堆栈内存溢出
  简体   繁体   English

如何直接从节点访问 Kubernetes API

[英]How to access Kubernetes API from node directly

 原文  2021-12-29 09:27:49       kubernetes/ azure-aks/ kubernetes-apiserver

问题描述

From a Kubernetes node, how can I access API server, how can I find out the API endpoint and handle authentication?从 Kubernetes 节点,如何访问 API 服务器,如何找到 API 端点并处理身份验证? It is a Windows node by the way.顺便说一下,它是一个 Windows 节点。

I'm surprised that there is not much information I could find on the Internet about this, is accessing Kubernetes API from node directly a bad design?我很惊讶我在互联网上找不到太多关于此的信息,直接从节点访问 Kubernetes API 是一个糟糕的设计吗?

2 个解决方案

解决方案1
 0  2021-12-29 09:37:19

"From the node" sound like a fringe use case, like addons, which are usually covered by using the "admin.conf" file that was deployed during node attachement and contains whatever you would need to connect to the api server. “从节点”听起来像是一个边缘用例,例如插件,通常使用在节点附加期间部署的“admin.conf”文件来覆盖,并包含连接到 api 服务器所需的任何内容。

A more usual approach would be to deploy your workload in a Pod which service account would have the proper role binding to access the API server.更常用的方法是将您的工作负载部署在 Pod 中,该服务帐户将具有适当的角色绑定来访问 API 服务器。

解决方案2
 0  2021-12-29 15:20:03

How to access Kubernetes API from node directly?如何直接从节点访问 Kubernetes API?

  • There are multiple ways, one of the way is from master node有多种方式,其中一种方式是从主节点
# Get API Server URL:
kubectl cluster-info

#access it using the curl 
curl https://<api serverIP>:6443/api/v1/nodes  --cacert /etc/srv/kubernetes/pki/ca-certificates.crt   --cert /var/lib/kubelet/pki/kubelet-client.crt   --key /var/lib/kubelet/pki/kubelet-client.key

how can I find out the API endpoint and handle authentication?如何找出 API 端点并处理身份验证?

  • One technique i use is using --v=11 with kubectl commands, it will give endpoints of the kubernetes resources我使用的一种技术是将 --v=11 与 kubectl 命令一起使用,它将提供 kubernetes 资源的端点
#example :
 kubectl get pods --v=11 2>&1 | grep GET
I1229 10:20:41.098241   42907 round_trippers.go:423] curl -k -v -XGET  -H "Accept: application/json;as=Table;v=v1;g=meta.k8s.io,application/json;as=Table;v=v1beta1;g=meta.k8s.io,application/json" -H "User-Agent: kubectl/v1.19.4 (linux/amd64) kubernetes/d360454" 'https://10.157.160.165:6443/api/v1/namespaces/default/pods?limit=500'
I1229 10:20:41.116964   42907 round_trippers.go:443] GET https://<apiserver>:6443/api/v1/namespaces/default/pods?limit=500 200 OK in 18 milliseconds

It is a Windows node by the way顺便说一下是Windows节点

  • Ideally above steps should work, May be you need to find out equivalent commands for grep & curl.理想情况下,上述步骤应该有效,可能您需要找到 grep 和 curl 的等效命令。 change location of the certs to appropriate locations.将证书的位置更改为适当的位置。 you can find the location of certs from admin.conf file.您可以从 admin.conf 文件中找到证书的位置。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在python中直接访问kubernetes服务主机? - How to access kubernetes service host directly in python? 从Kubernetes内的容器访问Kubernetes API - Access Kubernetes API from container within Kubernetes 从Pod进行Kubernetes API访问 - Kubernetes API Access from Pod 如何从(非主)节点或远程访问kubernetes API - How to access kubernetes API from the (non-master) nodes or remote 如何从 pod 容器中访问 Kubernetes api? - How do I access the Kubernetes api from within a pod container? 如何从 kubernetes 集群中注销 kubernetes 节点 - How to deregister a kubernetes node from a kubernetes cluster 从外部访问 Kubernetes 集群/节点 - Access the Kubernetes cluster/node from outside 无法从管理器访问节点应用程序Kubernetes集群 - Not access from manager to node application Kubernetes cluster 无法从 kube.netes 主节点访问服务 - Unable to access to service from kubernetes master node Kubernetes 从 pod 内部访问节点上的端口? - Kubernetes access to port on node from inside pod?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM