侧边栏壁纸
博主头像
张种恩的技术小栈博主等级

绿泡泡:___zze,添加备注来意

  • 累计撰写 748 篇文章
  • 累计创建 65 个标签
  • 累计收到 39 条评论

目 录CONTENT

文章目录

使用Python客户端管理Kubernetes

zze
zze
2020-12-03 / 0 评论 / 0 点赞 / 565 阅读 / 3594 字

创建一个 ServiceAccount 专门用来访问 API:

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: api-admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: api-admin
  namespace: kube-system

这里我直接给了这个 ServiceAccount 集群管理员的权限,实际使用中建议精细规划合适的权限给 ServiceAccount,比如说如果仅需要通过 API 获取 Pod 的信息,那么只给 get pod 的权限就 OK 了。

获取 Token:

$ $ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/api-admin/{print $1}') | grep 'token:' | awk '{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6InRJRDV3TGlWRG5PWVQ0LUFzN3dqSy05bl9DZlFLMEM4aXFidHozMzcwWVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhcGktYWRtaW4tdG9rZW4tcXJkc3IiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYXBpLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODhmYmZiN2YtYzhhMC00MjQ1LTlkYWUtMTkzMmRhNGI2NTdjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmFwaS1hZG1pbiJ9.odgAsbq1mDFQuInevlQ_pyb0dadT6EKfXsM-BJAYThp1Yr3mh3xegtXmZqwvBDGWBEkOTLjZYzf25fSARQWPZ4tGRs9qQ22-xnrQcAOf8wGOLuqO8hbcw2-HX6uwRHy39ISvxHZ0nQ260eShAGOnfLGemZoBYFOQcmabKRO2QG1qfxMyYmvkeGEx0giGcScrDvcHC5LzhBgBUgpsQuYz_4l8vX74A9LNf9VOrJWb5vra548Uva_KCtij4XAgMt5BdQuV-av5LCf6MoPbqEj3t9X1mSPhM02OxY_I6EJipJ1UVm-Yb5yb1mXRhFsNZc5QA_F8zm_dHj2TIAbJywfILA

使用 PIP 安装 Kubernetes 客户端模块:

$ pip install kubernetes

运行 Python 脚本测试获取集群资源:

import urllib3
from kubernetes import client
from kubernetes.client.api import core_v1_api

# 关闭证书校验警告
urllib3.disable_warnings()

# API Server 的地址
api_server_url = 'https://10.0.1.110:7443'
# api-admin 用户的 Token
token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRJRDV3TGlWRG5PWVQ0LUFzN3dqSy05bl9DZlFLMEM4aXFidHozMzcwWVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhcGktYWRtaW4tdG9rZW4tcXJkc3IiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYXBpLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODhmYmZiN2YtYzhhMC00MjQ1LTlkYWUtMTkzMmRhNGI2NTdjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmFwaS1hZG1pbiJ9.odgAsbq1mDFQuInevlQ_pyb0dadT6EKfXsM-BJAYThp1Yr3mh3xegtXmZqwvBDGWBEkOTLjZYzf25fSARQWPZ4tGRs9qQ22-xnrQcAOf8wGOLuqO8hbcw2-HX6uwRHy39ISvxHZ0nQ260eShAGOnfLGemZoBYFOQcmabKRO2QG1qfxMyYmvkeGEx0giGcScrDvcHC5LzhBgBUgpsQuYz_4l8vX74A9LNf9VOrJWb5vra548Uva_KCtij4XAgMt5BdQuV-av5LCf6MoPbqEj3t9X1mSPhM02OxY_I6EJipJ1UVm-Yb5yb1mXRhFsNZc5QA_F8zm_dHj2TIAbJywfILA'
configuration = client.Configuration()
configuration.host = api_server_url
# 不校验证书
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + token}
client1 = client.api_client.ApiClient(configuration=configuration)
api = core_v1_api.CoreV1Api(client1)
# 获取命名空间列表对象
namespaces = api.list_namespace()
# 遍历命名空间列表输出命名空间的名字
for namespace in namespaces.items:
    print(namespace.metadata.name)

'''
default
haproxy-controller
kube-node-lease
kube-public
kube-system
kubernetes-dashboard
'''
0

评论区