This document describes how to use Kubernetes APIs to perform operations in Tencent Kubernetes Engine (TKE) clusters. For example, you can use the APIs to view all namespaces in a cluster, view all pods in a specified namespace, and add, delete, or query a pod in the specified namespace.
ps -ef |grep kubelet|grep -v grep
The following figure shows the output of the command, where the location of the access credential file is /etc/kubernetes/kubelet-kubeconfig
.kubernetes
directory:cd /etc/kubernetes
kubeconfig
file, respectively:cat ./kubelet-kubeconfig |grep client-certificate-data | awk -F ' ' '{print $2}' |base64 -d > client-cert.pem
cat ./kubelet-kubeconfig |grep client-key-data | awk -F ' ' '{print $2}' |base64 -d > client-key.pem
APISERVER=`cat ./kubelet-kubeconfig |grep server | awk -F ' ' '{print $2}'`
Run the ls
command. Then, you can find the generated client-cert.pem
and client-key.pem
files in the kubernetes directory, as shown in the following figure:curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces
Note:
If an error stating insufficient permissions occurs when you run the
curl
command, you can resolve the error by referring to Granting cluster permissions.
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/kube-system/pods
Note:
The files created in the following steps and their content are for demonstration purposes only. You can customize them based on your actual requirements.
vim nginx-pod.json
{
"apiVersion":"v1",
"kind":"Pod",
"metadata":{
"name":"nginx",
"namespace": "default"
},
"spec":{
"containers":[
{
"name":"nginx-test",
"image":"nginx",
"ports":[
{
"containerPort": 80
}
]
}
]
}
}
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods -X POST --header 'content-type: application/json' -d@nginx-pod.json
vim nginx-pod.json
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
spec:
containers:
- name: nginx-test
image: nginx
ports:
- containerPort: 80
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods -X POST --header 'content-type: application/yaml' --data-binary @nginx-pod.yaml
Run the following command to query the status of a pod:
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx
Run the following command to query the logs of a pod:
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx/log
Run the following command to query the metrics of a pod through the metric-server API:
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/apis/metrics.k8s.io/v1beta1/namespaces/default/pods/nginx
Run the following command to delete a pod:
curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx -X DELETE
If the following error occurs when you run the curl
command, you must grant cluster access permissions.
You can perform authorization by using the following two methods:
kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous
Apakah halaman ini membantu?