kubernetes API Server原理分析是怎样的

这篇文章将为大家详细讲解有关kubernetes API Server原理分析是怎样的，文章内容质量较高，因此小编分享给大家做个参考，希望大家阅读完这篇文章后对相关知识有一定的了解。

一：简介
k8s API Server提供了k8s各类资源对象（pod,RC,Service等）的增删改查及watch等HTTP Rest接口，是整个系统的数据总线和数据中心。功能特性：
1.是集群管理的API入口
2.是资源配额控制的入口
3.提供了完善的集群安全机制


二：概述
通常可以通过命令行工具Kubectl来与API Server交互，它们之间的接口是REST调用，同时也可以使用curl命令行工具进行快速验证。通过配置参数KUBE_MASTER="--master=http://10.116.137.196:8080" 客户获得API Server的访问路径。

1.获取 API的版本信息
curl 10.116.137.196:8080/api

点击(此处)折叠或打开

1. {
   

2.   "kind": "APIVersions",
   

3.   "versions": [
   

4.     "v1"
   

5.   ],
   

6.   "serverAddressByClientCIDRs": [
   

7.     {
   

8.       "clientCIDR": "0.0.0.0/0",
   

9.       "serverAddress": "10.116.137.196:6443"
   

10.     }
    

11.   ]
    

12. }

2.获取目前所支持的资源对象的种类
curl 10.116.137.196:8080/api/v1

1. {
   

2.   "kind": "APIResourceList",
   

3.   "groupVersion": "v1",
   

4.   "resources": [
   

5.     {
   

6.       "name": "bindings",
   

7.       "singularName": "",
   

8.       "namespaced": true,
   

9.       "kind": "Binding",
   

10.       "verbs": [
    

11.         "create"
    

12.       ]
    

13.     },
    

14.     {
    

15.       "name": "componentstatuses",
    

16.       "singularName": "",
    

17.       "namespaced": false,
    

18.       "kind": "ComponentStatus",
    

19.       "verbs": [
    

20.         "get",
    

21.         "list"
    

22.       ],
    

23.       "shortNames": [
    

24.         "cs"
    

25.       ]
    

26.     },
    

27.     {
    

28.       "name": "configmaps",
    

29.       "singularName": "",
    

30.       "namespaced": true,
    

31.       "kind": "ConfigMap",
    

32.       "verbs": [
    

33.         "create",
    

34.         "delete",
    

35.         "deletecollection",
    

36.         "get",
    

37.         "list",
    

38.         "patch",
    

39.         "update",
    

40.         "watch"
    

41.       ],
    

42.       "shortNames": [
    

43.         "cm"
    

44.       ]
    

45.     },
    

46.     {
    

47.       "name": "endpoints",
    

48.       "singularName": "",
    

49.       "namespaced": true,
    

50.       "kind": "Endpoints",
    

51.       "verbs": [
    

52.         "create",
    

53.         "delete",
    

54.         "deletecollection",
    

55.         "get",
    

56.         "list",
    

57.         "patch",
    

58.         "update",
    

59.         "watch"
    

60.       ],
    

61.       "shortNames": [
    

62.         "ep"
    

63.       ]
    

64.     },
    

65.     {
    

66.       "name": "events",
    

67.       "singularName": "",
    

68.       "namespaced": true,
    

69.       "kind": "Event",
    

70.       "verbs": [
    

71.         "create",
    

72.         "delete",
    

73.         "deletecollection",
    

74.         "get",
    

75.         "list",
    

76.         "patch",
    

77.         "update",
    

78.         "watch"
    

79.       ],
    

80.       "shortNames": [
    

81.         "ev"
    

82.       ]
    

83.     },
    

84.     {
    

85.       "name": "limitranges",
    

86.       "singularName": "",
    

87.       "namespaced": true,
    

88.       "kind": "LimitRange",
    

89.       "verbs": [
    

90.         "create",
    

91.         "delete",
    

92.         "deletecollection",
    

93.         "get",
    

94.         "list",
    

95.         "patch",
    

96.         "update",
    

97.         "watch"
    

98.       ],
    

99.       "shortNames": [
    

100.         "limits"
     

101.       ]
     

102.     },
     

103.     {
     

104.       "name": "namespaces",
     

105.       "singularName": "",
     

106.       "namespaced": false,
     

107.       "kind": "Namespace",
     

108.       "verbs": [
     

109.         "create",
     

110.         "delete",
     

111.         "get",
     

112.         "list",
     

113.         "patch",
     

114.         "update",
     

115.         "watch"
     

116.       ],
     

117.       "shortNames": [
     

118.         "ns"
     

119.       ]
     

