kubenetes master使用curl 操做API
前提條件: 已經使用kubeadm 安裝集羣java
查看 kebelet.conf 配置內容node
kubectl --kubeconfig /etc/kubernetes/kubelet.conf config view apiVersion: v1 clusters: - cluster: certificate-authority-data: REDACTED server: https://{master node local ip}:6443 name: kubernetes contexts: - context: cluster: kubernetes user: admin name: admin@kubernetes - context: cluster: kubernetes user: kubelet name: kubelet@kubernetes current-context: admin@kubernetes kind: Config preferences: {} users: - name: admin user: client-certificate-data: REDACTED client-key-data: REDACTED - name: kubelet user: client-certificate-data: REDACTED client-key-data: REDACTED
咱們對應到kubelet.conf中,發現每一個REDACTED字樣對應的都是一段數據,這段數據是由對應的數字證書內容或密鑰內容轉換(base64)而來的,在訪問apiserver時會用到mysql
node節點操做: # kubectl get pods The connection to the server localhost:8080 was refused - did you specify the right host or port? # kubectl --kubeconfig /etc/kubernetes/kubelet.conf get pods NAME READY STATUS RESTARTS AGE my-nginx-1948696469-359d6 1/1 Running 2 26d my-nginx-1948696469-3g0n7 1/1 Running 3 26d my-nginx-1948696469-xkzsh 1/1 Running 2 26d my-ubuntu-2560993602-5q7q5 1/1 Running 2 26d my-ubuntu-2560993602-lrrh0 1/1 Running 2 26d
kubeadm建立k8s集羣時,會在master node上建立一些用於組件間訪問的證書、密鑰和token文件,上面的kubeconfig中的「REDACTED」所表明的內容就是從這些文件轉化而來的:nginx
/etc/kubernetes/pki# ls apiserver-key.pem apiserver.pem apiserver-pub.pem ca-key.pem ca.pem ca-pub.pem sa-key.pem sa-pub.pem tokens.csv
- apiserver-key.pem:kube-apiserver的私鑰文件
- apiserver.pem:kube-apiserver的公鑰證書
- apiserver-pub.pem kube-apiserver的公鑰文件
- ca-key.pem:CA的私鑰文件
- ca.pem:CA的公鑰證書
- ca-pub.pem :CA的公鑰文件
- sa-key.pem :serviceaccount私鑰文件
- sa-pub.pem :serviceaccount的公鑰文件
- tokens.csv:kube-apiserver用於校驗的token文件
咱們在 node節點上經過curl 測試一下經過安全通道訪問master node上的kube-apiserver,kubenetes 的authentication(包括:客戶端證書認證、basic auth、static token等)只要經過其中一個便可。當前kube-apiserver開啓了客戶端證書認證(–client-ca-file)和static token驗證(–token-auth-file),咱們只要經過其中一個,就能夠經過authentication,因而咱們使用static token方式。static token file的內容格式:web
token,user,uid,"group1,group2,group3"
對應的內容
# cat /etc/kubernetes/pki/tokens.csv
{token},{user},812ffe41-cce0-11e6-9bd3-00163e1001d7,system:kubelet-bootstrap
用這個token經過curl與apiserver交互:redis
# curl --cacert /etc/kubernetes/pki/ca.pem -H "Authorization: Bearer {token}" https://{master node local ip}:6443 { "paths": [ "/api", "/api/v1", "/apis", "/apis/apps", "/apis/apps/v1beta1", "/apis/authentication.k8s.io", "/apis/authentication.k8s.io/v1beta1", "/apis/authorization.k8s.io", "/apis/authorization.k8s.io/v1beta1", "/apis/autoscaling", "/apis/autoscaling/v1", "/apis/batch", "/apis/batch/v1", "/apis/batch/v2alpha1", "/apis/certificates.k8s.io", "/apis/certificates.k8s.io/v1alpha1", "/apis/extensions", "/apis/extensions/v1beta1", "/apis/policy", "/apis/policy/v1beta1", "/apis/rbac.authorization.k8s.io", "/apis/rbac.authorization.k8s.io/v1alpha1", "/apis/storage.k8s.io", "/apis/storage.k8s.io/v1beta1", "/healthz", "/healthz/poststarthook/bootstrap-controller", "/healthz/poststarthook/extensions/third-party-resources", "/healthz/poststarthook/rbac/bootstrap-roles", "/logs", "/metrics", "/swaggerapi/", "/ui/", "/version" ] }
類型爲ReplicationController: 經過curl 調用 kube-apiserver操做命令如:sql
registry="docker.cinyi.com:443"
#取出項目目錄
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名稱
javaname=`ls $WORKSPACE/target/*war | awk -F'/' '{print $7}' | cut -d . -f 1`
#tag 時間
image_data=`date +%F_%H_%S`docker
mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/target/$javaname.war /data/docker_project/$javadirbootstrap
#在/data/docker_project 目錄下有一個dockerfile模版,根據war包的名字替換成新的dockerfile
sed "s/jenkins/$javaname/g" /data/docker_project/Dockerfile >/data/docker_project/$javadir/Dockerfileubuntu
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上傳到registry
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data
#生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_rc.yaml >/data/docker_project/$javadir/${javaname}_rc.yaml
#定義image版本號
sed -i "s/lastest/$image_data/g" /data/docker_project/$javadir/${javaname}_rc.yaml
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml
#定義namespace 爲test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#建立namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi
#建立service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "im-web" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#建立ReplicationController
