kubernetes實踐之四十五:API Server原理分析
一:簡介
k8s API Server提供了k8s各類資源物件(pod,RC,Service等)的增刪改查及watch等HTTP Rest介面,是整個系統的資料匯流排和資料中心。功能特性:
1.是叢集管理的API入口
2.是資源配額控制的入口
3.提供了完善的叢集安全機制
二:概述
通常可以通過命令列工具Kubectl來與API Server互動,它們之間的介面是REST呼叫,同時也可以使用curl命令列工具進行快速驗證。通過配置引數KUBE_MASTER="--master=http://10.116.137.196:8080" 客戶獲得API Server的訪問路徑。
1.獲取 API的版本資訊
curl 10.116.137.196:8080/api
2.獲取目前所支援的資源物件的種類
curl 10.116.137.196:8080/api/v1
3.如果只想對外暴露部分REST服務,則可以在Master或其他任何節點上通過執行kubectl proxy程式啟動一個內部代理來實現
kubectl proxy --port=8001
三:Kubernetes Proxy API介面
API Server最主要的REST介面是資源物件的增刪改查,另外還有一類特殊的REST介面--Kubernetes Proxy API介面,這類介面的作用是代理REST請求,即kubernetes API Server把收到的REST請求轉發到某個Node上的kubelet守護程式的REST埠上,由該kubelet程式負責響應。
1.Node 相關的介面
這裡獲取的Pod資訊來自Node而非etcd資料庫,兩者時間點可能存在偏差。
2.Pod 相關的介面
Pod的proxy介面的作用:在kubernetes叢集之外訪問某個pod容器的服務(HTTP服務),可以用Proxy API實現,這種場景多用於管理目的,比如逐一排查Service的Pod副本,檢查哪些Pod的服務存在異常問題。
3.Service 相關的介面
四:叢集功能模組之間的通訊
kubernetes API Server作為叢集的核心,負責叢集各功能模組之間的通訊,叢集內各個功能模組通過API Server將資訊存入etcd,當需要獲取和操作這些資料時,通過API Server提供的REST介面(GET\LIST\WATCH方法)來實現,從而實現各模組之間的資訊互動。
1. kubelet與API SERVER互動
每個Node節點上的kubelet定期就會呼叫API Server的REST介面報告自身狀態,API Server接收這些資訊後,將節點狀態資訊更新到etcd中。kubelet也通過API Server的Watch介面監聽Pod資訊,從而對Node機器上的POD進行管理。
2. kube-controller-manager與API SERVER互動
kube-controller-manager中的Node Controller模組通過API Server提供的Watch介面,實時監控Node的資訊,並做相應處理。
3.kube-scheduler與API SERVER互動
Scheduler通過API Server的Watch介面監聽到新建Pod副本的資訊後,它會檢索所有符合該Pod要求的Node列表,開始執行Pod排程邏輯。排程成功後將Pod繫結到目標節點上。
五: 說明
為了緩解各模組對API Server的訪問壓力,各功能模組都採用快取機制來快取資料,各功能模組定時從API Server獲取指定的資源物件資訊(LIST/WATCH方法),然後將資訊儲存到本地快取,功能模組在某些情況下不直接訪問API Server,而是通過訪問快取資料來間接訪問API Server。
k8s API Server提供了k8s各類資源物件(pod,RC,Service等)的增刪改查及watch等HTTP Rest介面,是整個系統的資料匯流排和資料中心。功能特性:
1.是叢集管理的API入口
2.是資源配額控制的入口
3.提供了完善的叢集安全機制
二:概述
通常可以通過命令列工具Kubectl來與API Server互動,它們之間的介面是REST呼叫,同時也可以使用curl命令列工具進行快速驗證。通過配置引數KUBE_MASTER="--master=http://10.116.137.196:8080" 客戶獲得API Server的訪問路徑。
1.獲取 API的版本資訊
curl 10.116.137.196:8080/api
點選(此處)摺疊或開啟
-
{
-
"kind": "APIVersions",
-
"versions": [
-
"v1"
-
],
-
"serverAddressByClientCIDRs": [
-
{
-
"clientCIDR": "0.0.0.0/0",
-
"serverAddress": "10.116.137.196:6443"
-
}
-
]
- }
curl 10.116.137.196:8080/api/v1
-
{
-
"kind": "APIResourceList",
-
"groupVersion": "v1",
-
"resources": [
-
{
-
"name": "bindings",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Binding",
-
"verbs": [
-
"create"
-
]
-
},
-
{
-
"name": "componentstatuses",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "ComponentStatus",
-
"verbs": [
-
"get",
-
"list"
-
],
-
"shortNames": [
-
"cs"
-
]
-
},
-
{
-
"name": "configmaps",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "ConfigMap",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"cm"
-
]
-
},
-
{
-
"name": "endpoints",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Endpoints",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"ep"
-
]
-
},
-
{
-
"name": "events",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Event",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"ev"
-
]
-
},
-
{
-
"name": "limitranges",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "LimitRange",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"limits"
-
]
-
},
-
{
-
"name": "namespaces",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "Namespace",
-
"verbs": [
-
"create",
-
"delete",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"ns"
-
]
-
},
-
{
-
"name": "namespaces/finalize",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "Namespace",
-
"verbs": [
-
"update"
-
]
-
},
-
{
-
