Order
This article mainly studies how to use k8s api to obtain service endpoint information
mac m2 install k8s
Install multipass
Visit https://multipass.run/install, download and install
Create instance
multipass launch --name primary --cpus 2 --disk 20G --memory 4G
Install microk8s
sudo snap install microk8s --classic sudo usermod -a -G microk8s $USER sudo chown -f -R $USER ~/.kube microk8s status --wait-ready
Configure aliases(~/.bash_aliases)
alias kubectl='microk8s kubectl'
Check if it is ready
kubectl get node
If it is not ready, there is a high probability that the pause image cannot be pulled. Use pullk8s to correct it and make a slight change
#!/bin/bash
check(){
if [ "$1"x == "--microk8s"x ]
then
logs=`microk8s kubectl get pod --all-namespaces|tail -n + 2|grep -v Running|while read line
do
declare -a arr=( $line )
microk8s kubectl describe pod ${arr[1]} --namespace=${arr[0]}
done|grep -i "image"|sed -nr 's/.*(failed to pull|Back-off pulling) image "([^"] + )". */\2/p'|uniq`
echo ${logs}
the fi
}
pull(){
image=$1
imageName=${image/#registry\.k8s\.io\//}
if [ "$image"x == "$imageName"x ]
then
imageName=${image/#gcr\.io\/google_containers\//}
the fi
echo Pull $imageName ...
if [ "$image"x == "$imageName"x ]
then
echo Pull $imageName ...
docker pull $image
exit 0
the fi
hubimage=${imageName//\//\-}
if [ -n "$hubimage" ]
then
echo Pull $imageName ...
docker pull opsdockerimage/$hubimage
docker tag opsdockerimage/$hubimage $1
docker rmi opsdockerimage/$hubimage
if [ "$2"x == "--microk8s"x ]
then
saveImage=${1#:}
docker save $saveImage > ~/.docker_image.tmp.tar
microk8s ctr image import ~/.docker_image.tmp.tar
rm ~/.docker_image.tmp.tar
the fi
the fi
}
then execute
pullk8s check --microk8s pullk8s pull registry.k8s.io/pause:3.7 --microk8s microk8s stop microk8s start
Example
Create nginx
kubectl create deployment nginx --image=nginx kubectl expose deployment nginx --port=8000 --target-port=80 --name=ngsvc kubectl scale deployment nginx --replicas=3
View with kubectl
kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 87m ngsvc ClusterIP 10.152.183.50 <none> 8000/TCP 3m44s kubectl get pods NAME READY STATUS RESTARTS AGE nginx-77b4fdf86c-xbd6s 1/1 Running 0 18m nginx-77b4fdf86c-g9gt5 1/1 Running 0 2m35s nginx-77b4fdf86c-xq76f 1/1 Running 0 2m35s kubectl get endpoints NAME ENDPOINTS AGE kubernetes 192.168.64.2:16443 85m ngsvc 10.1.226.133:80,10.1.226.134:80,10.1.226.135:80 64s
Use api view in pod
kubectl get pods
kubectl exec -it nginx-77b4fdf86c-xbd6s sh
# Point to the hostname of the internal API server
APISERVER=https://kubernetes.default.svc
# Path to the service account token
SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
# Read the Pod's namespace
NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
# Read the holder token of the service account
TOKEN=$(cat ${SERVICEACCOUNT}/token)
# reference the internal certificate authority (CA)
CACERT=${SERVICEACCOUNT}/ca.crt
# Use the token to access the API
curl --cacert ${CACERT} --header "Authorization: Bearer ${TOKEN}" -X GET ${APISERVER}/api/v1/namespaces/default/endpoints/ngsvc
returns as follows:
{
"kind": "Endpoints",
"apiVersion": "v1",
"metadata": {
"name": "ngsvc",
"namespace": "default",
"uid": "bccd1acd-a8e2-419f-925e-8ae324bf2e8b",
"resourceVersion": "5344",
"creationTimestamp": "2023-07-22T05:57:24Z",
"labels": {
"app": "nginx"
},
"annotations": {
"endpoints.kubernetes.io/last-change-trigger-time": "2023-07-22T05:58:26Z"
},
"managedFields": [
{
"manager": "kubelite",
"operation": "Update",
"apiVersion": "v1",
"time": "2023-07-22T05:58:26Z",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:metadata": {
"f:annotations": {
".": {},
"f:endpoints.kubernetes.io/last-change-trigger-time": {}
},
"f:labels": {
".": {},
"f:app": {}
}
},
"f:subsets": {}
}
}
]
},
"subsets": [
{
"addresses": [
{
"ip": "10.1.226.133",
"nodeName": "primary",
"targetRef": {
"kind": "Pod",
"namespace": "default",
"name": "nginx-77b4fdf86c-xbd6s",
"uid": "ebc83b51-a438-40a8-b543-17a14d98a267"
}
},
{
"ip": "10.1.226.134",
"nodeName": "primary",
"targetRef": {
"kind": "Pod",
"namespace": "default",
"name": "nginx-77b4fdf86c-g9gt5",
"uid": "956cda5b-1724-49f3-9bc6-96c523c3c946"
}
},
{
"ip": "10.1.226.135",
"nodeName": "primary",
"targetRef": {
"kind": "Pod",
"namespace": "default",
"name": "nginx-77b4fdf86c-xq76f",
"uid": "731f4544-2ccc-46c0-aeb6-610bd2a4fdf8"
}
}
],
"ports": [
{
"port": 80,
"protocol": "TCP"
}
]
}
]
}
Access outside the container
Get api address
kubectl get endpoints kubernetes NAME ENDPOINTS AGE kubernetes 192.168.64.2:16443 108m
View token
/var/snap/microk8s/current/credentials/known_tokens.csv
Get admin token
Visit
curl -k --header "Authorization: Bearer ${token}" -X GET https://192.168.64.2:16443/api/v1/namespaces/default/endpoints/ngsvc
Replace the token obtained in the previous step with ${token}
Summary
The api of k8s provides an interface for obtaining endpoints, and the list of corresponding pods can be obtained according to the service
doc
- Use multipass to build a linux development environment on mac
- github.com/OpsDocker/pullk8s
- Access the Kubernetes API from within a pod