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/replicationcontrollers | grep "im-web" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/replicationcontrollers/ -d "$(cat /data/docker_project/$javadir/${javaname}_rc.yaml)"
else
#滾動升級
ssh root@192.168.20.227 "kubectl rolling-update $javaname --image=docker.cinyi.com:443/senyint/$javaname:$image_data --namespace=test"
fi
類型爲deployment: 經過curl 調用 kube-apiserver操做命令如: 對war包發版
registry="docker.cinyi.com:443"
#取出項目目錄
javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'`
#取出war包名稱
javaname=`ls $WORKSPACE/target/*war | awk -F'/' '{print $7}' | cut -d . -f 1`
#tag 時間
image_data=`date +%F_%H_%M`
mkdir -p /data/docker_project/$javadir
rm /data/docker_profile/$javadir/$javaname.war -rf
mv $WORKSPACE/target/$javaname.war /data/docker_project/$javadir
#在/data/docker_project 目錄下有一個dockerfile模版,根據war包的名字替換成新的dockerfile
sed "s/jenkins/$javaname/g" /data/docker_project/Dockerfile >/data/docker_project/$javadir/Dockerfile
if docker images | grep $javaname ; then
docker rmi -f `docker images | grep $javaname | awk '{print $3}'`
fi
#打包,上傳到registry
docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/
docker push docker.cinyi.com:443/senyint/$javaname:$image_data
#生成rc 和 server yaml文件
sed "s/im-web/$javaname/g" /data/docker_project/im-web_deployment.yaml >/data/docker_project/$javadir/${javaname}_deployment.yaml
#替換image版本號
echo 11111
sed -i "s/latest/$image_data/g" /data/docker_project/$javadir/${javaname}_deployment.yaml
echo 2222
sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml
#定義namespace 爲test:
k8s_apicurl="curl --cacert /root/ca.pem"
k8s_url="https://192.168.20.227:6443"
#建立namespaces
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)"
fi
#建立service
if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "${javaname}" >/dev/null` ; then
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)"
fi
#建立Deployment
if `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ | grep "${javaname}" >/dev/null` ; then
#滾動升級
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X PUT $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/${javaname} -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
else
$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)"
fi
類型爲deployment: 經過curl 調用 kube-apiserver操做命令如: 對tar.gz包發版
registry="docker.cinyi.com:443" #取出項目目錄 javadir=`echo $WORKSPACE | awk -F'/' '{print $5}'` #取出war包名稱 javaname=`ls $WORKSPACE/pay-web/target/*tar.gz | awk -F'/' '{print $8}' | cut -d . -f 1` #tag 時間 image_data=`date +%F_%H_%M` mkdir -p /data/docker_project/$javadir rm /data/docker_profile/$javadir/$javaname.war -rf mv $WORKSPACE/pay-web/target/$javaname.tar.gz /data/docker_project/$javadir #在/data/docker_project 目錄下有一個dockerfile模版,根據war包的名字替換成新的dockerfile sed "s/jenkins.war/$javaname.tar.gz/g" /data/docker_project/Dockerfile.bak >/data/docker_project/$javadir/Dockerfile if docker images | grep $javaname ; then docker rmi -f `docker images | grep $javaname | awk '{print $3}'` fi #打包,上傳到registry cp /data/docker_project/supervisor_payapi.conf /data/docker_project/$javadir/ cp /data/docker_project/jdk.tar.gz /data/docker_project/$javadir/ cp /data/docker_project/supervisord.conf /data/docker_project/$javadir/ docker build -t docker.cinyi.com:443/senyint/$javaname:$image_data /data/docker_project/$javadir/ docker push docker.cinyi.com:443/senyint/$javaname:$image_data #生成rc 和 server yaml文件 sed "s/im-web/$javaname/g" /data/docker_project/im-web_deployment.yaml >/data/docker_project/$javadir/${javaname}_deployment.yaml #替換image版本號 echo 11111 sed -i "s/latest/$image_data/g" /data/docker_project/$javadir/${javaname}_deployment.yaml echo 2222 sed "s/im-web/$javaname/g" /data/docker_project/im-web_service.yaml >/data/docker_project/$javadir/${javaname}_service.yaml #定義namespace 爲test: k8s_apicurl="curl --cacert /root/ca.pem" k8s_url="https://192.168.20.227:6443" #建立namespaces if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces | grep test >/dev/null` ;then $k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces -d "$(cat /data/docker_project/namespaces.yaml)" fi #建立service if ! `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/api/v1/namespaces/test/services | grep "${javaname}" >/dev/null` ; then $k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/api/v1/namespaces/test/services -d "$(cat /data/docker_project/$javadir/${javaname}_service.yaml)" fi #建立Deployment if `$k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ | grep "${javaname}" >/dev/null` ; then #滾動升級 $k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X PUT $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/${javaname} -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)" else $k8s_apicurl -H "Authorization: Bearer 199e9c8d4ce99c61" -H "content-Type: application/yaml" -X POST $k8s_url/apis/extensions/v1beta1/namespaces/test/deployments/ -d "$(cat /data/docker_project/$javadir/${javaname}_deployment.yaml)" fi
