kubernetes API Server原理分析是怎样的

这篇文章将为大家详细讲解有关kubernetes API Server原理分析是怎样的，文章内容质量较高，因此小编分享给大家做个参考，希望大家阅读完这篇文章后对相关知识有一定的了解。

一：简介
k8s API Server提供了k8s各类资源对象（pod,RC,Service等）的增删改查及watch等HTTP Rest接口，是整个系统的数据总线和数据中心。功能特性：
1.是集群管理的API入口
2.是资源配额控制的入口
3.提供了完善的集群安全机制


二：概述
通常可以通过命令行工具Kubectl来与API Server交互，它们之间的接口是REST调用，同时也可以使用curl命令行工具进行快速验证。通过配置参数KUBE_MASTER="--master=http://10.116.137.196:8080" 客户获得API Server的访问路径。

1.获取 API的版本信息
curl 10.116.137.196:8080/api

点击(此处)折叠或打开

1. {
   

2. "kind": "APIVersions",
   

3. "versions": [
   

4. "v1"
   

5. ],
   

6. "serverAddressByClientCIDRs": [
   

7. {
   

8. "clientCIDR": "0.0.0.0/0",
   

9. "serverAddress": "10.116.137.196:6443"
   

10. }
    

11. ]
    

12. }

2.获取目前所支持的资源对象的种类
curl 10.116.137.196:8080/api/v1

1. {
   

2. "kind": "APIResourceList",
   

3. "groupVersion": "v1",
   

4. "resources": [
   

5. {
   

6. "name": "bindings",
   

7. "singularName": "",
   

8. "namespaced": true,
   

9. "kind": "Binding",
   

10. "verbs": [
    

11. "create"
    

12. ]
    

13. },
    

14. {
    

15. "name": "componentstatuses",
    

16. "singularName": "",
    

17. "namespaced": false,
    

18. "kind": "ComponentStatus",
    

19. "verbs": [
    

20. "get",
    

21. "list"
    

22. ],
    

23. "shortNames": [
    

24. "cs"
    

25. ]
    

26. },
    

27. {
    

28. "name": "configmaps",
    

29. "singularName": "",
    

30. "namespaced": true,
    

31. "kind": "ConfigMap",
    

32. "verbs": [
    

33. "create",
    

34. "delete",
    

35. "deletecollection",
    

36. "get",
    

37. "list",
    

38. "patch",
    

39. "update",
    

40. "watch"
    

41. ],
    

42. "shortNames": [
    

43. "cm"
    

44. ]
    

45. },
    

46. {
    

47. "name": "endpoints",
    

48. "singularName": "",
    

49. "namespaced": true,
    

50. "kind": "Endpoints",
    

51. "verbs": [
    

52. "create",
    

53. "delete",
    

54. "deletecollection",
    

55. "get",
    

56. "list",
    

57. "patch",
    

58. "update",
    

59. "watch"
    

60. ],
    

61. "shortNames": [
    

62. "ep"
    

63. ]
    

64. },
    

65. {
    

66. "name": "events",
    

67. "singularName": "",
    

68. "namespaced": true,
    

69. "kind": "Event",
    

70. "verbs": [
    

71. "create",
    

72. "delete",
    

73. "deletecollection",
    

74. "get",
    

75. "list",
    

76. "patch",
    

77. "update",
    

78. "watch"
    

79. ],
    

80. "shortNames": [
    

81. "ev"
    

82. ]
    

83. },
    

84. {
    

85. "name": "limitranges",
    

86. "singularName": "",
    

87. "namespaced": true,
    

88. "kind": "LimitRange",
    

89. "verbs": [
    

90. "create",
    

91. "delete",
    

92. "deletecollection",
    

93. "get",
    

94. "list",
    

95. "patch",
    

96. "update",
    

97. "watch"
    

98. ],
    

99. "shortNames": [
    

100. "limits"
     

101. ]
     

102. },
     

103. {
     

104. "name": "namespaces",
     

105. "singularName": "",
     

106. "namespaced": false,
     

107. "kind": "Namespace",
     

108. "verbs": [
     

109. "create",
     

110. "delete",
     

111. "get",
     

112. "list",
     

113. "patch",
     

114. "update",
     

115. "watch"
     

116. ],
     

117. "shortNames": [
     

118. "ns"
     

119. ]
     