120.     },
     

121.     {
     

122.       "name": "namespaces/finalize",
     

123.       "singularName": "",
     

124.       "namespaced": false,
     

125.       "kind": "Namespace",
     

126.       "verbs": [
     

127.         "update"
     

128.       ]
     

129.     },
     

130.     {
     

131.       "name": "namespaces/status",
     

132.       "singularName": "",
     

133.       "namespaced": false,
     

134.       "kind": "Namespace",
     

135.       "verbs": [
     

136.         "get",
     

137.         "patch",
     

138.         "update"
     

139.       ]
     

140.     },
     

141.     {
     

142.       "name": "nodes",
     

143.       "singularName": "",
     

144.       "namespaced": false,
     

145.       "kind": "Node",
     

146.       "verbs": [
     

147.         "create",
     

148.         "delete",
     

149.         "deletecollection",
     

150.         "get",
     

151.         "list",
     

152.         "patch",
     

153.         "proxy",
     

154.         "update",
     

155.         "watch"
     

156.       ],
     

157.       "shortNames": [
     

158.         "no"
     

159.       ]
     

160.     },
     

161.     {
     

162.       "name": "nodes/proxy",
     

163.       "singularName": "",
     

164.       "namespaced": false,
     

165.       "kind": "Node",
     

166.       "verbs": []
     

167.     },
     

168.     {
     

169.       "name": "nodes/status",
     

170.       "singularName": "",
     

171.       "namespaced": false,
     

172.       "kind": "Node",
     

173.       "verbs": [
     

174.         "get",
     

175.         "patch",
     

176.         "update"
     

177.       ]
     

178.     },
     

179.     {
     

180.       "name": "persistentvolumeclaims",
     

181.       "singularName": "",
     

182.       "namespaced": true,
     

183.       "kind": "PersistentVolumeClaim",
     

184.       "verbs": [
     

185.         "create",
     

186.         "delete",
     

187.         "deletecollection",
     

188.         "get",
     

189.         "list",
     

190.         "patch",
     

191.         "update",
     

192.         "watch"
     

193.       ],
     

194.       "shortNames": [
     

195.         "pvc"
     

196.       ]
     

197.     },
     

198.     {
     

199.       "name": "persistentvolumeclaims/status",
     

200.       "singularName": "",
     

201.       "namespaced": true,
     

202.       "kind": "PersistentVolumeClaim",
     

203.       "verbs": [
     

204.         "get",
     

205.         "patch",
     

206.         "update"
     

207.       ]
     

208.     },
     

209.     {
     

210.       "name": "persistentvolumes",
     

211.       "singularName": "",
     

212.       "namespaced": false,
     

213.       "kind": "PersistentVolume",
     

214.       "verbs": [
     

215.         "create",
     

216.         "delete",
     

217.         "deletecollection",
     

218.         "get",
     

219.         "list",
     

220.         "patch",
     

221.         "update",
     

222.         "watch"
     

223.       ],
     

224.       "shortNames": [
     

225.         "pv"
     

226.       ]
     

227.     },
     

228.     {
     

229.       "name": "persistentvolumes/status",
     

230.       "singularName": "",
     

231.       "namespaced": false,
     

232.       "kind": "PersistentVolume",
     

233.       "verbs": [
     

234.         "get",
     

235.         "patch",
     

236.         "update"
     

237.       ]
     

238.     },
     

239.     {
     

240.       "name": "pods",
     

241.       "singularName": "",
     

242.       "namespaced": true,
     

243.       "kind": "Pod",
     

244.       "verbs": [
     

245.         "create",
     

246.         "delete",
     

247.         "deletecollection",
     

248.         "get",
     

249.         "list",
     

250.         "patch",
     

251.         "proxy",
     

252.         "update",
     

253.         "watch"
     

254.       ],
     

255.       "shortNames": [
     

256.         "po"
     

257.       ],
     

258.       "categories": [
     

259.         "all"
     

260.       ]
     

261.     },
     

262.     {
     

263.       "name": "pods/attach",
     

264.       "singularName": "",
     

265.       "namespaced": true,
     

266.       "kind": "Pod",
     

267.       "verbs": []
     

268.     },
     

269.     {
     

270.       "name": "pods/binding",
     

271.       "singularName": "",
     

272.       "namespaced": true,
     

273.       "kind": "Binding",
     

274.       "verbs": [
     

275.         "create"
     

276.       ]
     

277.     },
     

278.     {
     

279.       "name": "pods/eviction",
     

280.       "singularName": "",
     

281.       "namespaced": true,
     

282.       "group": "policy",
     

283.       "version": "v1beta1",
     

284.       "kind": "Eviction",
     

285.       "verbs": [
     

286.         "create"
     

