kubernetes API Server原理分析是怎樣的

這篇文章將為大家詳細(xì)講解有關(guān)kubernetes API Server原理分析是怎樣的，文章內(nèi)容質(zhì)量較高，因此小編分享給大家做個參考，希望大家閱讀完這篇文章后對相關(guān)知識有一定的了解。

一：簡介
k8s API Server提供了k8s各類資源對象（pod,RC,Service等）的增刪改查及watch等HTTP Rest接口，是整個系統(tǒng)的數(shù)據(jù)總線和數(shù)據(jù)中心。功能特性：
1.是集群管理的API入口
2.是資源配額控制的入口
3.提供了完善的集群安全機(jī)制


二：概述
通?？梢酝ㄟ^命令行工具Kubectl來與API Server交互，它們之間的接口是REST調(diào)用，同時也可以使用curl命令行工具進(jìn)行快速驗證。通過配置參數(shù)KUBE_MASTER="--master=http://10.116.137.196:8080" 客戶獲得API Server的訪問路徑。

1.獲取 API的版本信息
curl 10.116.137.196:8080/api

點(diǎn)擊(此處)折疊或打開

1. {
   

2.   "kind": "APIVersions",
   

3.   "versions": [
   

4.     "v1"
   

5.   ],
   

6.   "serverAddressByClientCIDRs": [
   

7.     {
   

8.       "clientCIDR": "0.0.0.0/0",
   

9.       "serverAddress": "10.116.137.196:6443"
   

10.     }
    

11.   ]
    

12. }

2.獲取目前所支持的資源對象的種類
curl 10.116.137.196:8080/api/v1

1. {
   

2.   "kind": "APIResourceList",
   

3.   "groupVersion": "v1",
   

4.   "resources": [
   

5.     {
   

6.       "name": "bindings",
   

7.       "singularName": "",
   

8.       "namespaced": true,
   

9.       "kind": "Binding",
   

10.       "verbs": [
    

11.         "create"
    

12.       ]
    

13.     },
    

14.     {
    

15.       "name": "componentstatuses",
    

16.       "singularName": "",
    

17.       "namespaced": false,
    

18.       "kind": "ComponentStatus",
    

19.       "verbs": [
    

20.         "get",
    

21.         "list"
    

22.       ],
    

23.       "shortNames": [
    

24.         "cs"
    

25.       ]
    

26.     },
    

27.     {
    

28.       "name": "configmaps",
    

29.       "singularName": "",
    

30.       "namespaced": true,
    

31.       "kind": "ConfigMap",
    

32.       "verbs": [
    

33.         "create",
    

34.         "delete",
    

35.         "deletecollection",
    

36.         "get",
    

37.         "list",
    

38.         "patch",
    

39.         "update",
    

40.         "watch"
    

41.       ],
    

42.       "shortNames": [
    

43.         "cm"
    

44.       ]
    

45.     },
    

46.     {
    

47.       "name": "endpoints",
    

48.       "singularName": "",
    

49.       "namespaced": true,
    

50.       "kind": "Endpoints",
    

51.       "verbs": [
    

52.         "create",
    

53.         "delete",
    

54.         "deletecollection",
    

55.         "get",
    

56.         "list",
    

57.         "patch",
    

58.         "update",
    

59.         "watch"
    

60.       ],
    

61.       "shortNames": [
    

62.         "ep"
    

63.       ]
    

64.     },
    

65.     {
    

66.       "name": "events",
    

67.       "singularName": "",
    

68.       "namespaced": true,
    

69.       "kind": "Event",
    

70.       "verbs": [
    

71.         "create",
    

72.         "delete",
    

73.         "deletecollection",
    

74.         "get",
    

75.         "list",
    

76.         "patch",
    

77.         "update",
    

78.         "watch"
    

79.       ],
    

80.       "shortNames": [
    

81.         "ev"
    

82.       ]
    

83.     },
    

84.     {
    

85.       "name": "limitranges",
    

86.       "singularName": "",
    

87.       "namespaced": true,
    

88.       "kind": "LimitRange",
    

89.       "verbs": [
    

90.         "create",
    

91.         "delete",
    

92.         "deletecollection",
    

93.         "get",
    

94.         "list",
    

95.         "patch",
    

96.         "update",
    

97.         "watch"
    

98.       ],
    

99.       "shortNames": [
    

100.         "limits"
     

101.       ]
     

102.     },
     

103.     {
     

104.       "name": "namespaces",
     

105.       "singularName": "",
     

106.       "namespaced": false,
     

107.       "kind": "Namespace",
     

108.       "verbs": [
     

109.         "create",
     

110.         "delete",
     

111.         "get",
     

112.         "list",
     

113.         "patch",
     

114.         "update",
     

115.         "watch"
     

116.       ],
     

117.       "shortNames": [
     

118.         "ns"
     

119.       ]
     

120.     },
     

121.     {
     

122.       "name": "namespaces/finalize",
     

123.       "singularName": "",
     

124.       "namespaced": false,
     

125.       "kind": "Namespace",
     

126.       "verbs": [
     

127.         "update"
     

128.       ]
     

129.     },
     

130.     {
     

131.       "name": "namespaces/status",
     

132.       "singularName": "",
     

133.       "namespaced": false,
     

134.       "kind": "Namespace",
     

135.       "verbs": [
     

136.         "get",
     

137.         "patch",
     

138.         "update"
     

139.       ]
     

140.     },
     

141.     {
     

142.       "name": "nodes",
     

143.       "singularName": "",
     

144.       "namespaced": false,
     

145.       "kind": "Node",
     

146.       "verbs": [
     

147.         "create",
     

148.         "delete",
     

149.         "deletecollection",
     

150.         "get",
     

151.         "list",
     

152.         "patch",
     

153.         "proxy",
     

154.         "update",
     

155.         "watch"
     

156.       ],
     

157.       "shortNames": [
     

158.         "no"
     

159.       ]
     

160.     },
     

161.     {
     

162.       "name": "nodes/proxy",
     

163.       "singularName": "",
     

164.       "namespaced": false,
     

165.       "kind": "Node",
     

166.       "verbs": []
     

167.     },
     

168.     {
     

169.       "name": "nodes/status",
     

170.       "singularName": "",
     

171.       "namespaced": false,
     

172.       "kind": "Node",
     

173.       "verbs": [
     

174.         "get",
     

175.         "patch",
     

176.         "update"
     

177.       ]
     

178.     },
     

179.     {
     

180.       "name": "persistentvolumeclaims",
     

181.       "singularName": "",
     

182.       "namespaced": true,
     

183.       "kind": "PersistentVolumeClaim",
     

184.       "verbs": [
     

185.         "create",
     

186.         "delete",
     

187.         "deletecollection",
     

188.         "get",
     

189.         "list",
     

190.         "patch",
     

191.         "update",
     

192.         "watch"
     

193.       ],
     

194.       "shortNames": [
     

195.         "pvc"
     

196.       ]
     

197.     },
     

198.     {
     

199.       "name": "persistentvolumeclaims/status",
     

200.       "singularName": "",
     

201.       "namespaced": true,
     

202.       "kind": "PersistentVolumeClaim",
     

203.       "verbs": [
     

204.         "get",
     

205.         "patch",
     

206.         "update"
     

207.       ]
     

208.     },
     

209.     {
     

210.       "name": "persistentvolumes",
     

211.       "singularName": "",
     

212.       "namespaced": false,
     

213.       "kind": "PersistentVolume",
     

214.       "verbs": [
     

215.         "create",
     

216.         "delete",
     

217.         "deletecollection",
     

218.         "get",
     

219.         "list",
     

220.         "patch",
     

221.         "update",
     

222.         "watch"
     

223.       ],
     

224.       "shortNames": [
     

225.         "pv"
     

226.       ]
     

227.     },
     

228.     {
     

229.       "name": "persistentvolumes/status",
     

230.       "singularName": "",
     

231.       "namespaced": false,
     

232.       "kind": "PersistentVolume",
     

233.       "verbs": [
     

234.         "get",
     

235.         "patch",
     

236.         "update"
     

237.       ]
     

238.     },
     

239.     {
     

240.       "name": "pods",
     

241.       "singularName": "",
     

242.       "namespaced": true,
     

243.       "kind": "Pod",
     

244.       "verbs": [
     

245.         "create",
     

246.         "delete",
     

247.         "deletecollection",
     

248.         "get",
     

249.         "list",
     

250.         "patch",
     

251.         "proxy",
     

252.         "update",
     

253.         "watch"
     

254.       ],
     

255.       "shortNames": [
     

256.         "po"
     

257.       ],
     

258.       "categories": [
     

259.         "all"
     

260.       ]
     

261.     },
     

262.     {
     

263.       "name": "pods/attach",
     

264.       "singularName": "",
     

265.       "namespaced": true,
     

266.       "kind": "Pod",
     

267.       "verbs": []
     

268.     },
     

269.     {
     

270.       "name": "pods/binding",
     

271.       "singularName": "",
     

272.       "namespaced": true,
     

273.       "kind": "Binding",
     

274.       "verbs": [
     

275.         "create"
     

276.       ]
     

277.     },
     

278.     {
     

279.       "name": "pods/eviction",
     

280.       "singularName": "",
     

281.       "namespaced": true,
     

282.       "group": "policy",
     

283.       "version": "v1beta1",
     

284.       "kind": "Eviction",
     

285.       "verbs": [
     

286.         "create"
     

287.       ]
     

288.     },
     

289.     {
     

290.       "name": "pods/exec",
     

291.       "singularName": "",
     

292.       "namespaced": true,
     

293.       "kind": "Pod",
     

294.       "verbs": []
     

295.     },
     

296.     {
     

297.       "name": "pods/log",
     

298.       "singularName": "",
     

299.       "namespaced": true,
     

300.       "kind": "Pod",
     

301.       "verbs": [
     

302.         "get"
     

303.       ]
     

304.     },
     

305.     {
     

306.       "name": "pods/portforward",
     

307.       "singularName": "",
     

308.       "namespaced": true,
     

309.       "kind": "Pod",
     

310.       "verbs": []
     

311.     },
     

312.     {
     

313.       "name": "pods/proxy",
     

314.       "singularName": "",
     

315.       "namespaced": true,
     

316.       "kind": "Pod",
     

317.       "verbs": []
     

318.     },
     

319.     {
     

320.       "name": "pods/status",
     

321.       "singularName": "",
     

322.       "namespaced": true,
     

323.       "kind": "Pod",
     

324.       "verbs": [
     

325.         "get",
     

326.         "patch",
     

327.         "update"
     

328.       ]
     

329.     },
     

330.     {
     

331.       "name": "podtemplates",
     

332.       "singularName": "",
     

333.       "namespaced": true,
     

334.       "kind": "PodTemplate",
     

335.       "verbs": [
     

336.         "create",
     

337.         "delete",
     

338.         "deletecollection",
     

339.         "get",
     

340.         "list",
     

341.         "patch",
     

342.         "update",
     

343.         "watch"
     

344.       ]
     

345.     },
     

346.     {
     

347.       "name": "replicationcontrollers",
     

348.       "singularName": "",
     

349.       "namespaced": true,
     

350.       "kind": "ReplicationController",
     

351.       "verbs": [
     

352.         "create",
     

353.         "delete",
     

354.         "deletecollection",
     

355.         "get",
     

356.         "list",
     

357.         "patch",
     

358.         "update",
     

359.         "watch"
     

360.       ],
     

361.       "shortNames": [
     

362.         "rc"
     

363.       ],
     

364.       "categories": [
     

365.         "all"
     

366.       ]
     

