python 编程式访问 k8s apiserver
python
要使用 Python 客户端,运行下列命令:
pip install kubernete
将 ~/.kube
的config文件的内容复制到本地目录,保存为文件 kubeconfig.yaml
> cat ~/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1EWXhNREEwTWpZME5sb1hEVE16TURZd056QTBNalkwTmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSzh4CjZjaThCT0tDT2VOZDluODBnVG5HNFdMU2VFdFV0cERiRFBsdXoxVlMwTmVqSE9nNW03akdlZTFIZUFtQlBESCsKNnNOa1dXekoyOFNBV0tIY0R5Ni9kQ0E1SE96TXEzS0lCWHdvN2YwR0p6VTNabHRKRXJXdVlhbEhQQ0xtaDhjcQpybUZ6STg4MkxCMGI2dzQwbHdxekxEZHB2VUs0eEdvWEJMeDRnM3MrRGhCQTYyY0ViRURZNkV6eW4yZ3dTMFpwCkY2OU1udVdOQkF4OEE1WnJoejRQdXRobDVKVFArZEtwZDVOUGYvRGdJeUVXU3liMW9JMnJSWm1UQWtmcXJnTlQKeFhGaUFqcmJaY0ZOUm1nbjZpMmMvemlTeWNzSUh3bmNCaFNmclBDK1NzK3hPMk9Yc3pkSzAzRFQ4V21oZ3NUNQpjVmFxUW9CVlN6R1pQbWtmWU0wQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDQUlUVjZTSC9td0hLZ05WL21GOGZkYlJSNnVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBOUlsL0c1bHhIekx4SnVRS0FDUXpON2pPSHRNOUxqUUdZRDM3Mjc1NGE1d2dCY2lQQwpxK0ZkbFIrTDBLUXhMUkM1QVJBUTg3NjV4L1JyVjdqUlVCZFBWQkJZMmIyZVI0endkMWlXOFp4dG5vNGtSbTg2CnJSakpSSmxVWjM2ZzEweG9kQlhMRThDOEhnUzB5dzB1SWUxaUJycGhFUURuRXJyeXFmcnlIUk9mV3IwcUxVOEsKRENxQ2dOc3NLSG01UFEyUXFsTUMzYmxWeFNEcnhmWWpVd0hMM3FsNWtYVGNwN1lhVW1HRGZJQVNpRHVwNnRCTQphQkZ4d3FCblF5TWtPREdoRy8vK2xKV0xJN1l3WUlZbitGT2xJWm5vODRSMzVIeXNkN05FZTFKV3VDRXJHQzZJCm54RlczOFR5Q0lKVS9VejlwcTdvSGdvY3A0czRuTFlkZURKOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
#server: https://172.26.40.165:6443
server: https://121.40.79.107:6443 # master ip
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lJSHk3VHg5MExRZFV3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBMk1UQXdOREkyTkRaYUZ3MHlOREEyTURrd05ESTJORGxhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTJvaFRQa3RTL214TEM4cmMKeTVWUVBQKzVuMFJZbFAwMnBrMzRqa3FrYnVRMlhhZHI5bHF0akxndmdhcVdEbHMyUVJvSkVrVFc5dDJ0SkVuOQpZUjZKWVVJQWxDZE1YWm1nZlM5Z28rOHoxbm52c1NmUDFIZjRCaE9UZGJCTWRRRDV5aVlNdm5BWXptTk5rai9ECkZxUmVtOFE3U0hlOWJ5R3YzTElEWmM1SG9PNExCOHVZWEh5bUhEK2h6enNGU1VjMEFoZDhkczFMcWpDdU1JSGEKM1doWDNhNjhyN0V2a0hEZC9qNHRXSmxoTktjN3M0M3pjQnVGVER1ZkkxTkZHV2lmU3M2b0JmOFZKRXNNdWZpTwpWZXFGRzFYNUpwWTJjWGtrZEoxeTNuMFNhNWdJUkFkbzQrU050aFAxS05jaXBvOGw1Y3JyZy82UVhmUjNhWXJ4ClkwZkJEd0lEQVFBQm8wZ3dSakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0h3WURWUjBqQkJnd0ZvQVVJQWhOWHBJZitiQWNxQTFYK1lYeDkxdEZIcTR3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFEcnFaTCtpcTNObzJ0VG10eFJ5UHpUYjBVT0dKRE1vbkRmbG9SYy9xUVNCd2RCdDdjblMxTldwCmxoeTVDSHdhMS9STVRHaHYvajM2c1RTR0pDWGsyZG40eWVYVE9oRzVpWmNGa1JBV2VwemczampCN1hyRjhXOWMKVUtqTCtyVVlPdERGKyt6b2w1VGNkelZ1aU5pNHpwWlZML2VJcEtVclkwTkpveWJpdVVSeUg5WTZoZ1NXRmRvYwppQXYrVE5MQ1RZMWZYNUYxdnFwQWpEb1ZycFJjVWV2eU5zaFNtTzc2d2pGVEI0WDZSYjErSkNUOS94WGJvS2FMCnFsQWNJSUdmanE0NFVveXBYbmRaakFZVUVoL243S1V3U2ZCRTIwbWlMWUlVaGNFbTJQWmkwSFVMK2Q5SHZvdFoKcDdRVWwwNVozb0E0U0o1bmc1emoxVnk1UFNxMHdDdz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBMm9oVFBrdFMvbXhMQzhyY3k1VlFQUCs1bjBSWWxQMDJwazM0amtxa2J1UTJYYWRyCjlscXRqTGd2Z2FxV0RsczJRUm9KRWtUVzl0MnRKRW45WVI2SllVSUFsQ2RNWFptZ2ZTOWdvKzh6MW5udnNTZlAKMUhmNEJoT1RkYkJNZFFENXlpWU12bkFZem1OTmtqL0RGcVJlbThRN1NIZTlieUd2M0xJRFpjNUhvTzRMQjh1WQpYSHltSEQraHp6c0ZTVWMwQWhkOGRzMUxxakN1TUlIYTNXaFgzYTY4cjdFdmtIRGQvajR0V0psaE5LYzdzNDN6CmNCdUZURHVmSTFORkdXaWZTczZvQmY4VkpFc011ZmlPVmVxRkcxWDVKcFkyY1hra2RKMXkzbjBTYTVnSVJBZG8KNCtTTnRoUDFLTmNpcG84bDVjcnJnLzZRWGZSM2FZcnhZMGZCRHdJREFRQUJBb0lCQUR4NlI5ZFFqenBjQy9USwpnb3BRMnpEV2NLOTBBYlBSMDhMNGh4WVI4Q25FUEl0MG52dEJvdy96bFNva1pIeTZuMndxNFdITjdWUEtpM1VrCmlOdk0wS1k2MXVBcGRBZmZVVHZ6MWFIb3ZBYmFIZ3lBQVJOQzFFQVNRTmZzSDJ5dUJYTDlUcitSVkR3aDNVRGgKSm9Ob244b3A1MklweVNJdFIzY2pTSzl2QkFHeisrS3hnOUk2Zml0NzEvcUNWRkhzMSsrVHVzWm1wSGdlQnF6QwovU05ONko0czZRTWFJZEFyODFQQkd4ZUtpNTVlOTc3OVdORng0WHp3Q0hpSG1odEhUY1pNeDRhdncyelBRVFRDCjF2Y09Ba1o3OUF1WENQd2lKampla2xEbW4wL2p6OW83aHlzdnAyY1RsSUE0MTNpTGN2dDJ2N2gvd0syZW9RSk8KMittTVNIRUNnWUVBM1V3Q090N3FKaFY3WVhKejNlNjN1Nkx1YWZwbkJDZGhvS2VKV1hsUHpUZnNUalUxMXZGSgpjbU1zcXBYYkpHdXRFMStWbmxDUGR5bW94QmpTVlNQbzRoSU9wd0pEN3ltM3Y3Z0pvS3lBZ2t4SVh4Zm40cFc3CmliL1Y5d3BNbnZEWlVKZVNGMWlXYzU2dndhZzlqRHRtTHlTOHZ5WGNJWEtCcko0SktjanZLbWtDZ1lFQS9NMVcKK0w0a25GNklQaThLcXMwZElOTnFJdTJHRVZQaVhXWklBL1o2ejFReVg1S3paYkFOZjUvcTg0cjdEa3JJVytBMgpuQlRMdmZyT0Q3aytaOFJjRG1Nb091U01JV0luZmVhbUZmWUQ5TlFFc0JqVUQvcGFqa2p1VnRBdWVOWDdNL2ZJCmx4UGg0Q0F2WjFsSkVTZkc4WDJUaXBnMXozV3JsTXJxZm9aZThMY0NnWUVBdHRZczVYejFraitmYjlURFBITVcKSkpZcVN5OVMyOUM1emFWK1NvbDdVSC9LNHBiK0E3ZlpTZ1A4akhoQjFlYU0yZnZZUHpRcVJIY0w4L0RhSHZRTApYblV5Mi9ONE0ycVJZWHBwb2ZIRVAyTk5UQndSUDFrYzJHUENJVmpHRTIvRTdOdytITUhabEc5Z29TMGlwUEVTCnJSSzZTMmU1WjMwVy9JcVo0WWNkYXprQ2dZRUFxMVIvSFJYQXVqbFhITTNFN1AwV1FLa0h4YVEwdUltaFlLdHgKSXo1by9ScVRDVExqWW9kdW5wQkRLOHVGV3FwVUgvQlZFbk1Gb2p2WWE4K2YrN09Zc0NlRG5HWklrbGR6YkdCbApMMzBNTVdGL3k5a0gzOHhNa3lIYVpmdXhnek9DakRYaVBJRzlFNmk4ZDg2TE5wVSt2MnZjRXBJVjVnUlp4UDNBCjd2OGlXUUVDZ1lFQXhqNGNJYng5ZFRXRGhhR05KZ2R4dVJub1lkTnlsbmk0aHFtcks4dEord0lMSzV1MjBuaTIKaTQyZnFDMm84eWs4cEdXbWg0QXVtNkNtRE91eU9QcVhHQjdvUkNnc2toK2hwQnJwNzRaUzJ3Um9yaERPRGJHZQpnYXp1M0dZWVc1dkRQdGc5c1E0cC9Na0NuZUdnT2o3MFlvTUE2aStzY3BnOURNQk5JNlJqY2hjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
注意:如果python在非 k8s集群节点访问,需要将 kubeconfig 文件server cluster ip 改为 node ip。
python 脚本:
# -*- coding: utf-8 -*-
"""
@File : k8s_test.py
@Author : wangchao
@Date : 2023/8/13 10:36
@Desc : k8s操作示例
"""
# 1、安装k8s依赖
# https://github.com/kubernetes-client/python
# pip install kubernetes
from kubernetes import client, config
"""
[root@master-165 nodes]# netstat -tunlp | grep 6443
tcp6 0 0 :::6443 :::* LISTEN 11436/kube-apiserve
[root@master-165 nodes]# curl 121.40.79.107:6443
Client sent an HTTP request to an HTTPS server.
"""
if __name__ == '__main__':
config.kube_config.load_kube_config(config_file="kubeconfig.yaml")
client_v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = client_v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
执行报错:
...
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='121.40.79.107', port=6443): Max retries exceeded with url: /api/v1/pods?watch=False (Caused by SSLError(CertificateError("hostname '121.40.79.107' doesn't match either of 'kubernetes', 'kubernetes.default', 'kubernetes.default.svc', 'kubernetes.default.svc.cluster.local', 'master-165', '10.96.0.1', '172.26.40.165'",),))
需要将 apiserver:6443 服务通过nodeport 方式暴露出来:
使用 NodePort 方式将 Kubernetes kube-apiserver 暴露到外网涉及一些步骤。然而,请注意,将 kube-apiserver 直接暴露到外网可能会导致安全风险。在执行此操作之前,请确保您已经实施了适当的安全措施以保护您的集群和数据。
以下是在 Kubernetes 集群上使用 NodePort 将 kube-apiserver 暴露到外网的一般步骤:
-
创建 NodePort 服务:
创建一个 Service 对象来将 kube-apiserver 暴露到指定的 NodePort 上。您可以创建一个 YAML 文件(例如
kube-apiserver-service.yaml
)并添加以下内容:apiVersion: v1 kind: Service metadata: name: kube-apiserver-nodeport namespace: kube-system spec: type: NodePort selector: component: kube-apiserver ports: - port: 6443 # 内部 kube-apiserver 端口 targetPort: 6443 # 目标 kube-apiserver 端口 nodePort: 30000 # 选择要暴露的 NodePort
-
应用 Service 对象:
使用以下命令将 Service 对象应用到您的集群中:
kubectl apply -f kube-apiserver-service.yaml
-
检查 NodePort 端口:
通过以下命令查找分配给 NodePort 的端口:
kubectl get svc -n kube-system kube-apiserver-nodeport
-
访问 kube-apiserver:
使用 NodePort,您可以使用任何节点的 IP 地址和分配的 NodePort 端口来访问 kube-apiserver。例如,如果您的集群有一个节点的 IP 地址为
NODE_IP
,而 NodePort 分配的端口为NODE_PORT
,则可以使用以下命令访问 kube-apiserver:curl https://NODE_IP:NODE_PORT
请注意,上述步骤仅将 kube-apiserver 暴露到外网,并不涉及安全性、身份验证或授权。在生产环境中,您应该在 kube-apiserver 前设置适当的身份验证、授权和网络策略来保护集群和数据。
相关文章:
关于 K8s中Kube-apiserver 的一些总结
github | kubernetes-client/python
github | seldon-core/python
pypi | seldon-core
为者常成,行者常至
自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)