使用curl访问apiserver

一、创建访问的证书

1、查看/root/.kube/config 

cat /root/.kube/config 

2、把证书设为环境变量

export clientcert=$(grep client-cert ~/.kube/config |cut -d" " -f 6)
export clientkey=$(grep client-key-data ~/.kube/config |cut -d" " -f 6)
export certauth=$(grep certificate-authority-data ~/.kube/config |cut -d" " -f 6)

　　

3、加密这些变量，供curl使用

echo $clientcert | base64 -d > client.pem
echo $clientkey | base64 -d > client-key.pem
echo $certauth | base64 -d > ca.pem

　　

二、使用 curl 和刚刚加密的密钥文件来访问 API server

curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/pods

　　

三、使用curl创建资源（测试创建pod）

1、创建pod的yaml文件

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
  - image: nginx:alpine
    name: test-container

2、使用curl创建pod

[root@test-k8s-master curl_ca]# curl --request POST  --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/namespaces/default/pods  -s  -w "状态码是:%{http_code}
" -o /dev/null -H 'Content-Type: application/yaml' --data 'apiVersion: v1
> kind: Pod
> metadata:
>   name: test-pod
> spec:
>   containers:
>   - image: nginx:alpine
>     name: test-container'
状态码是:201

2.1 指定yaml文件创建　　

[root@test-k8s-master curl_ca]# cat  /mnt/test-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
  - image: nginx:alpine
    name: test-container

##指定配置文件创建
curl -X POST  --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem https://192.168.1.2:6443/api/v1/namespaces/default/pods  -H 'Content-Type: application/yaml' --data-binary @/mnt/test-pod.yaml

　　

3、查看

[root@test-k8s-master curl_ca]# kubectl get pod
NAME                                     READY   STATUS    RESTARTS   AGE
test-pod                                 1/1     Running   0          14s	

　　

四、删除资源（测试删除刚才创建的pod）

1、使用curl删除pod

[root@test-k8s-master curl_ca]# curl --request DELETE --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem  https://192.168.1.2:6443/api/v1/namespaces/default/pods/test-pod  -o /dev/null  -s -w "状态码是:%{http_code}
"
状态码是:200

　　

五、修改资源(以pod为例子)

1、查看镜像

[root@test-k8s-master curl_ca]# kubectl get pod test-pod -o yaml|grep " image: "
  - image: nginx:alpine
    image: nginx:alpine

2、修改镜像

curl  -X PATCH --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem  https://192.168.1.2:6443/api/v1/namespaces/default/pods/test-pod  -H 'Content-Type: application/strategic-merge-patch+json' -d '{"spec":{"containers": [{"name":"test-container","image": "busybox:latest"}]}}'
	

　　

3、查看

[root@test-k8s-master curl_ca]# kubectl get pod test-pod -o yaml|grep " image: " 
    image: busybox:latest

　　

 五、常用api

/api/v1    #核心api
/apis      #分组api
/healthz   #监控检测
/ui        #dashboard
/metrics   #性能指标