最新 client-java 调用 k8s ApiServer

创建权限绑定

sa-role.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: my-admin #账号名
  namespace: kube-system
  
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: my-cluster-admin
rules:
- apiGroups: ["*"]
  resources: ["*"]
  verbs: ["*"]
- nonResourceURLs: ["*"]
  verbs: ["*"]
  
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: clusterrolebinding-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: my-cluster-admin
subjects:
- kind: ServiceAccount
  name: my-admin
  namespace: kube-system
 
---
apiVersion: v1
kind: Secret
metadata:
  name: my-admin-token
  namespace: kube-system
  annotations:
    kubernetes.io/service-account.name: "my-admin"   
type: kubernetes.io/service-account-token

 kubectl apply -f .

获取永久token

kubectl get secret my-admin-token -n kube-system -o jsonpath={".data.token"} | base64 -d

k8s apiserver的api查看

生成k8s token

请求k8s-swagger文件

curl -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImQ4Slh0Mk9lMzd0TXNlZW9sbGRRMUVfRWtYSHVnNnFwMG11TmhYR3dWM2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJobC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijc4MDk1MDgwLWE2MWYtNGQ0Ni05YTUyLTYxYzMxOTAyYzIyMCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpobC1hZG1pbiJ9.Gy8xiiLngFopG6EJVAUIsP7n9jQqsP6rWEg8q6LcqpaQ42FXYVX01o1wsqi6u5l3H5D4_dI-GjOU1ajc8Y_g4lZu-ClCxn360tsoJ6ZaCg7fuW4LIA2Mr1gT-rv7yLKhYplF6LDwEwsqlAh3nZopoWvMPtAKWfUQ0rI6q3CoNbpben7DAoJljmZRTa63QSjpnYH8hyZGfkgtXYhe6NC1wF0Q3FQJ5yWO1-oaDpkus3sjFa34OJmWx_VR8g-bAUlkrC5GFVMSEFytXGb1MlYSP3W0muel6-C7d-dWZBT7GV_kQrkgP8PYQC1i3weoA19t8JqT2CX1G1WmKo_F2DFktw" -k https://localhost:6443/openapi/v2 > k8s-swagger.json

获取 swagger-ui 镜像

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/swaggerapi/swagger-ui:v4.15.5

创建serviceaccount

启动 swagger-ui 镜像

docker run -d -p 8080:8080 -e SWAGGER_JSON=/k8s-swagger.json -v /root/crd/k8s-swagger.json:/k8s-swagger.json swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.io/swaggerapi/swagger-ui:v4.15.5

访问 swagger-ui

http://127.0.0.1:8080

生成k8s对应的CRD资源

参考资源https://kkgithub.com/kubernetes-client/java/blob/master/docs/generate-model-from-third-party-resources.md

docker pull swr.cn-north-4.myhuaweicloud.com/ddn-k8s/ghcr.io/kubernetes-client/java/crd-model-gen:v1.0.6

export LOCAL_MANIFEST_FILE=/root/prometheus/kube-prometheus-0.14.0/manifests/setup/0prometheusruleCustomResourceDefinition.yaml
docker run \
  --rm \
  -v "$LOCAL_MANIFEST_FILE":"$LOCAL_MANIFEST_FILE" \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v "$(pwd)":"$(pwd)" \
  -ti \
  --network host \
  swr.cn-north-4.myhuaweicloud.com/ddn-k8s/ghcr.io/kubernetes-client/java/crd-model-gen:v1.0.6 \
  /generate.sh \
  -u $LOCAL_MANIFEST_FILE \
  -n com.example.stable \
  -p com.example.stable \
  -o "$(pwd)"

在线生成方式参考https://blog.csdn.net/weixin_42340037/article/details/132496248

• fork kubernetes-client/java 仓库到自己的github

https://github.com/kubernetes-client/java

• 点击Actions，在点击CRD Java Model Generate

• 执行run workflow；输入必要的数据

Comma-separated paths to CRD yaml sources, can be either HTTP url or local file path.。k8s 自定义资源的 yaml文件，kube-prometheus的自定义资源prometheusrule

https://github.com/prometheus-operator/kube-prometheus

https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/refs/heads/main/manifests/setup/0prometheusruleCustomResourceDefinition.yaml

