时间:2022-08-26 09:12:57 | 栏目:Python代码 | 点击:次
前言:
K8s也提供API接口,提供这个接口的是管理节点的apiserver组件,apiserver服务负责提供HTTP API,以便用户、其他组件相互通信。客户端库
安装
pip install kubernetes -i https://pypi.douban.com/simple
k8s认证方式:
HTTPS证书认证(kubeconfig)
import os from kubernetes import client, config config.load_kube_config(file_path) # 指定kubeconfig配置文件 apps_api = client.AppsV1Api() # 资源接口类实例化 for dp in apps_api.list_deployment_for_all_namespaces().items: print(dp)
HTTP Token认证(ServiceAccount)
from kubernetes import client, config configuration = client.Configuration() configuration.host = "https://192.168.3.201:16443" # APISERVER地址 configuration.ssl_ca_cert="ca.crt" # CA证书 /etc/kubernetes/pki/ca.crt configuration.verify_ssl = True # 启用证书验证 configuration.api_key = {"authorization": "Bearer " + token} # 指定Token字符串 client.Configuration.set_default(configuration) apps_api = client.AppsV1Api()
这2个认证,2选1
获取Token字符串:创建service account并绑定默认cluster-admin管理员集群角色:
创建用户:
$ kubectl create serviceaccount dashboard-admin -n kube-system
用户授权:
$ kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin
获取用户Token:
$ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk ‘/dashboard-admin/{print $1}’)
其他常用资源接口类实例化:
core_api = client.CoreV1Api() # namespace,pod,service,pv,pvc apps_api = client.AppsV1Api() # deployment networking_api = client.NetworkingV1beta1Api() # ingress storage_api = client.StorageV1Api() # storage_class
举个例子
Deployment操作:
# 先得有上面的认证,下面的代码才行 # 创建 namespace = "default" name = "api-test" replicas = 3 labels = {'nginx':'true'} # 不区分数据类型,都要加引号 image = "nginx" body = client.V1Deployment( api_version="apps/v1", kind="Deployment", metadata=client.V1ObjectMeta(name=name), spec=client.V1DeploymentSpec( replicas=replicas, selector={'matchLabels': labels}, template=client.V1PodTemplateSpec( metadata=client.V1ObjectMeta(labels=labels), spec=client.V1PodSpec( containers=[client.V1Container( name="web", image=image )] ) ), ) ) try: apps_api.create_namespaced_deployment(namespace=namespace, body=body) except Exception as e: status = getattr(e, "status") if status == 400: print(e) print("格式错误") elif status == 403: print("没权限") # 删除 name = "api-test" apps_api.delete_namespaced_deployment(namespace=namespace, name=name)
但其实这个API挺绕的 ,一个创建deployment的,这里N多的类的对象。