120. },
     

121. {
     

122. "name": "namespaces/finalize",
     

123. "singularName": "",
     

124. "namespaced": false,
     

125. "kind": "Namespace",
     

126. "verbs": [
     

127. "update"
     

128. ]
     

129. },
     

130. {
     

131. "name": "namespaces/status",
     

132. "singularName": "",
     

133. "namespaced": false,
     

134. "kind": "Namespace",
     

135. "verbs": [
     

136. "get",
     

137. "patch",
     

138. "update"
     

139. ]
     

140. },
     

141. {
     

142. "name": "nodes",
     

143. "singularName": "",
     

144. "namespaced": false,
     

145. "kind": "Node",
     

146. "verbs": [
     

147. "create",
     

148. "delete",
     

149. "deletecollection",
     

150. "get",
     

151. "list",
     

152. "patch",
     

153. "proxy",
     

154. "update",
     

155. "watch"
     

156. ],
     

157. "shortNames": [
     

158. "no"
     

159. ]
     

160. },
     

161. {
     

162. "name": "nodes/proxy",
     

163. "singularName": "",
     

164. "namespaced": false,
     

165. "kind": "Node",
     

166. "verbs": []
     

167. },
     

168. {
     

169. "name": "nodes/status",
     

170. "singularName": "",
     

171. "namespaced": false,
     

172. "kind": "Node",
     

173. "verbs": [
     

174. "get",
     

175. "patch",
     

176. "update"
     

177. ]
     

178. },
     

179. {
     

180. "name": "persistentvolumeclaims",
     

181. "singularName": "",
     

182. "namespaced": true,
     

183. "kind": "PersistentVolumeClaim",
     

184. "verbs": [
     

185. "create",
     

186. "delete",
     

187. "deletecollection",
     

188. "get",
     

189. "list",
     

190. "patch",
     

191. "update",
     

192. "watch"
     

193. ],
     

194. "shortNames": [
     

195. "pvc"
     

196. ]
     

197. },
     

198. {
     

199. "name": "persistentvolumeclaims/status",
     

200. "singularName": "",
     

201. "namespaced": true,
     

202. "kind": "PersistentVolumeClaim",
     

203. "verbs": [
     

204. "get",
     

205. "patch",
     

206. "update"
     

207. ]
     

208. },
     

209. {
     

210. "name": "persistentvolumes",
     

211. "singularName": "",
     

212. "namespaced": false,
     

213. "kind": "PersistentVolume",
     

214. "verbs": [
     

215. "create",
     

216. "delete",
     

217. "deletecollection",
     

218. "get",
     

219. "list",
     

220. "patch",
     

221. "update",
     

222. "watch"
     

223. ],
     

224. "shortNames": [
     

225. "pv"
     

226. ]
     

227. },
     

228. {
     

229. "name": "persistentvolumes/status",
     

230. "singularName": "",
     

231. "namespaced": false,
     

232. "kind": "PersistentVolume",
     

233. "verbs": [
     

234. "get",
     

235. "patch",
     

236. "update"
     

237. ]
     

238. },
     

239. {
     

240. "name": "pods",
     

241. "singularName": "",
     

242. "namespaced": true,
     

243. "kind": "Pod",
     

244. "verbs": [
     

245. "create",
     

246. "delete",
     

247. "deletecollection",
     

248. "get",
     

249. "list",
     

250. "patch",
     

251. "proxy",
     

252. "update",
     

253. "watch"
     

254. ],
     

255. "shortNames": [
     

256. "po"
     

257. ],
     

258. "categories": [
     

259. "all"
     

260. ]
     

261. },
     

262. {
     

263. "name": "pods/attach",
     

264. "singularName": "",
     

265. "namespaced": true,
     

266. "kind": "Pod",
     

267. "verbs": []
     

268. },
     

269. {
     

270. "name": "pods/binding",
     

271. "singularName": "",
     

272. "namespaced": true,
     

273. "kind": "Binding",
     

274. "verbs": [
     

275. "create"
     

276. ]
     

277. },
     

278. {
     

279. "name": "pods/eviction",
     

280. "singularName": "",
     

281. "namespaced": true,
     

282. "group": "policy",
     

283. "version": "v1beta1",
     

284. "kind": "Eviction",
     

285. "verbs": [
     

286. "create"
     

287. ]
     

288. },
     

289. {
     

290. "name": "pods/exec",
     

291. "singularName": "",
     

292. "namespaced": true,
     

293. "kind": "Pod",
     

294. "verbs": []
     