• 执行 Actions 后，下载生成为 CRD Java Model 的 zip 包

The package name of the generated java project. 可以随便输入报名

调用k8s的api

引入依赖

<dependency>
    <groupId>io.kubernetes</groupId>
    <artifactId>client-java</artifactId>
    <version>21.0.2</version>
</dependency>

编码调用 k8s api的代码

package k8s_demo;
 
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
 
import org.yaml.snakeyaml.Yaml;
 
import com.alibaba.fastjson2.JSON;
import com.crd.models.V1PrometheusRule;
import com.crd.models.V1PrometheusRuleSpec;
import com.crd.models.V1PrometheusRuleSpecGroups;
import com.crd.models.V1PrometheusRuleSpecRules;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
 
import io.kubernetes.client.openapi.ApiClient;
import io.kubernetes.client.openapi.ApiException;
import io.kubernetes.client.openapi.Configuration;
import io.kubernetes.client.openapi.apis.CustomObjectsApi;
import io.kubernetes.client.openapi.apis.CustomObjectsApi.APIcreateClusterCustomObjectRequest;
import io.kubernetes.client.openapi.apis.CustomObjectsApi.APIcreateNamespacedCustomObjectRequest;
import io.kubernetes.client.openapi.apis.CustomObjectsApi.APIdeleteNamespacedCustomObjectRequest;
import io.kubernetes.client.openapi.apis.CustomObjectsApi.APIlistClusterCustomObjectRequest;
import io.kubernetes.client.openapi.apis.CustomObjectsApi.APIlistNamespacedCustomObjectRequest;
import io.kubernetes.client.openapi.models.V1ObjectMeta;
import io.kubernetes.client.util.ClientBuilder;
import io.kubernetes.client.util.credentials.AccessTokenAuthentication;
 
public class CRDdemo {
 
	public static void main(String[] args) {
		ApiClient client = new ClientBuilder().setBasePath("https://10.0.2.11:6443")
				.setVerifyingSsl(false)
				.setAuthentication(new AccessTokenAuthentication("eyJhbGciOiJSUzI1NiIsImtpZCI6ImQ4Slh0Mk9lMzd0TXNlZW9sbGRRMUVfRWtYSHVnNnFwMG11TmhYR3dWM2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJteS1hZG1pbi10b2tlbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJteS1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImMxYjgyNmU0LTM4YzctNGI1Yy05MzliLTU3MmExNzQ4ZjhjNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpteS1hZG1pbiJ9.giP37iGgtXoBCPRj4YBu0ooovb8SbOXuMyAfQx5erzbh-s1AJZTsMVho-Hu2VlyeRcQ7AkLy44EUMdf__yy0XR44qXYRlN6-gG0yAMHTSt_mBbfbpt35uJ39jAnmFlS9SGgTfzAJdjoDzA6Vhq7_njab6Dkc9wmYuIAR4Q1fUEjIdkVb-558xlqegouUd4TNC855p6gwUoTLMZaNo1wGMHEa94HV37ECpGsQ2gSr4nEw29LQOHei96HfRuBdJa7lLhnuaqqKqE8tR9DuGVN5adtmC-AnSabRlkCgjM7KmB3b7BBndlRuG4ZcuARCCNvrbUM0N_Z43hL6PgEtSXFmxg"))
              // .setAuthentication(new AccessTokenAuthentication("eyJhbGciOiJSUzI1NiIsImtpZCI6ImQ4Slh0Mk9lMzd0TXNlZW9sbGRRMUVfRWtYSHVnNnFwMG11TmhYR3dWM2cifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJobC1hZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6Ijc4MDk1MDgwLWE2MWYtNGQ0Ni05YTUyLTYxYzMxOTAyYzIyMCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpobC1hZG1pbiJ9.Gy8xiiLngFopG6EJVAUIsP7n9jQqsP6rWEg8q6LcqpaQ42FXYVX01o1wsqi6u5l3H5D4_dI-GjOU1ajc8Y_g4lZu-ClCxn360tsoJ6ZaCg7fuW4LIA2Mr1gT-rv7yLKhYplF6LDwEwsqlAh3nZopoWvMPtAKWfUQ0rI6q3CoNbpben7DAoJljmZRTa63QSjpnYH8hyZGfkgtXYhe6NC1wF0Q3FQJ5yWO1-oaDpkus3sjFa34OJmWx_VR8g-bAUlkrC5GFVMSEFytXGb1MlYSP3W0muel6-C7d-dWZBT7GV_kQrkgP8PYQC1i3weoA19t8JqT2CX1G1WmKo_F2DFktw"))
				.build();
        Configuration.setDefaultApiClient(client);
        System.out.println(client);
        