287.       ]
     

288.     },
     

289.     {
     

290.       "name": "pods/exec",
     

291.       "singularName": "",
     

292.       "namespaced": true,
     

293.       "kind": "Pod",
     

294.       "verbs": []
     

295.     },
     

296.     {
     

297.       "name": "pods/log",
     

298.       "singularName": "",
     

299.       "namespaced": true,
     

300.       "kind": "Pod",
     

301.       "verbs": [
     

302.         "get"
     

303.       ]
     

304.     },
     

305.     {
     

306.       "name": "pods/portforward",
     

307.       "singularName": "",
     

308.       "namespaced": true,
     

309.       "kind": "Pod",
     

310.       "verbs": []
     

311.     },
     

312.     {
     

313.       "name": "pods/proxy",
     

314.       "singularName": "",
     

315.       "namespaced": true,
     

316.       "kind": "Pod",
     

317.       "verbs": []
     

318.     },
     

319.     {
     

320.       "name": "pods/status",
     

321.       "singularName": "",
     

322.       "namespaced": true,
     

323.       "kind": "Pod",
     

324.       "verbs": [
     

325.         "get",
     

326.         "patch",
     

327.         "update"
     

328.       ]
     

329.     },
     

330.     {
     

331.       "name": "podtemplates",
     

332.       "singularName": "",
     

333.       "namespaced": true,
     

334.       "kind": "PodTemplate",
     

335.       "verbs": [
     

336.         "create",
     

337.         "delete",
     

338.         "deletecollection",
     

339.         "get",
     

340.         "list",
     

341.         "patch",
     

342.         "update",
     

343.         "watch"
     

344.       ]
     

345.     },
     

346.     {
     

347.       "name": "replicationcontrollers",
     

348.       "singularName": "",
     

349.       "namespaced": true,
     

350.       "kind": "ReplicationController",
     

351.       "verbs": [
     

352.         "create",
     

353.         "delete",
     

354.         "deletecollection",
     

355.         "get",
     

356.         "list",
     

357.         "patch",
     

358.         "update",
     

359.         "watch"
     

360.       ],
     

361.       "shortNames": [
     

362.         "rc"
     

363.       ],
     

364.       "categories": [
     

365.         "all"
     

366.       ]
     

367.     },
     

368.     {
     

369.       "name": "replicationcontrollers/scale",
     

370.       "singularName": "",
     

371.       "namespaced": true,
     

372.       "group": "autoscaling",
     

373.       "version": "v1",
     

374.       "kind": "Scale",
     

375.       "verbs": [
     

376.         "get",
     

377.         "patch",
     

378.         "update"
     

379.       ]
     

380.     },
     

381.     {
     

382.       "name": "replicationcontrollers/status",
     

383.       "singularName": "",
     

384.       "namespaced": true,
     

385.       "kind": "ReplicationController",
     

386.       "verbs": [
     

387.         "get",
     

388.         "patch",
     

389.         "update"
     

390.       ]
     

391.     },
     

392.     {
     

393.       "name": "resourcequotas",
     

394.       "singularName": "",
     

395.       "namespaced": true,
     

396.       "kind": "ResourceQuota",
     

397.       "verbs": [
     

398.         "create",
     

399.         "delete",
     

400.         "deletecollection",
     

401.         "get",
     

402.         "list",
     

403.         "patch",
     

404.         "update",
     

405.         "watch"
     

406.       ],
     

407.       "shortNames": [
     

408.         "quota"
     

409.       ]
     

410.     },
     

411.     {
     

412.       "name": "resourcequotas/status",
     

413.       "singularName": "",
     

414.       "namespaced": true,
     

415.       "kind": "ResourceQuota",
     

416.       "verbs": [
     

417.         "get",
     

418.         "patch",
     

419.         "update"
     

420.       ]
     

421.     },
     

422.     {
     

423.       "name": "secrets",
     

424.       "singularName": "",
     

425.       "namespaced": true,
     

426.       "kind": "Secret",
     

427.       "verbs": [
     

428.         "create",
     

429.         "delete",
     

430.         "deletecollection",
     

431.         "get",
     

432.         "list",
     

433.         "patch",
     

434.         "update",
     

435.         "watch"
     

436.       ]
     

437.     },
     

438.     {
     

439.       "name": "serviceaccounts",
     

440.       "singularName": "",
     

441.       "namespaced": true,
     

442.       "kind": "ServiceAccount",
     

443.       "verbs": [
     

444.         "create",
     

445.         "delete",
     

446.         "deletecollection",
     

447.         "get",
     

448.         "list",
     

449.         "patch",
     

450.         "update",
     

451.         "watch"
     

