Kubernetes API Operation Guide

Last updated: 2020-11-03 17:05:17

    Overview

    This document describes how to use Kubernetes APIs to perform operations in Tencent Kubernetes Engine (TKE) clusters. For example, you can use the APIs to view all namespaces in a cluster, view all pods in a specified namespace, and add, delete, or query a pod in the specified namespace.

    Directions

    Obtaining the kubeconfig cluster access credential

    1. Log in to the cluster node by referring to Log into Linux Instance Using Standard Login Method.
    2. Run the following command to obtain the location of the cluster access credential (kubeconfig) file:
      ps -ef |grep kubelet|grep -v grep
      The following figure shows the output of the command, where the location of the access credential file is /etc/kubernetes/kubelet-kubeconfig.
    3. Run the following command to go to the kubernetes directory:
      cd /etc/kubernetes
    4. Run the following commands in sequence to obtain the CA, key, and apiserver information from the kubeconfig file, respectively:
      cat  ./kubelet-kubeconfig |grep client-certificate-data | awk -F ' ' '{print $2}' |base64 -d > client-cert.pem
      cat  ./kubelet-kubeconfig |grep client-key-data | awk -F ' ' '{print $2}' |base64 -d > client-key.pem
      APISERVER=`cat  ./kubelet-kubeconfig |grep server | awk -F ' ' '{print $2}'`
      Run the ls command. Then, you can find the generated client-cert.pem and client-key.pem files in the kubernetes directory, as shown in the following figure:

    Calling Kubernetes APIs by using CURL commands

    1. Run the following command to view all namespaces in the current cluster:
      curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces

      Note:

      If an error stating insufficient permissions occurs when you run the curl command, you can resolve the error by referring to Granting cluster permissions.

    2. Run the following command to view all pods in the kube-system namespace:
      curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/kube-system/pods

    Managing pod lifecycles

    Note:

    The files created in the following steps and their content are for demonstration purposes only. You can customize them based on your actual requirements.

    Creating a pod in the JSON format

    1. Run the following command to create and open a JSON file:
      vim nginx-pod.json
    2. Copy the following content into the JSON file:
        {
            "apiVersion":"v1",
            "kind":"Pod",
            "metadata":{
                "name":"nginx",
                "namespace": "default"
            },
            "spec":{
                "containers":[
                    {
                        "name":"nginx-test",
                        "image":"nginx",
                        "ports":[
                            {
                                "containerPort": 80
                            }
                        ]
                    }
                ]
            }
        }
    3. Run the following command to create a pod:
      curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods -X POST --header 'content-type: application/json' -d@nginx-pod.json

    Creating a pod in the YAML format

    1. Run the following command to create and open a YAML file:
      vim nginx-pod.json
    2. Copy the following content into the YAML file:
        apiVersion: v1
        kind: Pod
        metadata:
          name: nginx
          namespace: default
        spec:
          containers:
          - name: nginx-test
            image: nginx
            ports:
            - containerPort: 80
    3. Run the following command to create a pod:
      curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods -X POST --header 'content-type: application/yaml' --data-binary @nginx-pod.yaml

    Querying the status of a pod

    Run the following command to query the status of a pod:

    curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx

    Querying the logs of a pod

    Run the following command to query the logs of a pod:

    curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx/log

    Querying the metrics of a pod

    Run the following command to query the metrics of a pod through the metric-server API:

    curl --cert client-cert.pem --key client-key.pem -k $APISERVER/apis/metrics.k8s.io/v1beta1/namespaces/default/pods/nginx

    Deleting a pod

    Run the following command to delete a pod:

    curl --cert client-cert.pem --key client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx -X DELETE

    Relevant Operations

    Granting cluster permissions

    If the following error occurs when you run the curl command, you must grant cluster access permissions.

    You can perform authorization by using the following two methods:

    kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help