晒晒狗 vs 练练手

0%

K8s Python SDK

发表于 分类于 Disqus:
本文字数: 4.4k 阅读时长 ≈ 4 分钟

用户及授权

创建用户

  • script_sc_rolebinding.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
apiVersion: v1
kind: ServiceAccount
metadata:
  name: script-admin
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: script-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: script-admin
  namespace: kube-system
1
$ kubectl apply -f script_sc_rolebinding.yml

获取token

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
$ kubectl get secret -n kube-system | grep script-admin
script-admin-token-9rkpl                         kubernetes.io/service-account-token   3      4m23s
$ kubectl describe secret -n kube-system script-admin-token-9rkpl
Name:         script-admin-token-9rkpl
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: script-admin
              kubernetes.io/service-account.uid: 9071a506-ae74-4b52-b3d7-25381349fd8b

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1070 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6Ikt4SWlabUpwY3U0NWQ4eHY0UWdGNmE0Rm5IRnBtZUMxMjRIV0YzM1kwUFUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJzY3JpcHQtYWRtaW4tdG9rZW4tOXJrcGwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoic2NyaXB0LWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTA3MWE1MDYtYWU3NC00YjUyLWIzZDctMjUzODEzNDlmZDhiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOnNjcmlwdC1hZG1pbiJ9.gnSMNViPwf53aG66qn_vUGkMMLKcSIsug2uZPqxH-Lwq7dgAHK7Xen01xWGA9l51xq2wH88xylLP7j6BeZVhtX40DIs3hquxCvX4U7lEollG3AUybxvgeo3Et8G290-eurt6YLS2F1AbSd5qB5SsTfoshVP2UzOqe-gQY1JhPSUK-2CgDH2jMnxLY2qHWbaHB0VY0E8A8keBrHxctetRzyIXHnpbFxCHTLQwEl5rIfoHdZyNn1Q3ALefvpgk_XYijPrbcAFObNtM2HG8Ethrrw0vQuyb1EBHu07RXN_qNsn-QGjEwj_B3k9fbkNA3AxoYN26szPIkpCzhuVeulk5vw

使用python sdk

安装python sdk

参考https://github.com/kubernetes-client/python

1
$ pip install kubernetes

Demo

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import requests
requests.packages.urllib3.disable_warnings()
from kubernetes import client, config
from kubernetes.client.rest import ApiException

token = "eyJhbGciOiJSUzI1NiIsImtpZCI6Ikt4SWlabUpwY3U0NWQ4eHY0UWdGNmE0Rm5IRnBtZUMxMjRIV0YzM1kwUFUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJzY3JpcHQtYWRtaW4tdG9rZW4tOXJrcGwiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoic2NyaXB0LWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTA3MWE1MDYtYWU3NC00YjUyLWIzZDctMjUzODEzNDlmZDhiIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOnNjcmlwdC1hZG1pbiJ9.gnSMNViPwf53aG66qn_vUGkMMLKcSIsug2uZPqxH-Lwq7dgAHK7Xen01xWGA9l51xq2wH88xylLP7j6BeZVhtX40DIs3hquxCvX4U7lEollG3AUybxvgeo3Et8G290-eurt6YLS2F1AbSd5qB5SsTfoshVP2UzOqe-gQY1JhPSUK-2CgDH2jMnxLY2qHWbaHB0VY0E8A8keBrHxctetRzyIXHnpbFxCHTLQwEl5rIfoHdZyNn1Q3ALefvpgk_XYijPrbcAFObNtM2HG8Ethrrw0vQuyb1EBHu07RXN_qNsn-QGjEwj_B3k9fbkNA3AxoYN26szPIkpCzhuVeulk5vw"
configuration = client.Configuration()
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = token
configuration.verify_ssl = False
configuration.host = "https://10.160.12.184:6443"

api_client = client.ApiClient(configuration)
api_instance = client.CoreV1Api(api_client)
# create a namespace
ns_name = "script-test"
body = {"apiVersion": "v1", "kind": "Namespace", "metadata": {"name": ns_name}}
try:
    res = api_instance.create_namespace(body)
    if res.status.phase == "Active":
        print("Namespace '{}' create success.".format(ns_name))
except ApiException as e:
    print("Namespace '{}' create failed: {}".format(ns_name, e))

# get namespace list
try:
    res = api_instance.list_namespace()
    for ns in res.items:
        print(ns.metadata.name)
except ApiException as e:
    print("Get namespace list failed: {}".format(e))

# delete namespace
try:
    api_instance.delete_namespace(ns_name)
    print("Namespace '{}' delete success.".format(ns_name))
except ApiException as e:
    print("Namespace '{}' delete failed: {}".format(ns_name, e))
  • Output
1
2
3
4
5
6
Namespace 'script-test' create success.
default
kube-public
kube-system
script-test
Namespace 'script-test' delete success.

后记

看了https://github.com/kubernetes-client/python/blob/master/kubernetes/README.md中的api列表,可以看到有一些方法是用CoreV1Api,有些是BatchApi

平日里大部分时间使用yaml文件来部署的,包括v1,AppsV1Api,BatchV1Api等,也是同yaml文件中。也就是说,不同的资源需要使用不同的api instance来进行操作。

相关文章