295. },
     

296. {
     

297. "name": "pods/log",
     

298. "singularName": "",
     

299. "namespaced": true,
     

300. "kind": "Pod",
     

301. "verbs": [
     

302. "get"
     

303. ]
     

304. },
     

305. {
     

306. "name": "pods/portforward",
     

307. "singularName": "",
     

308. "namespaced": true,
     

309. "kind": "Pod",
     

310. "verbs": []
     

311. },
     

312. {
     

313. "name": "pods/proxy",
     

314. "singularName": "",
     

315. "namespaced": true,
     

316. "kind": "Pod",
     

317. "verbs": []
     

318. },
     

319. {
     

320. "name": "pods/status",
     

321. "singularName": "",
     

322. "namespaced": true,
     

323. "kind": "Pod",
     

324. "verbs": [
     

325. "get",
     

326. "patch",
     

327. "update"
     

328. ]
     

329. },
     

330. {
     

331. "name": "podtemplates",
     

332. "singularName": "",
     

333. "namespaced": true,
     

334. "kind": "PodTemplate",
     

335. "verbs": [
     

336. "create",
     

337. "delete",
     

338. "deletecollection",
     

339. "get",
     

340. "list",
     

341. "patch",
     

342. "update",
     

343. "watch"
     

344. ]
     

345. },
     

346. {
     

347. "name": "replicationcontrollers",
     

348. "singularName": "",
     

349. "namespaced": true,
     

350. "kind": "ReplicationController",
     

351. "verbs": [
     

352. "create",
     

353. "delete",
     

354. "deletecollection",
     

355. "get",
     

356. "list",
     

357. "patch",
     

358. "update",
     

359. "watch"
     

360. ],
     

361. "shortNames": [
     

362. "rc"
     

363. ],
     

364. "categories": [
     

365. "all"
     

366. ]
     

367. },
     

368. {
     

369. "name": "replicationcontrollers/scale",
     

370. "singularName": "",
     

371. "namespaced": true,
     

372. "group": "autoscaling",
     

373. "version": "v1",
     

374. "kind": "Scale",
     

375. "verbs": [
     

376. "get",
     

377. "patch",
     

378. "update"
     

379. ]
     

380. },
     

381. {
     

382. "name": "replicationcontrollers/status",
     

383. "singularName": "",
     

384. "namespaced": true,
     

385. "kind": "ReplicationController",
     

386. "verbs": [
     

387. "get",
     

388. "patch",
     

389. "update"
     

390. ]
     

391. },
     

392. {
     

393. "name": "resourcequotas",
     

394. "singularName": "",
     

395. "namespaced": true,
     

396. "kind": "ResourceQuota",
     

397. "verbs": [
     

398. "create",
     

399. "delete",
     

400. "deletecollection",
     

401. "get",
     

402. "list",
     

403. "patch",
     

404. "update",
     

405. "watch"
     

406. ],
     

407. "shortNames": [
     

408. "quota"
     

409. ]
     

410. },
     

411. {
     

412. "name": "resourcequotas/status",
     

413. "singularName": "",
     

414. "namespaced": true,
     

415. "kind": "ResourceQuota",
     

416. "verbs": [
     

417. "get",
     

418. "patch",
     

419. "update"
     

420. ]
     

421. },
     

422. {
     

423. "name": "secrets",
     

424. "singularName": "",
     

425. "namespaced": true,
     

426. "kind": "Secret",
     

427. "verbs": [
     

428. "create",
     

429. "delete",
     

430. "deletecollection",
     

431. "get",
     

432. "list",
     

433. "patch",
     

434. "update",
     

435. "watch"
     

436. ]
     

437. },
     

438. {
     

439. "name": "serviceaccounts",
     

440. "singularName": "",
     

441. "namespaced": true,
     

442. "kind": "ServiceAccount",
     

443. "verbs": [
     

444. "create",
     

445. "delete",
     

446. "deletecollection",
     

447. "get",
     

448. "list",
     

449. "patch",
     

450. "update",
     

451. "watch"
     

452. ],
     

453. "shortNames": [
     

454. "sa"
     

455. ]
     

456. },
     

457. {
     

458. "name": "services",
     

459. "singularName": "",
     

460. "namespaced": true,
     

461. "kind": "Service",
     

462. "verbs": [
     

463. "create",
     

464. "delete",
     

465. "get",
     

466. "list",
     

467. "patch",
     

468. "proxy",
     

469. "update",
     

470. "watch"
     

471. ],
     

472. "shortNames": [
     

473. "svc"
     

474. ],
     

475. "categories": [
     

476. "all"
     

477. ]
     

478. },
     

479. {
     

480. "name": "services/proxy",
     

481. "singularName": "",
     

482. "namespaced": true,
     

483. "kind": "Service",
     

484. "verbs": []
     

485. },
     

486. {
     

487. "name": "services/status",
     

488. "singularName": "",
     

489. "namespaced": true,
     

490. "kind": "Service",
     

491. "verbs": [
     

492. "get",
     

493. "patch",
     

494. "update"
     

495. ]
     

496. }
     

497. ]
     

498. }

3.如果只想对外暴露部分REST服务，则可以在Master或其他任何节点上通过运行kubectl proxy进程启动一个内部代理来实现
kubectl proxy --port=8001

三：Kubernetes Proxy API接口

API Server最主要的REST接口是资源对象的增删改查，另外还有一类特殊的REST接口--Kubernetes Proxy API接口，这类接口的作用是代理REST请求，即kubernetes API Server把收到的REST请求转发到某个Node上的kubelet守护进程的REST端口上，由该kubelet进程负责响应。

1.Node 相关的接口

点击(此处)折叠或打开

1. /api/v1/proxy/nodes/{name}/pods/ #列出指定节点内所有Pod的信息
   

2. 
   

3. /api/v1/proxy/nodes/{name}/stats/ #列出指定节点内物理资源的统计信息
   

4. 
   

5. /api/v1/prxoy/nodes/{name}/spec/ #列出指定节点的概要信息

这里获取的Pod信息来自Node而非etcd数据库，两者时间点可能存在偏差。

2.Pod 相关的接口

点击(此处)折叠或打开

1. /api/v1/proxy/namespaces/{namespace}/pods/{name}/{path:*} #访问pod的某个服务接口
   

2. 
   

3. /api/v1/proxy/namespaces/{namespace}/pods/{name} #访问Pod
   

4. 
   

5. #以下写法不同，功能一样
   

6. 
   

7. /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path:*} #访问pod的某个服务接口
   

8. 
   

9. /api/v1/namespaces/{namespace}/pods/{name}/proxy #访问Pod

Pod的proxy接口的作用：在kubernetes集群之外访问某个pod容器的服务（HTTP服务），可以用Proxy API实现，这种场景多用于管理目的，比如逐一排查Service的Pod副本，检查哪些Pod的服务存在异常问题。

3.Service 相关的接口

点击(此处)折叠或打开

1. /api/v1/proxy/namespaces/{namespace}/services/{name}

四：集群功能模块之间的通信
kubernetes API Server作为集群的核心，负责集群各功能模块之间的通信，集群内各个功能模块通过API Server将信息存入etcd，当需要获取和操作这些数据时，通过API Server提供的REST接口（GET\LIST\WATCH方法）来实现，从而实现各模块之间的信息交互。

1. kubelet与API SERVER交互
每个Node节点上的kubelet定期就会调用API Server的REST接口报告自身状态，API Server接收这些信息后，将节点状态信息更新到etcd中。kubelet也通过API Server的Watch接口监听Pod信息，从而对Node机器上的POD进行管理。

2. kube-controller-manager与API SERVER交互
kube-controller-manager中的Node Controller模块通过API Server提供的Watch接口，实时监控Node的信息，并做相应处理。

3.kube-scheduler与API SERVER交互
Scheduler通过API Server的Watch接口监听到新建Pod副本的信息后，它会检索所有符合该Pod要求的Node列表，开始执行Pod调度逻辑。调度成功后将Pod绑定到目标节点上。

五： 说明
为了缓解各模块对API Server的访问压力，各功能模块都采用缓存机制来缓存数据，各功能模块定时从API Server获取指定的资源对象信息（LIST/WATCH方法），然后将信息保存到本地缓存，功能模块在某些情况下不直接访问API Server，而是通过访问缓存数据来间接访问API Server。

关于kubernetes API Server原理分析是怎样的就分享到这里了，希望以上内容可以对大家有一定的帮助，可以学到更多知识。如果觉得文章不错，可以把它分享出去让更多的人看到。