        CustomObjectsApi apiInstance = new CustomObjectsApi(client);
        try {
        	String group = "monitoring.coreos.com"; // String | The custom resource's group name
            String version = "v1"; // String | The custom resource's version
            String plural = "prometheusrules"; // String | The custom resource's plural name. For TPRs this would be lowercase plural kind.
            Object body = null; // Object | The JSON schema of the Resource to create.
            String pretty = "true"; // String | If 'true', then the output is pretty printed.
            
            APIlistClusterCustomObjectRequest aPIlistClusterCustomObjectRequest = apiInstance.listClusterCustomObject(group, version, plural);
            Object result = aPIlistClusterCustomObjectRequest.execute();
            System.out.println(JSON.toJSON(result));
        	
            System.out.println("-----------------------------");
            APIlistNamespacedCustomObjectRequest aPIlistNamespacedCustomObjectRequest = apiInstance.listNamespacedCustomObject(group, version, pretty, plural);
            result = aPIlistNamespacedCustomObjectRequest.execute();
            System.out.println(result);
            System.out.println("-----------------------------");
        } catch (ApiException e) {
            System.err.println("Exception when calling CustomObjectsApi#listNamespacedCustomObject");
            System.err.println("Status code: " + e.getCode());
            System.err.println("Reason: " + e.getResponseBody());
            System.err.println("Response headers: " + e.getResponseHeaders());
            e.printStackTrace();
          }catch (Exception e) {
          	e.printStackTrace();
          }
	
        
        try {
        	String group = "monitoring.coreos.com"; // String | The custom resource's group name
            String version = "v1"; // String | The custom resource's version
            String plural = "prometheusrules"; // String | The custom resource's plural name. For TPRs this would be lowercase plural kind.
            String pretty = "true"; // String | If 'true', then the output is pretty printed.
            String namespace = "monitoring";
            
            
            V1PrometheusRule v1PrometheusRule = new V1PrometheusRule();
            v1PrometheusRule.setKind("PrometheusRule");
            v1PrometheusRule.setApiVersion("monitoring.coreos.com/v1");
            
            V1ObjectMeta v1ObjectMeta = new V1ObjectMeta();
            
            Map<String, String> labelsMap = new HashMap<String, String>();
            labelsMap.put("prometheus", "k8s");
            labelsMap.put("ole", "alert-rules");
            v1ObjectMeta.setLabels(labelsMap);
            v1ObjectMeta.setName("custom-rule2");
            v1ObjectMeta.setNamespace("monitoring");
            
            v1PrometheusRule.setMetadata(v1ObjectMeta);
            
            V1PrometheusRuleSpec v1PrometheusRuleSpec = new V1PrometheusRuleSpec();
            List<V1PrometheusRuleSpecGroups> groups = new ArrayList<V1PrometheusRuleSpecGroups>();
            V1PrometheusRuleSpecGroups v1PrometheusRuleSpecGroups = new V1PrometheusRuleSpecGroups();
            v1PrometheusRuleSpecGroups.setName("disk");
            groups.add(v1PrometheusRuleSpecGroups);
            
            v1PrometheusRuleSpec.setGroups(groups);
            
            List<V1PrometheusRuleSpecRules> rules = new ArrayList<V1PrometheusRuleSpecRules>();
            V1PrometheusRuleSpecRules v1PrometheusRuleSpecRules = new V1PrometheusRuleSpecRules();
            v1PrometheusRuleSpecRules.setAlert("diskFree");
            
            Map<String, String> annotationsMap = new HashMap<String, String>();
            annotationsMap.put("value", "{{$value}}");
            annotationsMap.put("summary", "{{ $labels.job }}  项目实例 {{ $labels.instance }} 磁盘使用率大于 80%");
            annotationsMap.put("description", "{{ $labels.instance }}  {{ $labels.mountpoint }}  磁盘使用率大于80%  (当前的值: {{ $value }}%),请及时处理");
            v1PrometheusRuleSpecRules.setAnnotations(annotationsMap);
            
            v1PrometheusRuleSpecRules.setExpr("(1-(node_filesystem_free_bytes{fstype=~\"ext4|xfs\",mountpoint!=\"/boot\"} / node_filesystem_size_bytes{fstype=~\"ext4|xfs\",mountpoint!=\"/boot\"}) )*100 > 80");
            v1PrometheusRuleSpecRules.setFor("1m");
            
