stackoom
  简体   繁体   中英

How to access Kubernetes API from node directly

 原文  2021-12-29 09:27:49       kubernetes/ azure-aks/ kubernetes-apiserver

Question

From a Kubernetes node, how can I access API server, how can I find out the API endpoint and handle authentication? It is a Windows node by the way.

I'm surprised that there is not much information I could find on the Internet about this, is accessing Kubernetes API from node directly a bad design?

2 answers

solution1
 0  2021-12-29 09:37:19

"From the node" sound like a fringe use case, like addons, which are usually covered by using the "admin.conf" file that was deployed during node attachement and contains whatever you would need to connect to the api server.

A more usual approach would be to deploy your workload in a Pod which service account would have the proper role binding to access the API server.

solution2
 0  2021-12-29 15:20:03

How to access Kubernetes API from node directly?

  • There are multiple ways, one of the way is from master node
# Get API Server URL:
kubectl cluster-info

#access it using the curl 
curl https://<api serverIP>:6443/api/v1/nodes  --cacert /etc/srv/kubernetes/pki/ca-certificates.crt   --cert /var/lib/kubelet/pki/kubelet-client.crt   --key /var/lib/kubelet/pki/kubelet-client.key

how can I find out the API endpoint and handle authentication?

  • One technique i use is using --v=11 with kubectl commands, it will give endpoints of the kubernetes resources
#example :
 kubectl get pods --v=11 2>&1 | grep GET
I1229 10:20:41.098241   42907 round_trippers.go:423] curl -k -v -XGET  -H "Accept: application/json;as=Table;v=v1;g=meta.k8s.io,application/json;as=Table;v=v1beta1;g=meta.k8s.io,application/json" -H "User-Agent: kubectl/v1.19.4 (linux/amd64) kubernetes/d360454" 'https://10.157.160.165:6443/api/v1/namespaces/default/pods?limit=500'
I1229 10:20:41.116964   42907 round_trippers.go:443] GET https://<apiserver>:6443/api/v1/namespaces/default/pods?limit=500 200 OK in 18 milliseconds

It is a Windows node by the way

  • Ideally above steps should work, May be you need to find out equivalent commands for grep & curl. change location of the certs to appropriate locations. you can find the location of certs from admin.conf file.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to access kubernetes service host directly in python? Access Kubernetes API from container within Kubernetes Kubernetes API Access from Pod How to access kubernetes API from the (non-master) nodes or remote How do I access the Kubernetes api from within a pod container? How to deregister a kubernetes node from a kubernetes cluster Access the Kubernetes cluster/node from outside Not access from manager to node application Kubernetes cluster Unable to access to service from kubernetes master node Kubernetes access to port on node from inside pod?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM