[英]How to access Kubernetes API from node directly
From a Kubernetes node, how can I access API server, how can I find out the API endpoint and handle authentication?从 Kubernetes 节点,如何访问 API 服务器,如何找到 API 端点并处理身份验证? It is a Windows node by the way.
顺便说一下,它是一个 Windows 节点。
I'm surprised that there is not much information I could find on the Internet about this, is accessing Kubernetes API from node directly a bad design?我很惊讶我在互联网上找不到太多关于此的信息,直接从节点访问 Kubernetes API 是一个糟糕的设计吗?
"From the node" sound like a fringe use case, like addons, which are usually covered by using the "admin.conf" file that was deployed during node attachement and contains whatever you would need to connect to the api server. “从节点”听起来像是一个边缘用例,例如插件,通常使用在节点附加期间部署的“admin.conf”文件来覆盖,并包含连接到 api 服务器所需的任何内容。
A more usual approach would be to deploy your workload in a Pod which service account would have the proper role binding to access the API server.更常用的方法是将您的工作负载部署在 Pod 中,该服务帐户将具有适当的角色绑定来访问 API 服务器。
How to access Kubernetes API from node directly?如何直接从节点访问 Kubernetes API?
# Get API Server URL:
kubectl cluster-info
#access it using the curl
curl https://<api serverIP>:6443/api/v1/nodes --cacert /etc/srv/kubernetes/pki/ca-certificates.crt --cert /var/lib/kubelet/pki/kubelet-client.crt --key /var/lib/kubelet/pki/kubelet-client.key
how can I find out the API endpoint and handle authentication?如何找出 API 端点并处理身份验证?
#example :
kubectl get pods --v=11 2>&1 | grep GET
I1229 10:20:41.098241 42907 round_trippers.go:423] curl -k -v -XGET -H "Accept: application/json;as=Table;v=v1;g=meta.k8s.io,application/json;as=Table;v=v1beta1;g=meta.k8s.io,application/json" -H "User-Agent: kubectl/v1.19.4 (linux/amd64) kubernetes/d360454" 'https://10.157.160.165:6443/api/v1/namespaces/default/pods?limit=500'
I1229 10:20:41.116964 42907 round_trippers.go:443] GET https://<apiserver>:6443/api/v1/namespaces/default/pods?limit=500 200 OK in 18 milliseconds
It is a Windows node by the way顺便说一下是Windows节点
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.