先说CloudFoundry的命令行工具CLI。我们在CloudFoundry环境下工作,第一个使用的命令就是cf login。 如果在环境变量里维护CF_TRACE的值为true: 则我们能发现,诸如cf login这种命令,实际上也是通过消费Restful API来完成的。 下图是cf login这个命令的api endpoint请求细节,供大家参考: API endpoint: https://api.cf.eu10.hana. REQUEST: [2018-09-21T14:50:57+08:00] GET /v2/info HTTP/1.1 Host: api.cf.eu10.hana. Accept: application/json Content-Type: application/json User-Agent: go-cli 6.36.1+e3799ad7e.2018-04-04 / windows RESPONSE: [2018-09-21T14:50:59+08:00] HTTP/1.1 200 OK Connection: close Content-Length: 550 Content-Type: application/json;charset=utf-8 Date: Fri, 21 Sep 2018 06:50:58 GMT Server: nginx X-Content-Type-Options: nosniff X-Vcap-Request-Id: abf32f52-294a-41f5-5919-be948d78f0dd::a32b17bb-da82-4d45-930f-f0344c8a83b3 {"name":"","build":"","support":"","version":0,"description":"Cloud Foundry at SAP Cloud Platform","authorization_endpoint":"https://login.cf.eu10.hana.","token_endpoint":"[PRIVATE DATA HIDDEN]","min_cli_version":null,"min_recommended_cli_version":null,"api_version":"2.115.0","app_ssh_endpoint":"ssh.cf.eu10.hana.:2222","app_ssh_host_key_fingerprint":"f3:12:47:b5:3a:19:6e:6c:4e:9d:90:2e:6f:8e:87:cc","app_ssh_oauth_client":"ssh-proxy","doppler_logging_endpoint":"wss://doppler.cf.eu10.hana.:443"} REQUEST: [2018-09-21T14:50:59+08:00] GET /login HTTP/1.1 Host: login.cf.eu10.hana. Accept: application/json Content-Type: application/json User-Agent: go-cli 6.36.1+e3799ad7e.2018-04-04 / windows API响应结果: RESPONSE: [2018-09-21T14:51:00+08:00] HTTP/1.1 200 OK Connection: close Content-Length: 551 Cache-Control: no-store Content-Language: en-US Content-Type: application/json;charset=UTF-8 Date: Fri, 21 Sep 2018 06:50:59 GMT Set-Cookie: X-Uaa-Csrf=8uoxBvyG8QCwo29efrrZNh; Max-Age=86400; Expires=Sat, 22-Sep-2018 06:51:00 GMT; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=31536000 ; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-Vcap-Request-Id: f6b29d8f-f78e-4c5e-61f3-5c9d906828ed X-Xss-Protection: 1; mode=block {"app":{"version":"4.19.0"},"links":{"uaa":"https://uaa.cf.eu10.hana.","passwd":"https://accounts./ui/createForgottenPasswordMail?spName=cf.eu10.hana.","login":"https://login.cf.eu10.hana.","register":"https://accounts./ui/public/showRegisterForm?spName=cf.eu10.hana."},"zone_name":"uaa","entityID":"login.cf.eu10.hana.","commit_id":"7897100","idpDefinitions":{},"prompts":{"username":["text","Email"],"password":["password","Password"]},"timestamp":"2018-06-13T12:02:09-0700"} Email> 再看Kubernetes。我们用的很多的命令: kubectl get pods,返回pods列表。 CloudFoundry命令行和Kubernetes命令行的Restful API消费方式 而用命令行 kubectl --v=8 get pods 则发现,get pods这个命令实际上也是发请求发往Kubernetes的API server: https://<ip>:6443/api/v1/namespaces/default/pods?limit=500 API请求明细如下: API server是Kubernetes最重要的核心组件之一: 1. 提供集群管理的REST API接口,包括认证授权、数据校验以及集群状态变更等 2. 提供其他模块之间的数据交互和通信的枢纽(其他模块通过API Server查询或修改 数据,只有API Server才直接操作etcd) kube-apiserver支持同时提供https(默认监听在6443端口)和http API(默认监听在 127.0.0.1的8080端口),其中http API是非安全接口,不做任何认证授权机制,不建议 生产环境启用。两个接口提供的REST API格式相同,参考Kubernetes API Reference查 看所有API的调用格式。 在实际使用中,通常通过kubectl来访问apiserver,也可以通过Kubernetes各个语言的 client库来访问apiserver。 比如上面get pods命令对应的API的文档: https:///docs/reference/generated/kubernetes-api/v1.10/#list-62 要获取更多Jerry的原创文章,请关注公众号"汪子熙": |
|
来自: 汪子熙 > 《Kubernetes》