"name": "namespaces/status",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "Namespace",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "nodes",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "Node",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"proxy",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"no"
-
]
-
},
-
{
-
"name": "nodes/proxy",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "Node",
-
"verbs": []
-
},
-
{
-
"name": "nodes/status",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "Node",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "persistentvolumeclaims",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "PersistentVolumeClaim",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"pvc"
-
]
-
},
-
{
-
"name": "persistentvolumeclaims/status",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "PersistentVolumeClaim",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "persistentvolumes",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "PersistentVolume",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"pv"
-
]
-
},
-
{
-
"name": "persistentvolumes/status",
-
"singularName": "",
-
"namespaced": false,
-
"kind": "PersistentVolume",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "pods",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Pod",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"proxy",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"po"
-
],
-
"categories": [
-
"all"
-
]
-
},
-
{
-
"name": "pods/attach",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Pod",
-
"verbs": []
-
},
-
{
-
"name": "pods/binding",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Binding",
-
"verbs": [
-
"create"
-
]
-
},
-
{
-
"name": "pods/eviction",
-
"singularName": "",
-
"namespaced": true,
-
"group": "policy",
-
"version": "v1beta1",
-
"kind": "Eviction",
-
"verbs": [
-
"create"
-
]
-
},
-
{
-
"name": "pods/exec",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Pod",
-
"verbs": []
-
},
-
{
-
"name": "pods/log",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Pod",
-
"verbs": [
-
"get"
-
]
-
},
-
{
-
"name": "pods/portforward",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Pod",
-
"verbs": []
-
},
-
{
-
"name": "pods/proxy",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Pod",
-
"verbs": []
-
},
-
{
-
"name": "pods/status",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Pod",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "podtemplates",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "PodTemplate",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
]
-
},
-
{
-
"name": "replicationcontrollers",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "ReplicationController",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"rc"
-
],
-
"categories": [
-
"all"
-
]
-
},
-
{
-
"name": "replicationcontrollers/scale",
-
"singularName": "",
-
"namespaced": true,
-
"group": "autoscaling",
-
"version": "v1",
-
"kind": "Scale",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "replicationcontrollers/status",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "ReplicationController",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "resourcequotas",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "ResourceQuota",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"quota"
-
]
-
},
-
{
-
"name": "resourcequotas/status",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "ResourceQuota",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
},
-
{
-
"name": "secrets",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Secret",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
]
-
},
-
{
-
"name": "serviceaccounts",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "ServiceAccount",
-
"verbs": [
-
