一：簡介
k8s API Server提供了k8s各類資源物件（pod,RC,Service等）的增刪改查及watch等HTTP Rest介面，是整個系統的資料匯流排和資料中心。功能特性：
1.是叢集管理的API入口
2.是資源配額控制的入口
3.提供了完善的叢集安全機制

二：概述
通常可以透過命令列工具Kubectl來與API Server互動，它們之間的介面是REST呼叫，同時也可以使用curl命令列工具進行快速驗證。透過配置引數KUBE_MASTER="--master=" 客戶獲得API Server的訪問路徑。

1.獲取 API的版本資訊
curl 10.116.137.196:8080/api

點選(此處)摺疊或開啟

{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.116.137.196:6443"
}
]
}

2.獲取目前所支援的資源物件的種類
curl 10.116.137.196:8080/api/v1

{
"kind": "APIResourceList",
"groupVersion": "v1",
"resources": [
{
"name": "bindings",
"singularName": "",
"namespaced": true,
"kind": "Binding",
"verbs": [
"create"
]
},
{
"name": "componentstatuses",
"singularName": "",
"namespaced": false,
"kind": "ComponentStatus",
"verbs": [
"get",
"list"
],
"shortNames": [
"cs"
]
},
{
"name": "configmaps",
"singularName": "",
"namespaced": true,
"kind": "ConfigMap",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"cm"
]
},
{
"name": "endpoints",
"singularName": "",
"namespaced": true,
"kind": "Endpoints",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"ep"
]
},
{
"name": "events",
"singularName": "",
"namespaced": true,
"kind": "Event",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"ev"
]
},
{
"name": "limitranges",
"singularName": "",
"namespaced": true,
"kind": "LimitRange",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"limits"
]
},
{
"name": "namespaces",
"singularName": "",
"namespaced": false,
"kind": "Namespace",
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"ns"
]
},
{
"name": "namespaces/finalize",
"singularName": "",
"namespaced": false,
"kind": "Namespace",
"verbs": [
"update"
]
},
{
"name": "namespaces/status",
"singularName": "",
"namespaced": false,
"kind": "Namespace",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "nodes",
"singularName": "",
"namespaced": false,
"kind": "Node",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"proxy",
"update",
"watch"
],
"shortNames": [
"no"
]
},
{
"name": "nodes/proxy",
"singularName": "",
"namespaced": false,
"kind": "Node",
"verbs": []
},
{
"name": "nodes/status",
"singularName": "",
"namespaced": false,
"kind": "Node",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "persistentvolumeclaims",
"singularName": "",
"namespaced": true,
"kind": "PersistentVolumeClaim",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"pvc"
]
},
{
"name": "persistentvolumeclaims/status",
"singularName": "",
"namespaced": true,
"kind": "PersistentVolumeClaim",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "persistentvolumes",
"singularName": "",
"namespaced": false,
"kind": "PersistentVolume",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"pv"
]
},
{
"name": "persistentvolumes/status",
"singularName": "",
"namespaced": false,
"kind": "PersistentVolume",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "pods",
"singularName": "",
"namespaced": true,
"kind": "Pod",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"proxy",
"update",
"watch"
],
"shortNames": [
"po"
],
"categories": [
"all"
]
},
{
"name": "pods/attach",
"singularName": "",
"namespaced": true,
"kind": "Pod",
"verbs": []
},
{
"name": "pods/binding",
"singularName": "",
"namespaced": true,
"kind": "Binding",
"verbs": [
"create"
]
},
{
"name": "pods/eviction",
"singularName": "",
"namespaced": true,
"group": "policy",
"version": "v1beta1",
"kind": "Eviction",
"verbs": [
"create"
]
},
{
"name": "pods/exec",
"singularName": "",
"namespaced": true,
"kind": "Pod",
"verbs": []
},
{
"name": "pods/log",
"singularName": "",
"namespaced": true,
"kind": "Pod",
"verbs": [
"get"
]
},
{
"name": "pods/portforward",
"singularName": "",
"namespaced": true,
"kind": "Pod",
"verbs": []
},
{
"name": "pods/proxy",
"singularName": "",
"namespaced": true,
"kind": "Pod",
"verbs": []
},
{
"name": "pods/status",
"singularName": "",
"namespaced": true,
"kind": "Pod",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "podtemplates",
"singularName": "",
"namespaced": true,
"kind": "PodTemplate",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
]
},
{
"name": "replicationcontrollers",
"singularName": "",
"namespaced": true,
"kind": "ReplicationController",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"rc"
],
"categories": [
"all"
]
},
{
"name": "replicationcontrollers/scale",
"singularName": "",
"namespaced": true,
"group": "autoscaling",
"version": "v1",
"kind": "Scale",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "replicationcontrollers/status",
"singularName": "",
"namespaced": true,
"kind": "ReplicationController",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "resourcequotas",
"singularName": "",
"namespaced": true,
"kind": "ResourceQuota",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"quota"
]
},
{
"name": "resourcequotas/status",
"singularName": "",
"namespaced": true,
"kind": "ResourceQuota",
"verbs": [
"get",
"patch",
"update"
]
},
{
"name": "secrets",
"singularName": "",
"namespaced": true,
"kind": "Secret",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
]
},
{
"name": "serviceaccounts",
"singularName": "",
"namespaced": true,
"kind": "ServiceAccount",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"sa"
]
},
{
"name": "services",
"singularName": "",
"namespaced": true,
"kind": "Service",
"verbs": [
"create",
"delete",
"get",
"list",
"patch",
"proxy",
"update",
"watch"
],
"shortNames": [
"svc"
],
"categories": [
"all"
]
},
{
"name": "services/proxy",
"singularName": "",
"namespaced": true,
"kind": "Service",
"verbs": []
},
{
"name": "services/status",
"singularName": "",
"namespaced": true,
"kind": "Service",
"verbs": [
"get",
"patch",
"update"
]
}
]
}

3.如果只想對外暴露部分REST服務，則可以在Master或其他任何節點上透過執行kubectl proxy程式啟動一個內部代理來實現
kubectl proxy --port=8001

三：Kubernetes Proxy API介面

API Server最主要的REST介面是資源物件的增刪改查，另外還有一類特殊的REST介面--Kubernetes Proxy API介面，這類介面的作用是代理REST請求，即kubernetes API Server把收到的REST請求轉發到某個Node上的kubelet守護程式的REST埠上，由該kubelet程式負責響應。

1.Node 相關的介面

點選(此處)摺疊或開啟

/api/v1/proxy/nodes/{name}/pods/ #列出指定節點內所有Pod的資訊
/api/v1/proxy/nodes/{name}/stats/ #列出指定節點內物理資源的統計資訊
/api/v1/prxoy/nodes/{name}/spec/ #列出指定節點的概要資訊

這裡獲取的Pod資訊來自Node而非etcd資料庫，兩者時間點可能存在偏差。

2.Pod 相關的介面

點選(此處)摺疊或開啟

/api/v1/proxy/namespaces/{namespace}/pods/{name}/{path:*} #訪問pod的某個服務介面
/api/v1/proxy/namespaces/{namespace}/pods/{name} #訪問Pod
#以下寫法不同，功能一樣
/api/v1/namespaces/{namespace}/pods/{name}/proxy/{path:*} #訪問pod的某個服務介面
/api/v1/namespaces/{namespace}/pods/{name}/proxy #訪問Pod

Pod的proxy介面的作用：在kubernetes叢集之外訪問某個pod容器的服務（HTTP服務），可以用Proxy API實現，這種場景多用於管理目的，比如逐一排查Service的Pod副本，檢查哪些Pod的服務存在異常問題。

3.Service 相關的介面

點選(此處)摺疊或開啟

/api/v1/proxy/namespaces/{namespace}/services/{name}

四：叢集功能模組之間的通訊
kubernetes API Server作為叢集的核心，負責叢集各功能模組之間的通訊，叢集內各個功能模組透過API Server將資訊存入etcd，當需要獲取和操作這些資料時，透過API Server提供的REST介面（GET\LIST\WATCH方法）來實現，從而實現各模組之間的資訊互動。

1. kubelet與API SERVER互動
每個Node節點上的kubelet定期就會呼叫API Server的REST介面報告自身狀態，API Server接收這些資訊後，將節點狀態資訊更新到etcd中。kubelet也透過API Server的Watch介面監聽Pod資訊，從而對Node機器上的POD進行管理。

2. kube-controller-manager與API SERVER互動
kube-controller-manager中的Node Controller模組透過API Server提供的Watch介面，實時監控Node的資訊，並做相應處理。

3.kube-scheduler與API SERVER互動
Scheduler透過API Server的Watch介面監聽到新建Pod副本的資訊後，它會檢索所有符合該Pod要求的Node列表，開始執行Pod排程邏輯。排程成功後將Pod繫結到目標節點上。

五：說明
為了緩解各模組對API Server的訪問壓力，各功能模組都採用快取機制來快取資料，各功能模組定時從API Server獲取指定的資源物件資訊（LIST/WATCH方法），然後將資訊儲存到本地快取，功能模組在某些情況下不直接訪問API Server，而是透過訪問快取資料來間接訪問API Server。

kubernetes實踐之四十五：API Server原理分析

相關文章