k8s restful API 結構分析

k8s的api-server組件負責提供restful api訪問端點, 而且將數據持久化到etcd server中. 那麼k8s是如何組織它的restful api的?

一, namespaced resources

所謂的namespaced resources,就是這個resource是從屬於某個namespace的, 也就是說它不是cluster-scoped的資源. 好比pod, deployment, service都屬於namespaced resource. 那麼咱們看一下如何請求一個namespaced resources.

http://localhost:8080/api/v1/namespaces/default/pods/test-pod

能夠看出, 該restful api的組織形式是:

api	api版本	namespaces	所屬的namespace	資源種類	所請求的資源名稱
api	v1	namespaces	default	pods	test-pod

這裏api version若是是v1的話,表示這是一個很穩定的版本了, 之後不會有大的修改,而且當前版本所支持的全部特性之後都會兼容. 而若是版本號是v1alpha1, v1beta1之類的,則不保證其穩定性.

二, non-namespaced resources

 http://localhost:8080/apis/rbac.authorization.k8s.io/v1/clusterroles/test-clusterrole

這裏能夠觀察到它clusterrole與pod不一樣, apis表示這是一個非核心api. rbac.authorization.k8s.io指代的是api-group, 另外它沒有namespaces字段, 其餘與namespaced resources相似.再也不贅述.

三, non-resource url

這類資源和pod, clusterrole都不一樣. 例如

http://localhost:8080/healthz/etcd

這就是用來確認etcd服務是否是健康的.它不屬於任何namespace,也不屬於任何api版本.

總結, k8s的REST API的設計結構爲:

[api/apis] /  api-group                           / api-version /  namespaces / namespace-name / resource-kind / resource-name

apis          /   rbac.authorization.k8s.io /  v1              /  namespaces / default                  /  roles              /  test-role

全部的api結構均可以經過訪問相關斷點來獲取信息, 最低一層爲api-server的地址, 訪問結果以下:

{
  "paths": [
    "/api",
    "/api/v1",
    "/apis",
    "/apis/",
    "/apis/admissionregistration.k8s.io",
    "/apis/admissionregistration.k8s.io/v1beta1",
    "/apis/apiextensions.k8s.io",
    "/apis/apiextensions.k8s.io/v1beta1",
    "/apis/apiregistration.k8s.io",
    "/apis/apiregistration.k8s.io/v1",
    "/apis/apiregistration.k8s.io/v1beta1",
    "/apis/apps",
    "/apis/apps/v1",
    "/apis/apps/v1beta1",
    "/apis/apps/v1beta2",
    "/apis/authentication.k8s.io",
    "/apis/authentication.k8s.io/v1",
    "/apis/authentication.k8s.io/v1beta1",
    "/apis/authorization.k8s.io",
    "/apis/authorization.k8s.io/v1",
    "/apis/authorization.k8s.io/v1beta1",
    "/apis/autoscaling",
    "/apis/autoscaling/v1",
    "/apis/autoscaling/v2beta1",
    "/apis/autoscaling/v2beta2",
    "/apis/batch",
    "/apis/batch/v1",
    "/apis/batch/v1beta1",
    "/apis/certificates.k8s.io",
    "/apis/certificates.k8s.io/v1beta1",
    "/apis/coordination.k8s.io",
    "/apis/coordination.k8s.io/v1beta1",
    "/apis/events.k8s.io",
    "/apis/events.k8s.io/v1beta1",
    "/apis/extensions",
    "/apis/extensions/v1beta1",
    "/apis/networking.k8s.io",
    "/apis/networking.k8s.io/v1",
    "/apis/policy",
    "/apis/policy/v1beta1",
    "/apis/rbac.authorization.k8s.io",
    "/apis/rbac.authorization.k8s.io/v1",
    "/apis/rbac.authorization.k8s.io/v1beta1",
    "/apis/scheduling.k8s.io",
    "/apis/scheduling.k8s.io/v1beta1",
    "/apis/storage.k8s.io",
    "/apis/storage.k8s.io/v1",
    "/apis/storage.k8s.io/v1beta1",
    "/healthz",
    "/healthz/autoregister-completion",
    "/healthz/etcd",
    "/healthz/log",
    "/healthz/ping",
    "/healthz/poststarthook/apiservice-openapi-controller",
    "/healthz/poststarthook/apiservice-registration-controller",
    "/healthz/poststarthook/apiservice-status-available-controller",
    "/healthz/poststarthook/bootstrap-controller",
    "/healthz/poststarthook/ca-registration",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/kube-apiserver-autoregistration",
    "/healthz/poststarthook/rbac/bootstrap-roles",
    "/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/healthz/poststarthook/start-apiextensions-controllers",
    "/healthz/poststarthook/start-apiextensions-informers",
    "/healthz/poststarthook/start-kube-aggregator-informers",
    "/healthz/poststarthook/start-kube-apiserver-admission-initializer",
    "/healthz/poststarthook/start-kube-apiserver-informers",
    "/logs",
    "/metrics",
    "/openapi/v2",
    "/swagger-2.0.0.json",
    "/swagger-2.0.0.pb-v1",
    "/swagger-2.0.0.pb-v1.gz",
    "/swagger.json",
    "/swaggerapi",
    "/version"
  ]
}