Kubernetes API server

kubernetes api server port 6443
kube-apiserver command not found
kubernetes architecture
access kubernetes api from outside
kubernetes master node requirements
kubernetes api server connection refused
kubernetes etcd
kubernetes tutorial

So I have just started using Kubernetes API server and I tried this example :

from kubernetes import client, config
def main():
    # Configs can be set in Configuration class directly or using helper
    # utility. If no argument provided, the config will be loaded from
    # default location.
    config.load_kube_config()

    v1 = client.CoreV1Api()
    print("Listing pods with their IPs:")
    ret = v1.list_pod_for_all_namespaces(watch=False)
    for i in ret.items:
        print("%s\t%s\t%s" %
              (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
if __name__ == '__main__':
    main()

This worked but it returned the pods that are on my local minikube, I want to get the pods that are at the kubernetes server here : http://192.168.237.115:8080 How do I do that?

When I do kubectl config view , I get this :

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /home/piyush/.minikube/ca.crt
    server: https://192.168.99.100:8443
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /home/piyush/.minikube/apiserver.crt
    client-key: /home/piyush/.minikube/apiserver.key

I know this is for the local cluster I set up. I want to know how to modify this to make api requests to kubernetes server on http://192.168.237.115:8080

I have two solution for you:

  1. [prefered] Configure your kubectl (i.e. ~/.kube/config) file. After kubectl works with your cluster, python client should automatically work with load_kube_config. See here for configuring kubectl: https://kubernetes.io/docs/tasks/administer-cluster/share-configuration/

  2. You can configure python client directly. For a complete list of configurations, look at: https://github.com/kubernetes-client/python-base/blob/8704ce39c241f3f184d01833dcbaf1d1fb14a2dc/configuration.py#L48

You may need to set some of those configuration for your client to connect to your cluster. For example, if you don't have any certificate or SSL enabled:

from kubernetes import client, configuration
def main():
    configuration.host = "http://192.168.237.115:8080"
    configuration.api_key_prefix['authorization'] = "Bearer"
    configuration..api_key['authorization'] = "YOUR_TOKEN"
    v1 = client.CoreV1Api()
    ...

You may need to set other configurations such as username, api_key, etc. That's why I think if you follow first solution it would be easier.

Kubernetes Components, The API server is a component of the Kubernetes control planeThe container orchestration layer that exposes the API and interfaces to define,  Looking for kubernetes consulting? Search now! eTour.com is the newest place to search, delivering top results from across the web.

config.load_kube_config() takes context as a parameter. If passed None (the default) then the current context will be used. Your current context is probably your minikube.

See here: https://github.com/kubernetes-incubator/client-python/blob/436351b027df2673869ee00e0ff5589e6b3e2b7d/kubernetes/config/kube_config.py#L283

config.load_kube_config(context='some context')

If you are not familiar with Kubernetes contexts, Kubernetes stores your configuration under ~/.kube/config (default location). In it you will find context definition for every cluster you may have access to. A field called current-context defines your current context.

You can issue the following commands:

kubectl config current-context to see the current context

kubectl config view to view all the configuration

The Kubernetes API, Starting with Kubernetes 1.10, the Kubernetes API server serves an OpenAPI spec via the /openapi/v2 endpoint. The requested format is  The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others. The API Server services REST operations and provides the frontend to the cluster’s shared state through which all other components interact.

You can actually create a simple api wrapper. This way you can pass through different yaml configuration files, that I imagine may have different hosts

import yaml

from kubernetes import client
from kubernetes.client import Configuration
from kubernetes.config import kube_config


class K8s(object):
    def __init__(self, configuration_yaml):
        self.configuration_yaml = configuration_yaml
        self._configuration_yaml = None

    @property
    def config(self):
        with open(self.configuration_yaml, 'r') as f:
            if self._configuration_yaml is None:
                self._configuration_yaml = yaml.load(f)
        return self._configuration_yaml

    @property
    def client(self):
        k8_loader = kube_config.KubeConfigLoader(self.config)
        call_config = type.__call__(Configuration)
        k8_loader.load_and_set(call_config)
        Configuration.set_default(call_config)
        return client.CoreV1Api()


# Instantiate your kubernetes class and pass in config
kube_one = K8s(configuration_yaml='~/.kube/config1')
kube_one.client.list_pod_for_all_namespaces(watch=False)

kube_two = K8s(configuration_yaml='~/.kube/config2')
kube_two.client.list_pod_for_all_namespaces(watch=False)

Also another neat reference in libcloud. https://github.com/apache/libcloud/blob/trunk/libcloud/container/drivers/kubernetes.py.

Good luck! Hope this helps! :)

Access Clusters Using the Kubernetes API, This method is recommended, since it uses the stored apiserver location and verifies the identity of the API server using a self-signed cert. No  Setup an extension api-server to work with the aggregation layer Make sure the APIService API is enabled (check --runtime-config ). You may need to make an RBAC rule allowing you to add APIService objects, Create the Kubernetes namespace you want to run your extension api-service in.

Can you show me the file ~/.kube/config

If you update the API server in it, the python module kubernetes will automatically pick up the new API server you nominated.

- cluster:
    certificate-authority: [Update real ca.crt here]
    server: http://192.168.237.115:8080

There are other changes in ~/.kube/config as well, you'd better get the config from the remote kubernetes server directly.

After successfully config with remote kubernetes API servers, you should be fine to run kubectl and get the deployments, deamons, etc.

Then you should be fine to run with python kubernetes SDK

4. The Kubernetes API Server - Managing Kubernetes [Book], It is the central touch point that is accessed by all users, automation, and components in the Kubernetes cluster. The API server implements a RESTful API over  The Kubernetes API also serves as the foundation for the declarative configuration schema for the system. The kubectl command-line tool can be used to create, update, delete, and get API objects. Kubernetes also stores its serialized state (currently in etcd) in terms of the API resources.

kubernetes/apiserver: Library for writing a Kubernetes-style , apiserver. Generic library for building a Kubernetes aggregated API server. Purpose. This library contains code to create Kubernetes aggregation server  The main purpose of the API server in Kubernetes is to receive and process API calls in the form of HTTP requests. These requests are either from other components in the Kubernetes system or they are end-user requests. In either event, they are all processed by the Kubernetes API server in the same manner.

Kubernetes Master Components: Etcd, API Server, Controller , In short, it processes REST operations, validates them, and updates the corresponding objects in etcd. The API Server serves up the Kubernetes API and is  Create a Kubernetes cluster role binding from the service account in your namespace to the system:auth-delegator cluster role to delegate auth decisions to the Kubernetes core API server. Create a Kubernetes role binding from the service account in your namespace to the extension-apiserver-authentication-reader role.

How to Monitor Kubernetes API Server, Learning how to monitor Kubernetes API server is of vital importance when running Kubernetes in production. Monitoring kube-apiserver will let  The Kubernetes API server is a foundational component of the Kubernetes control plane. All of the services running inside the cluster use this interface to communicate between each other. The entirety of user interaction is handled through the API as well: kubectl is a wrapper to send requests to the API.

Comments
  • So this is what I get when I do kubectl config view : apiVersion: v1 clusters: - cluster: certificate-authority: /home/piyush/.minikube/ca.crt server: https://192.168.99.100:8443 name: minikube contexts: - context: cluster: minikube user: minikube name: minikube current-context: minikube kind: Config preferences: {} users: - name: minikube user: client-certificate: /home/piyush/.minikube/apiserver.crt client-key: /home/piyush/.minikube/apiserver.key
  • I know I have to modify this to add cluster. But what values do I give to certificate authority?
  • Can you update the config file in your original question first?
  • Who is the kubernetes admin, you can ask for it. Normally the config file is under /etc/kuberentes in kubernete server. