列表的实现
    App Store 加急审核解析
    iOS 封装一个带复制功能的UILabel
    Xcode 控制台打印Unicode字符串转换为中文
    修改系统UITableViewCell的ImageView大小
    iOS SDWebImage实现原理详解
    Mac电脑用终端生成SSH key 访问自己的Github
    MVC与MVVM之间在IOS中的区别
    iOS TabBarItem设置红点(未读消息)
    virtualenv 创建python虚拟环境
  • 原文地址:https://www.cnblogs.com/zphqq/p/12968646.html
Copyright © 2011-2022 走看看