本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名原文链接~~~

使用Python客户端管理Kubernetes

微信搜索 zze_coding 或扫描 👉 二维码关注我的微信公众号获取更多资源推送:


创建一个 ServiceAccount 专门用来访问 API:

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: api-admin
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: api-admin
  namespace: kube-system

这里我直接给了这个 ServiceAccount 集群管理员的权限,实际使用中建议精细规划合适的权限给 ServiceAccount,比如说如果仅需要通过 API 获取 Pod 的信息,那么只给 get pod 的权限就 OK 了。

获取 Token:

$ $ kubectl describe secrets -n kube-system $(kubectl -n kube-system get secret | awk '/api-admin/{print $1}') | grep 'token:' | awk '{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZCI6InRJRDV3TGlWRG5PWVQ0LUFzN3dqSy05bl9DZlFLMEM4aXFidHozMzcwWVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhcGktYWRtaW4tdG9rZW4tcXJkc3IiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYXBpLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODhmYmZiN2YtYzhhMC00MjQ1LTlkYWUtMTkzMmRhNGI2NTdjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmFwaS1hZG1pbiJ9.odgAsbq1mDFQuInevlQ_pyb0dadT6EKfXsM-BJAYThp1Yr3mh3xegtXmZqwvBDGWBEkOTLjZYzf25fSARQWPZ4tGRs9qQ22-xnrQcAOf8wGOLuqO8hbcw2-HX6uwRHy39ISvxHZ0nQ260eShAGOnfLGemZoBYFOQcmabKRO2QG1qfxMyYmvkeGEx0giGcScrDvcHC5LzhBgBUgpsQuYz_4l8vX74A9LNf9VOrJWb5vra548Uva_KCtij4XAgMt5BdQuV-av5LCf6MoPbqEj3t9X1mSPhM02OxY_I6EJipJ1UVm-Yb5yb1mXRhFsNZc5QA_F8zm_dHj2TIAbJywfILA

使用 PIP 安装 Kubernetes 客户端模块:

$ pip install kubernetes

运行 Python 脚本测试获取集群资源:

import urllib3
from kubernetes import client
from kubernetes.client.api import core_v1_api

# 关闭证书校验警告
urllib3.disable_warnings()

# API Server 的地址
api_server_url = 'https://10.0.1.110:7443'
# api-admin 用户的 Token
token = 'eyJhbGciOiJSUzI1NiIsImtpZCI6InRJRDV3TGlWRG5PWVQ0LUFzN3dqSy05bl9DZlFLMEM4aXFidHozMzcwWVkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhcGktYWRtaW4tdG9rZW4tcXJkc3IiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiYXBpLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiODhmYmZiN2YtYzhhMC00MjQ1LTlkYWUtMTkzMmRhNGI2NTdjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmFwaS1hZG1pbiJ9.odgAsbq1mDFQuInevlQ_pyb0dadT6EKfXsM-BJAYThp1Yr3mh3xegtXmZqwvBDGWBEkOTLjZYzf25fSARQWPZ4tGRs9qQ22-xnrQcAOf8wGOLuqO8hbcw2-HX6uwRHy39ISvxHZ0nQ260eShAGOnfLGemZoBYFOQcmabKRO2QG1qfxMyYmvkeGEx0giGcScrDvcHC5LzhBgBUgpsQuYz_4l8vX74A9LNf9VOrJWb5vra548Uva_KCtij4XAgMt5BdQuV-av5LCf6MoPbqEj3t9X1mSPhM02OxY_I6EJipJ1UVm-Yb5yb1mXRhFsNZc5QA_F8zm_dHj2TIAbJywfILA'
configuration = client.Configuration()
configuration.host = api_server_url
# 不校验证书
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " + token}
client1 = client.api_client.ApiClient(configuration=configuration)
api = core_v1_api.CoreV1Api(client1)
# 获取命名空间列表对象
namespaces = api.list_namespace()
# 遍历命名空间列表输出命名空间的名字
for namespace in namespaces.items:
    print(namespace.metadata.name)

'''
default
haproxy-controller
kube-node-lease
kube-public
kube-system
kubernetes-dashboard
'''
# Kubernetes  

如果这篇文章对您有帮助,可点击下方链接分享给你的朋友们😋,如果遇到问题欢迎评论、留言~~~😇

评论

公众号:zze_coding

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×