ApiServer core functions
- API entry for cluster management
- Resource configuration control entry
- Provides a comprehensive cluster security mechanism
API Server is serviced by the Kube-Apiserver process. By default, rest services (–insecure-port) are provided on port 8080. HTTPS secure port (–secure-port=6443) can also be enabled.
roger@microk8s:~$ curl localhost:8080/api
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "192.168.10.5:16443"
}
]
}
Copy the codeYou can see that the API version is V1
Use the following URL to query resources
curl localhost:8080/api/v1/serivces curl localhost:8080/api/v1/pods curl localhost:8080/api/v1/replicaioncontrollers Curl localhost:8080/apisCopy the codeNote that the preceding commands are executed on the master node
Expose REST apis
- Method 1
kubectl proxy --reject-paths="/api/v1/replicationcontrollers" ---port=8001
Copy the codeThe above command in 8001 exposed outside rest API for/API/v1 / replicationcontrollers apis are not allowed to access
- Way 2
You can also specify the access whitelist using the –accept-hosts parameter
kubectl proxy --accept-hosts="^localhost.^127\\.0\\.0\\.1$,\\[::1\\]$" ---port=8001
Copy the code- Methods 3
Call API Server programmatically. This approach generally falls into two scenarios
- User processes running in POD need to call API Server to obtain cluster information, which is usually applied to distributed cluster construction targets, such as ES cluster.
- Develop management platform based on K8S.
In the first scenario, apiserver is represented in the K8S cluster as a service named Kubernetes
roger@microk8s:~$ kubectl get service --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default Default-http-backend ClusterIP 10.152.183.69 < None > 80/TCP 18D default HTTP-SVC ClusterIP 10.152.183.164 < None > 80/TCP 18D default kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 87D Kube-system Heapster ClusterIP 10.152.183.79 <none> 80/TCP 18d kube-system kube-DNS ClusterIP 10.152.183.10 < None > 53/UDP,53/TCP,9153/TCP 28d kube-system Kubernetes-dashboard ClusterIP 10.152.183.163 < None > 443/TCP 18D Kube-System Monitoring - Grafana ClusterIP 10.152.183.244 < None > 80/TCP 18D Kube-system monitoring- ClusterIP 10.152.183.223 < None > 8083/TCP,8086/TCP 18DCopy the codeAPI Server architecture parsing
- API layer: Mainly provides external REST apis
- Access control layer: verifies identity and authentication, and determines whether access is allowed according to the configured Adminssion control logic
- Registration surface: K8S stores all objects in Registry, defines object types for each resource object in Registry, how to create resource objects, how to convert different versions, and how to encode and decode resources into JSON or Protobuf format for storage.
- Etcd database: Used to persistently store fast S resource objects.
API Server List Watch mechanism parsing
API Server monitors resource changes through etCD’s Watch interface. When an event occurs, ETCD will notify API Server, such as Step 3. In order to make other components of K8S independent of ETCD, API Server provides a watch mechanism imitating ETCD. When an event occurs, it notifies the corresponding component, such as practice 0 in step 4, 8 and 12, indicating that watch monitoring is carried out initially.
API server API version control
API Server introduces a relatively inconvenient version of Interal for each resource, and all other versions of resource objects (data structures) can be interchangeable with other versions of objects as long as they support conversion to internal.
customer resource definition CRD
K8S built-in resources contain the following main functions
- Resource object metadata (Schema) definition: it can be understood as a database table definition, defines the data structure of the resource, the official recommendation of built-in resource object metadata definition fixed in the source code.
- Resource object validation logic: Ensures the validity of the properties of the resource object submitted by the user
- CRUD operation code for a resource object: CRUD code that can be cracked into a database table.
- Automatic control related to resource objects, such as the controller behind the Deployment object. This is a very important function. The user gives the desired resource object declaration, and the “automatic controller” is responsible for selecting the best during the operation to ensure that the number, state, and behavior of the corresponding resource object are as expected.
Now CRD 1-3 unordered programming implementation, directly write YAML, the fourth part, by calling the API server to achieve.
K8s Proxy API interface
The Proxy API interface is a special interface that API Server forwards REST requests to its K8S component and other components (such as Kubelet) respond to them.
For example, node-related interfaces are responded to by Kubelet
/ API /v1/proxy/nodes/{name}/ PODS # Obtain all pods/API /v1/proxy/nodes/{name}/stats # Obtain physical resource statistics of nodes / API /v1/proxy/nodes/{name}/spec # Obtain node summary informationCopy the codeNote that {name} is the name or address of the node. The data obtained here is from Kubelet instead of ETCD. The following interfaces are added to the Proxy API if Kubelet is started with –enable–debugging-handlers=true
/ API /v1/proxy/nodes/{name}/run/API /v1/proxy/nodes/{name}/exec / API /v1/proxy/nodes/{name}/attach # Attach a container/API /v1/proxy/nodes/{name}/portForwad # Implement POD port forwarding on the node / API /v1/proxy/nodes/{name}/log/tallylog lastlog WTMP PPP/SHSM/audit/ tuned/ annaconda / API /v1/proxy/nodes/{name}/metrics/API /v1/proxy/nodes/{name}/ runningPods / API /v1/proxy/nodes/{name}/debug/pprof # Lists the current node Web service status including CPU usage and memory usage ingkuang.Copy the codeCommunication between cluster function modules
Please give this article a thumbs up if it helps you