使用curl访问apiserver
一、创建访问的证书
1、查看/root/.kube/config
cat /root/.kube/config
2、把证书设为环境变量
export clientcert=$(grep client-cert ~/.kube/config |cut -d" " -f 6) export clientkey=$(grep client-key-data ~/.kube/config |cut -d" " -f 6) export certauth=$(grep certificate-authority-data ~/.kube/config |cut -d" " -f 6)
3、加密这些变量,供curl使用
echo $clientcert | base64 -d > client.pem echo $clientkey | base64 -d > client-key.pem echo $certauth | base64 -d > ca.pem
二、使用 curl 和刚刚加密的密钥文件来访问 API server
curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/pods
三、使用curl创建资源(测试创建pod)
1、创建pod的yaml文件
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
containers:
- image: nginx:alpine
name: test-container
2、使用curl创建pod
[root@test-k8s-master curl_ca]# curl --request POST --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/namespaces/default/pods -s -w "状态码是:%{http_code}\n" -o /dev/null -H 'Content-Type: application/yaml' --data 'apiVersion: v1 > kind: Pod > metadata: > name: test-pod > spec: > containers: > - image: nginx:alpine > name: test-container' 状态码是:201
2.1 指定yaml文件创建
[root@test-k8s-master curl_ca]# cat /mnt/test-pod.yaml apiVersion: v1 kind: Pod metadata: name: test-pod spec: containers: - image: nginx:alpine name: test-container ##指定配置文件创建 curl -X POST --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/namespaces/default/pods -H 'Content-Type: application/yaml' --data-binary @/mnt/test-pod.yaml
3、查看
[root@test-k8s-master curl_ca]# kubectl get pod NAME READY STATUS RESTARTS AGE test-pod 1/1 Running 0 14s
四、删除资源(测试删除刚才创建的pod)
1、使用curl删除pod
[root@test-k8s-master curl_ca]# curl --request DELETE --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/namespaces/default/pods/test-pod -o /dev/null -s -w "状态码是:%{http_code}\n" 状态码是:200
五、修改资源(以pod为例子)
1、查看镜像
[root@test-k8s-master curl_ca]# kubectl get pod test-pod -o yaml|grep " image: " - image: nginx:alpine image: nginx:alpine
2、修改镜像
curl -X PATCH --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/namespaces/default/pods/test-pod -H 'Content-Type: application/strategic-merge-patch+json' -d '{"spec":{"containers": [{"name":"test-container","image": "busybox:latest"}]}}'
3、查看
[root@test-k8s-master curl_ca]# kubectl get pod test-pod -o yaml|grep " image: " image: busybox:latest
五、常用api
/api/v1 #核心api /apis #分组api /healthz #监控检测 /ui #dashboard /metrics #性能指标