"create",
-
"delete",
-
"deletecollection",
-
"get",
-
"list",
-
"patch",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"sa"
-
]
-
},
-
{
-
"name": "services",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Service",
-
"verbs": [
-
"create",
-
"delete",
-
"get",
-
"list",
-
"patch",
-
"proxy",
-
"update",
-
"watch"
-
],
-
"shortNames": [
-
"svc"
-
],
-
"categories": [
-
"all"
-
]
-
},
-
{
-
"name": "services/proxy",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Service",
-
"verbs": []
-
},
-
{
-
"name": "services/status",
-
"singularName": "",
-
"namespaced": true,
-
"kind": "Service",
-
"verbs": [
-
"get",
-
"patch",
-
"update"
-
]
-
}
-
]
- }
kubectl proxy --port=8001
三:Kubernetes Proxy API介面
API Server最主要的REST介面是資源物件的增刪改查,另外還有一類特殊的REST介面--Kubernetes Proxy API介面,這類介面的作用是代理REST請求,即kubernetes API Server把收到的REST請求轉發到某個Node上的kubelet守護程式的REST埠上,由該kubelet程式負責響應。
1.Node 相關的介面
點選(此處)摺疊或開啟
-
/api/v1/proxy/nodes/{name}/pods/ #列出指定節點內所有Pod的資訊
-
-
/api/v1/proxy/nodes/{name}/stats/ #列出指定節點內物理資源的統計資訊
-
- /api/v1/prxoy/nodes/{name}/spec/ #列出指定節點的概要資訊
2.Pod 相關的介面
點選(此處)摺疊或開啟
-
/api/v1/proxy/namespaces/{namespace}/pods/{name}/{path:*} #訪問pod的某個服務介面
-
-
/api/v1/proxy/namespaces/{namespace}/pods/{name} #訪問Pod
-
-
#以下寫法不同,功能一樣
-
-
/api/v1/namespaces/{namespace}/pods/{name}/proxy/{path:*} #訪問pod的某個服務介面
-
- /api/v1/namespaces/{namespace}/pods/{name}/proxy #訪問Pod
3.Service 相關的介面
點選(此處)摺疊或開啟
- /api/v1/proxy/namespaces/{namespace}/services/{name}
四:叢集功能模組之間的通訊
kubernetes API Server作為叢集的核心,負責叢集各功能模組之間的通訊,叢集內各個功能模組通過API Server將資訊存入etcd,當需要獲取和操作這些資料時,通過API Server提供的REST介面(GET\LIST\WATCH方法)來實現,從而實現各模組之間的資訊互動。
1. kubelet與API SERVER互動
每個Node節點上的kubelet定期就會呼叫API Server的REST介面報告自身狀態,API Server接收這些資訊後,將節點狀態資訊更新到etcd中。kubelet也通過API Server的Watch介面監聽Pod資訊,從而對Node機器上的POD進行管理。
2. kube-controller-manager與API SERVER互動
kube-controller-manager中的Node Controller模組通過API Server提供的Watch介面,實時監控Node的資訊,並做相應處理。
3.kube-scheduler與API SERVER互動
Scheduler通過API Server的Watch介面監聽到新建Pod副本的資訊後,它會檢索所有符合該Pod要求的Node列表,開始執行Pod排程邏輯。排程成功後將Pod繫結到目標節點上。
五: 說明
為了緩解各模組對API Server的訪問壓力,各功能模組都採用快取機制來快取資料,各功能模組定時從API Server獲取指定的資源物件資訊(LIST/WATCH方法),然後將資訊儲存到本地快取,功能模組在某些情況下不直接訪問API Server,而是通過訪問快取資料來間接訪問API Server。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/28624388/viewspace-2154860/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Kubernetes API server工作原理APIServer
- kubernetes實踐之四十九:Scheduler原理分析
- kubernetes實踐之十九:API概述API
- kubernetes實踐之七:安全機制API Server認證之Service Account TokenAPIServer
- kubernetes實戰篇之通過api-server訪問dashboardAPIServer
- Kubernetes安裝之六:配置master之api-serverASTAPIServer
- kubernetes實踐之五十:kubelet執行機制分析
- kubernetes實踐之十一:EFK
- kubernetes實踐之二十:網路原理
- kubernetes實踐之六十:Cabin-Manage Kubernetes
- kubernetes實踐之六十六:Istio實現金絲雀釋出原理
- kubernetes實踐之五十七:PodPreset
- kubernetes實踐之五十八:CronJob
- kubernetes實踐之五十二:Helm
- kubernetes實踐之五十九:NetworkPolicy
- kubernetes實踐之十七:架構架構
- kubernetes實踐之八:TLS bootstrappingTLSbootAPP
- kubernetes實踐之五十一:kube-proxy執行機制分析
- kubernetes實踐之十:Kubernetes-dashboard+Heapster+InfluxDB+GrafanaUXGrafana
- kubernetes實踐之四十二:StatefulSet
- kubernetes實踐之六十四:CoreDNSDNS
- kubernetes實踐之五十六:雲原生
- kubernetes實踐之五:網路模型模型
- kubernetes實踐之十二:部署Traefik Ingress
- kubernetes實踐之九:kube-dnsDNS
- GitOps實踐之kubernetes安裝argocdGitGo
- kubernetes實踐之五十五:kubectl之配置kubeconfig
- kubernetes實踐之十四:Service Account與Secret
- kubernetes實踐之四十七:ResourceQuota ControllerController
- kubernetes實踐之六十五:Service Mesh
- kubernetes實踐之六十二:Secret 使用
- kubernetes實踐之六十三:使用技巧
- kubernetes生產實踐之redis-clusterRedis
- Redis原理及實踐之GeoHashRedis
- Guava Cache 原理分析與最佳實踐Guava
- Redis核心原理與實踐--列表實現原理之ziplistRedis
- Kubernetes學習之Metrics-ServerServer
- kubernetes實踐之七十二:Istio之策略與遙測