            
            Map<String, String> labelsMap2 = new HashMap<String, String>();
            labelsMap2.put("level", "disaster");
            labelsMap2.put("severity", "warning");
            v1PrometheusRuleSpecRules.setLabels(labelsMap2);
            
            rules.add(v1PrometheusRuleSpecRules);
            v1PrometheusRuleSpecGroups.setRules(rules);
            
            v1PrometheusRule.setSpec(v1PrometheusRuleSpec);
            
            APIcreateNamespacedCustomObjectRequest aPIcreateNamespacedCustomObjectRequest = apiInstance.createNamespacedCustomObject(group, version, namespace, plural, v1PrometheusRule);
            aPIcreateNamespacedCustomObjectRequest.pretty(pretty);
            Object result = aPIcreateNamespacedCustomObjectRequest.execute();
            System.out.println(JSON.toJSON(result));
        	
        } catch (ApiException e) {
            System.err.println("Exception when calling CustomObjectsApi#createNamespacedCustomObject");
            System.err.println("Status code: " + e.getCode());
            System.err.println("Reason: " + e.getResponseBody());
            System.err.println("Response headers: " + e.getResponseHeaders());
            e.printStackTrace();
          }catch (Exception e) {
          	e.printStackTrace();
          }
        
        
        
        
        try {
        	String group = "monitoring.coreos.com"; // String | The custom resource's group name
            String version = "v1"; // String | The custom resource's version
            String plural = "prometheusrules"; // String | The custom resource's plural name. For TPRs this would be lowercase plural kind.
            String pretty = "true"; // String | If 'true', then the output is pretty printed.
            String namespace = "monitoring";
            String name = "";
         
            APIdeleteNamespacedCustomObjectRequest aPIdeleteNamespacedCustomObjectRequest = apiInstance.deleteNamespacedCustomObject(group, version, namespace, plural, name);
            Object result = aPIdeleteNamespacedCustomObjectRequest.execute();
            System.out.println(JSON.toJSON(result));
        	
        } catch (ApiException e) {
            System.err.println("Exception when calling CustomObjectsApi#aPIdeleteNamespacedCustomObjectRequest");
            System.err.println("Status code: " + e.getCode());
            System.err.println("Reason: " + e.getResponseBody());
            System.err.println("Response headers: " + e.getResponseHeaders());
            e.printStackTrace();
          }catch (Exception e) {
          	e.printStackTrace();
          }
        
        
	}
	
	/**
     * @param filename yaml文件名称
     * @return 返回yaml文件中对应的json数据
     */
    public static String yamlToJson(String filename) {
        String jsonData;
        try {
            // 创建Yaml对象
            Yaml yaml = new Yaml();
            // 打开文件输入流
            FileInputStream input = new FileInputStream(filename);
            // 读取整个文件为一个Map对象,如果yaml文件为列表，则数据类型为list
            Map<String, Object> data = yaml.load(input);
            // 创建ObjectMapper对象用于将数据转换为JSON
            ObjectMapper mapper = new ObjectMapper();
            // 启用格式化输出
            mapper.enable(SerializationFeature.INDENT_OUTPUT);
            // 将数据转换为JSON字符串
            jsonData = mapper.writeValueAsString(data);
            // 返回读取的数据
            return jsonData;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
}
 

https://kkgithub.com/kubernetes-client/java/blob/master/kubernetes/docs/CustomObjectsApi.md#createClusterCustomObject

代码中需要用到的变量值查看

查看k8s的自定义资源

kubectl get customresourcedefinitions.apiextensions.k8s.io

查看自定义资源的group和version信息

kubectl explain prometheusrules.monitoring.coreos.com

查看自定义资源的plural信息

kubectl describe customresourcedefinitions.apiextensions.k8s.io  prometheusrules.monitoring.coreos.com

删除自定义资源的实例

kubectl delete prometheusrules.monitoring.coreos.com custom-rule -n monitoring