367.     },
     

368.     {
     

369.       "name": "replicationcontrollers/scale",
     

370.       "singularName": "",
     

371.       "namespaced": true,
     

372.       "group": "autoscaling",
     

373.       "version": "v1",
     

374.       "kind": "Scale",
     

375.       "verbs": [
     

376.         "get",
     

377.         "patch",
     

378.         "update"
     

379.       ]
     

380.     },
     

381.     {
     

382.       "name": "replicationcontrollers/status",
     

383.       "singularName": "",
     

384.       "namespaced": true,
     

385.       "kind": "ReplicationController",
     

386.       "verbs": [
     

387.         "get",
     

388.         "patch",
     

389.         "update"
     

390.       ]
     

391.     },
     

392.     {
     

393.       "name": "resourcequotas",
     

394.       "singularName": "",
     

395.       "namespaced": true,
     

396.       "kind": "ResourceQuota",
     

397.       "verbs": [
     

398.         "create",
     

399.         "delete",
     

400.         "deletecollection",
     

401.         "get",
     

402.         "list",
     

403.         "patch",
     

404.         "update",
     

405.         "watch"
     

406.       ],
     

407.       "shortNames": [
     

408.         "quota"
     

409.       ]
     

410.     },
     

411.     {
     

412.       "name": "resourcequotas/status",
     

413.       "singularName": "",
     

414.       "namespaced": true,
     

415.       "kind": "ResourceQuota",
     

416.       "verbs": [
     

417.         "get",
     

418.         "patch",
     

419.         "update"
     

420.       ]
     

421.     },
     

422.     {
     

423.       "name": "secrets",
     

424.       "singularName": "",
     

425.       "namespaced": true,
     

426.       "kind": "Secret",
     

427.       "verbs": [
     

428.         "create",
     

429.         "delete",
     

430.         "deletecollection",
     

431.         "get",
     

432.         "list",
     

433.         "patch",
     

434.         "update",
     

435.         "watch"
     

436.       ]
     

437.     },
     

438.     {
     

439.       "name": "serviceaccounts",
     

440.       "singularName": "",
     

441.       "namespaced": true,
     

442.       "kind": "ServiceAccount",
     

443.       "verbs": [
     

444.         "create",
     

445.         "delete",
     

446.         "deletecollection",
     

447.         "get",
     

448.         "list",
     

449.         "patch",
     

450.         "update",
     

451.         "watch"
     

452.       ],
     

453.       "shortNames": [
     

454.         "sa"
     

455.       ]
     

456.     },
     

457.     {
     

458.       "name": "services",
     

459.       "singularName": "",
     

460.       "namespaced": true,
     

461.       "kind": "Service",
     

462.       "verbs": [
     

463.         "create",
     

464.         "delete",
     

465.         "get",
     

466.         "list",
     

467.         "patch",
     

468.         "proxy",
     

469.         "update",
     

470.         "watch"
     

471.       ],
     

472.       "shortNames": [
     

473.         "svc"
     

474.       ],
     

475.       "categories": [
     

476.         "all"
     

477.       ]
     

478.     },
     

479.     {
     

480.       "name": "services/proxy",
     

481.       "singularName": "",
     

482.       "namespaced": true,
     

483.       "kind": "Service",
     

484.       "verbs": []
     

485.     },
     

486.     {
     

487.       "name": "services/status",
     

488.       "singularName": "",
     

489.       "namespaced": true,
     

490.       "kind": "Service",
     

491.       "verbs": [
     

492.         "get",
     

493.         "patch",
     

494.         "update"
     

495.       ]
     

496.     }
     

497.   ]
     

498. }

3.如果只想對外暴露部分REST服務(wù)，則可以在Master或其他任何節(jié)點(diǎn)上通過運(yùn)行kubectl proxy進(jìn)程啟動一個內(nèi)部代理來實現(xiàn)
kubectl proxy --port=8001

三：Kubernetes Proxy API接口

 API Server最主要的REST接口是資源對象的增刪改查，另外還有一類特殊的REST接口--Kubernetes  Proxy API接口，這類接口的作用是代理REST請求，即kubernetes API Server把收到的REST請求轉(zhuǎn)發(fā)到某個Node上的kubelet守護(hù)進(jìn)程的REST端口上，由該kubelet進(jìn)程負(fù)責(zé)響應(yīng)。

1.Node 相關(guān)的接口

點(diǎn)擊(此處)折疊或打開

1. /api/v1/proxy/nodes/{name}/pods/    #列出指定節(jié)點(diǎn)內(nèi)所有Pod的信息
   

2. 
   