452.       ],
     

453.       "shortNames": [
     

454.         "sa"
     

455.       ]
     

456.     },
     

457.     {
     

458.       "name": "services",
     

459.       "singularName": "",
     

460.       "namespaced": true,
     

461.       "kind": "Service",
     

462.       "verbs": [
     

463.         "create",
     

464.         "delete",
     

465.         "get",
     

466.         "list",
     

467.         "patch",
     

468.         "proxy",
     

469.         "update",
     

470.         "watch"
     

471.       ],
     

472.       "shortNames": [
     

473.         "svc"
     

474.       ],
     

475.       "categories": [
     

476.         "all"
     

477.       ]
     

478.     },
     

479.     {
     

480.       "name": "services/proxy",
     

481.       "singularName": "",
     

482.       "namespaced": true,
     

483.       "kind": "Service",
     

484.       "verbs": []
     

485.     },
     

486.     {
     

487.       "name": "services/status",
     

488.       "singularName": "",
     

489.       "namespaced": true,
     

490.       "kind": "Service",
     

491.       "verbs": [
     

492.         "get",
     

493.         "patch",
     

494.         "update"
     

495.       ]
     

496.     }
     

497.   ]
     

498. }

3.如果只想对外暴露部分REST服务，则可以在Master或其他任何节点上通过运行kubectl proxy进程启动一个内部代理来实现
kubectl proxy --port=8001

三：Kubernetes Proxy API接口

 API Server最主要的REST接口是资源对象的增删改查，另外还有一类特殊的REST接口--Kubernetes  Proxy API接口，这类接口的作用是代理REST请求，即kubernetes API Server把收到的REST请求转发到某个Node上的kubelet守护进程的REST端口上，由该kubelet进程负责响应。

1.Node 相关的接口

点击(此处)折叠或打开

1. /api/v1/proxy/nodes/{name}/pods/    #列出指定节点内所有Pod的信息
   

3. /api/v1/proxy/nodes/{name}/stats/   #列出指定节点内物理资源的统计信息
   

5. /api/v1/prxoy/nodes/{name}/spec/    #列出指定节点的概要信息

这里获取的Pod信息来自Node而非etcd数据库，两者时间点可能存在偏差。

2.Pod 相关的接口

点击(此处)折叠或打开

1. /api/v1/proxy/namespaces/{namespace}/pods/{name}/{path:*} #访问pod的某个服务接口
   

3. /api/v1/proxy/namespaces/{namespace}/pods/{name} #访问Pod
   

5. #以下写法不同，功能一样
   

7. /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path:*} #访问pod的某个服务接口
   

9. /api/v1/namespaces/{namespace}/pods/{name}/proxy               #访问Pod

Pod的proxy接口的作用：在kubernetes集群之外访问某个pod容器的服务（HTTP服务），可以用Proxy API实现，这种场景多用于管理目的，比如逐一排查Service的Pod副本，检查哪些Pod的服务存在异常问题。

3.Service 相关的接口

点击(此处)折叠或打开

1. /api/v1/proxy/namespaces/{namespace}/services/{name}

四：集群功能模块之间的通信
kubernetes API Server作为集群的核心，负责集群各功能模块之间的通信，集群内各个功能模块通过API Server将信息存入etcd，当需要获取和操作这些数据时，通过API Server提供的REST接口（GET\LIST\WATCH方法）来实现，从而实现各模块之间的信息交互。

1. kubelet与API SERVER交互
每个Node节点上的kubelet定期就会调用API Server的REST接口报告自身状态，API Server接收这些信息后，将节点状态信息更新到etcd中。kubelet也通过API Server的Watch接口监听Pod信息，从而对Node机器上的POD进行管理。

2. kube-controller-manager与API SERVER交互
kube-controller-manager中的Node Controller模块通过API Server提供的Watch接口，实时监控Node的信息，并做相应处理。

3.kube-scheduler与API SERVER交互
Scheduler通过API Server的Watch接口监听到新建Pod副本的信息后，它会检索所有符合该Pod要求的Node列表，开始执行Pod调度逻辑。调度成功后将Pod绑定到目标节点上。

五： 说明
为了缓解各模块对API Server的访问压力，各功能模块都采用缓存机制来缓存数据，各功能模块定时从API Server获取指定的资源对象信息（LIST/WATCH方法），然后将信息保存到本地缓存，功能模块在某些情况下不直接访问API Server，而是通过访问缓存数据来间接访问API Server。

关于kubernetes API Server原理分析是怎样的就分享到这里了，希望以上内容可以对大家有一定的帮助，可以学到更多知识。如果觉得文章不错，可以把它分享出去让更多的人看到。