kubernetes API 访问方式总结
kubectl 命令行访问

kubectl 会使用kubeconfig 文件来访问kubernetes集群

使用方式比较简单 可以参考官网 http://kubernetes.io/docs/user-guide/kubectl-overview/
cURL 方式

kubernetes 提供了 swagger-ui 以便于用户方便操作API 默认情况下 swagger-ui功能没有开启 需要将--enable-swagger-ui=true 参数传递给kube-apiserver

然后访问 http://${KUBE_APISERVER_IP}:${KUBE-APISERVER_PORT}/swagger-ui/
HTTP protocol

kubernetes 通过HTTP协议暴露8080端口 不需要认证/授权 所以可以直接访问 但是由于8080端口只限定在master机器 在其他机器不能访问
http
ssh root@kube-master

查看集群中所有pods

curl localhost:8080/api/v1/pods

HTTPs protocol

APIServer启动时候启用了证书验证和授权 如下:
apiserver boot
"kube-apiserver",
"--v=0",
"--insecure-bind-address=127.0.0.1",
"--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota",
"--service-cluster-ip-range=10.96.0.0/12",
"--service-account-key-file=/etc/kubernetes/pki/apiserver-key.pem",
"--client-ca-file=/etc/kubernetes/pki/ca.pem",
"--tls-cert-file=/etc/kubernetes/pki/apiserver.pem",
"--tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem",
"--token-auth-file=/etc/kubernetes/pki/tokens.csv",
"--secure-port=6443",
"--allow-privileged",

在client端访问时 需要指定CA根证书 TLS cert 和 TLS key
https curl
curl https://10.213.129.36:6443 --cacert /etc/kubernetes/pki/ca.pem --key /etc/kubernetes/pki/apiserver-key.pem --cert /etc/kubernetes/pki/apiserver.pem

通过代码调用其API访问

kubernetes官方提供client-go package 来通过API访问Kubernetes APIs
prerequisite

golang环境安装
通过k8s cluster 生成kubeconfig文件

获取client-go package

go get k8s.io/client-go
简单实现

代码block

k8s API Demo
package main

import (
"fmt"
"time"
"flag"
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/pkg/api/v1"
)

var (
kubeconfig = flag.String("kubeconfig", "./config", "absolute path to the kubeconfig file")
)

func main() {
flag.Parse()
fmt.Println("kubeconfig: ", *kubeconfig)
// uses the current context in kubeconfig
config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig)
if err != nil {
panic(err.Error())
}

//print the configuration
fmt.Println("Host: ", config.Host)
fmt.Println("CertFile: ", string(config.CertData))
fmt.Println("KeyFile: ", string(config.KeyData))
fmt.Println("CAFile: ", string(config.CAData))

//os.Exit(0)
// creates the clientset
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
panic(err.Error())
}

pods, err := clientset.Core().Pods("").List(v1.ListOptions{})
if err != nil {
panic(err.Error())
}
fmt.Printf("There are %d pods in the cluster\n", len(pods.Items))
time.Sleep(10 * time.Second)

for _, pod := range pods.Items {
fmt.Println("pod name: ", pod.Name)
fmt.Println("pod Namespce: ", pod.Namespace)
}
}

编译运行
compile & run

注意: 如果在mac编译 然后在linux上运行 需要指定GOOS=linux

go build

运行binary

./demo --kubeconfig .kube/kubeconfig