Order
This article mainly studies how to use k8s api to obtain service endpoint information
mac m2 install k8s
Install multipass
Visit https://multipass.run/install, download and install
Create instance
multipass launch --name primary --cpus 2 --disk 20G --memory 4G
Install microk8s
sudo snap install microk8s --classic sudo usermod -a -G microk8s $USER sudo chown -f -R $USER ~/.kube microk8s status --wait-ready
Configure aliases(~/.bash_aliases
)
alias kubectl='microk8s kubectl'
Check if it is ready
kubectl get node
If it is not ready, there is a high probability that the pause image cannot be pulled. Use pullk8s to correct it and make a slight change
#!/bin/bash check(){ if [ "$1"x == "--microk8s"x ] then logs=`microk8s kubectl get pod --all-namespaces|tail -n + 2|grep -v Running|while read line do declare -a arr=( $line ) microk8s kubectl describe pod ${arr[1]} --namespace=${arr[0]} done|grep -i "image"|sed -nr 's/.*(failed to pull|Back-off pulling) image "([^"] + )". */\2/p'|uniq` echo ${logs} the fi } pull(){ image=$1 imageName=${image/#registry\.k8s\.io\//} if [ "$image"x == "$imageName"x ] then imageName=${image/#gcr\.io\/google_containers\//} the fi echo Pull $imageName ... if [ "$image"x == "$imageName"x ] then echo Pull $imageName ... docker pull $image exit 0 the fi hubimage=${imageName//\//\-} if [ -n "$hubimage" ] then echo Pull $imageName ... docker pull opsdockerimage/$hubimage docker tag opsdockerimage/$hubimage $1 docker rmi opsdockerimage/$hubimage if [ "$2"x == "--microk8s"x ] then saveImage=${1#:} docker save $saveImage > ~/.docker_image.tmp.tar microk8s ctr image import ~/.docker_image.tmp.tar rm ~/.docker_image.tmp.tar the fi the fi }
then execute
pullk8s check --microk8s pullk8s pull registry.k8s.io/pause:3.7 --microk8s microk8s stop microk8s start
Example
Create nginx
kubectl create deployment nginx --image=nginx kubectl expose deployment nginx --port=8000 --target-port=80 --name=ngsvc kubectl scale deployment nginx --replicas=3
View with kubectl
kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 87m ngsvc ClusterIP 10.152.183.50 <none> 8000/TCP 3m44s kubectl get pods NAME READY STATUS RESTARTS AGE nginx-77b4fdf86c-xbd6s 1/1 Running 0 18m nginx-77b4fdf86c-g9gt5 1/1 Running 0 2m35s nginx-77b4fdf86c-xq76f 1/1 Running 0 2m35s kubectl get endpoints NAME ENDPOINTS AGE kubernetes 192.168.64.2:16443 85m ngsvc 10.1.226.133:80,10.1.226.134:80,10.1.226.135:80 64s
Use api view in pod
kubectl get pods kubectl exec -it nginx-77b4fdf86c-xbd6s sh # Point to the hostname of the internal API server APISERVER=https://kubernetes.default.svc # Path to the service account token SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount # Read the Pod's namespace NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace) # Read the holder token of the service account TOKEN=$(cat ${SERVICEACCOUNT}/token) # reference the internal certificate authority (CA) CACERT=${SERVICEACCOUNT}/ca.crt # Use the token to access the API curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/default/endpoints/ngsvc
returns as follows:
{ "kind": "Endpoints", "apiVersion": "v1", "metadata": { "name": "ngsvc", "namespace": "default", "uid": "bccd1acd-a8e2-419f-925e-8ae324bf2e8b", "resourceVersion": "5344", "creationTimestamp": "2023-07-22T05:57:24Z", "labels": { "app": "nginx" }, "annotations": { "endpoints.kubernetes.io/last-change-trigger-time": "2023-07-22T05:58:26Z" }, "managedFields": [ { "manager": "kubelite", "operation": "Update", "apiVersion": "v1", "time": "2023-07-22T05:58:26Z", "fieldsType": "FieldsV1", "fieldsV1": { "f:metadata": { "f:annotations": { ".": {}, "f:endpoints.kubernetes.io/last-change-trigger-time": {} }, "f:labels": { ".": {}, "f:app": {} } }, "f:subsets": {} } } ] }, "subsets": [ { "addresses": [ { "ip": "10.1.226.133", "nodeName": "primary", "targetRef": { "kind": "Pod", "namespace": "default", "name": "nginx-77b4fdf86c-xbd6s", "uid": "ebc83b51-a438-40a8-b543-17a14d98a267" } }, { "ip": "10.1.226.134", "nodeName": "primary", "targetRef": { "kind": "Pod", "namespace": "default", "name": "nginx-77b4fdf86c-g9gt5", "uid": "956cda5b-1724-49f3-9bc6-96c523c3c946" } }, { "ip": "10.1.226.135", "nodeName": "primary", "targetRef": { "kind": "Pod", "namespace": "default", "name": "nginx-77b4fdf86c-xq76f", "uid": "731f4544-2ccc-46c0-aeb6-610bd2a4fdf8" } } ], "ports": [ { "port": 80, "protocol": "TCP" } ] } ] }
Access outside the container
Get api address
kubectl get endpoints kubernetes NAME ENDPOINTS AGE kubernetes 192.168.64.2:16443 108m
View token
/var/snap/microk8s/current/credentials/known_tokens.csv
Get admin token
Visit
curl -k --header "Authorization: Bearer ${token}" -X GET https://192.168.64.2:16443/api/v1/namespaces/default/endpoints/ngsvc
Replace the token obtained in the previous step with ${token}
Summary
The api of k8s provides an interface for obtaining endpoints, and the list of corresponding pods can be obtained according to the service
doc
- Use multipass to build a linux development environment on mac
- github.com/OpsDocker/pullk8s
- Access the Kubernetes API from within a pod