3. /api/v1/proxy/nodes/{name}/stats/   #列出指定節(jié)點(diǎn)內(nèi)物理資源的統(tǒng)計信息
   

4. 
   

5. /api/v1/prxoy/nodes/{name}/spec/    #列出指定節(jié)點(diǎn)的概要信息

這里獲取的Pod信息來自Node而非etcd數(shù)據(jù)庫，兩者時間點(diǎn)可能存在偏差。

2.Pod 相關(guān)的接口

點(diǎn)擊(此處)折疊或打開

1. /api/v1/proxy/namespaces/{namespace}/pods/{name}/{path:*} #訪問pod的某個服務(wù)接口
   

2. 
   

3. /api/v1/proxy/namespaces/{namespace}/pods/{name} #訪問Pod
   

4. 
   

5. #以下寫法不同，功能一樣
   

6. 
   

7. /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path:*} #訪問pod的某個服務(wù)接口
   

8. 
   

9. /api/v1/namespaces/{namespace}/pods/{name}/proxy               #訪問Pod

Pod的proxy接口的作用：在kubernetes集群之外訪問某個pod容器的服務(wù)（HTTP服務(wù)），可以用Proxy API實現(xiàn)，這種場景多用于管理目的，比如逐一排查Service的Pod副本，檢查哪些Pod的服務(wù)存在異常問題。

3.Service 相關(guān)的接口

點(diǎn)擊(此處)折疊或打開

1. /api/v1/proxy/namespaces/{namespace}/services/{name}

四：集群功能模塊之間的通信
kubernetes API Server作為集群的核心，負(fù)責(zé)集群各功能模塊之間的通信，集群內(nèi)各個功能模塊通過API Server將信息存入etcd，當(dāng)需要獲取和操作這些數(shù)據(jù)時，通過API Server提供的REST接口（GET\LIST\WATCH方法）來實現(xiàn)，從而實現(xiàn)各模塊之間的信息交互。

1. kubelet與API SERVER交互
每個Node節(jié)點(diǎn)上的kubelet定期就會調(diào)用API Server的REST接口報告自身狀態(tài)，API Server接收這些信息后，將節(jié)點(diǎn)狀態(tài)信息更新到etcd中。kubelet也通過API Server的Watch接口監(jiān)聽Pod信息，從而對Node機(jī)器上的POD進(jìn)行管理。

2. kube-controller-manager與API SERVER交互
kube-controller-manager中的Node Controller模塊通過API Server提供的Watch接口，實時監(jiān)控Node的信息，并做相應(yīng)處理。

3.kube-scheduler與API SERVER交互
Scheduler通過API Server的Watch接口監(jiān)聽到新建Pod副本的信息后，它會檢索所有符合該P(yáng)od要求的Node列表，開始執(zhí)行Pod調(diào)度邏輯。調(diào)度成功后將Pod綁定到目標(biāo)節(jié)點(diǎn)上。

五： 說明
為了緩解各模塊對API Server的訪問壓力，各功能模塊都采用緩存機(jī)制來緩存數(shù)據(jù)，各功能模塊定時從API Server獲取指定的資源對象信息（LIST/WATCH方法），然后將信息保存到本地緩存，功能模塊在某些情況下不直接訪問API Server，而是通過訪問緩存數(shù)據(jù)來間接訪問API Server。

關(guān)于kubernetes API Server原理分析是怎樣的就分享到這里了，希望以上內(nèi)容可以對大家有一定的幫助，可以學(xué)到更多知識。如果覺得文章不錯，可以把它分享出去讓更多的人看到。