Dockerfile
FROM senyint/centos7.3:latest MAINTAINER fengjian <fengjian@senyint.com.com> RUN mkdir -p /data/webserver/pay-web-package ADD jdk.tar.gz /data ADD jenkins.war /data/webserver/pay-web-package ADD supervisord.conf /etc/supervisord.conf ADD supervisor_payapi.conf /etc/supervisor.conf.d/supervisor_payapi.conf RUN mkdir -p /etc/supervisor.conf.d && \ mkdir -p /var/log/supervisor ENTRYPOINT ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisord.conf"]
使用 rolling-update進行升級必須使用 ReplicationController 類型,deployment不支持。
jenkins 對應的目錄文件。
[root@docker1 ~]# kubectl rolling-update fengjian --image=docker.cinyi.com:443/senyint/im-web:v1 --namespace=fengjian20170221
deployment 使用命令升級方法
[root@docker1 ~]# kubectl set image deployment/pay-startup-package pay-startup-package=docker.cinyi.com/senyint/pay-startup-package:2017-03-27_15_56 --namespace=test
[root@docker5 docker_project]# cat configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: testenv namespace: test data: mysql_server: 192.168.20.131 redis_server: 192.168.20.116 mongo_server: 192.168.20.116
[root@docker5 docker_project]# cat Dockerfile FROM senyint/java1.8:latest MAINTAINER fengjian <fengjian@senyint.com.com> ENV docker.cinyi.com 192.168.20.135 ADD jenkins.war /data/webserver/ RUN unzip /data/webserver/jenkins.war -d /data/webserver && \ rm /data/webserver/jenkins.war
[root@docker5 docker_project]# cat im-web_deployment.yaml apiVersion: extensions/v1beta1 kind: Deployment metadata: name: im-web namespace: test spec: replicas: 3 template: metadata: labels: name: im-web spec: volumes: - name: workdir hostPath: path: "/data/log/im-web" containers: - name: im-web image: docker.cinyi.com:443/senyint/im-web:latest ports: - containerPort: 80 volumeMounts: - name: workdir mountPath: /data/tomcat/logs env: - name: mysql_server valueFrom: configMapKeyRef: name: testenv key: mysql_server - name: redis_server valueFrom: configMapKeyRef: name: testenv key: redis_server - name: mongo_server valueFrom: configMapKeyRef: name: testenv key: mongo_server
[root@docker5 docker_project]# cat im-web_service.yaml apiVersion: v1 kind: Service metadata: name: im-web labels: name: im-web spec: ports: - port: 80 containerPort: 80 selector: name: im-web
[root@docker5 docker_project]# cat namespaces.yaml
apiVersion: v1
kind: Namespace
metadata:
name: test
label:
name: test
查看ingress 內容
[root@docker1 ~]# curl --cacert /root/ca.pem -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET https://192.168.20.227:6443/apis/extensions/v1beta1/ingresses
查看 namespaces下的 ingress
GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
刪除namespaces 下的ingress
DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
建立
POST /apis/extensions/v1beta1/namespaces/{namespace}/ingresses
讀取
GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
curl --cacert /root/ca.pem -H "Authorization: Bearer 199e9c8d4ce99c61" -X GET https://192.168.20.227:6443/apis/extensions/v1beta1/namespaces/test/ingresses/dashboard-ingress
替換
PUT /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
刪除
DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
PATCH /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}
docker registry 查看鏡像:
[root@bcbf4a94a152 ~]# curl https://docker.cinyi.com/v2/_catalog
docker registry 查看版本號:
[root@bcbf4a94a152 ~]# curl https://docker.cinyi.com/v2/senyint/im-web/tags/list
- 1. 使用curl操做rabbitmq的API接口建立federation
- 2. curl命令經常使用操做
- 3. 使用Java API操做hdfs
- 4. 使用 Python 操做 Evernote API
- 5. habse java api使用操做
- 6. 使用java api操做hdfs
- 7. kubenetes
- 8. postman使用token curl api
- 9. gerrit api使用curl方式
- 10. Kubenetes 1.4 安裝
- 更多相關文章...
- • PHP cURL 函數 - PHP參考手冊
- • TortoiseSVN 使用教程 - SVN 教程
- • Composer 安裝與使用
- • 使用Rxjava計算圓周率
-
每一个你不满意的现在,都有一个你没有努力的曾经。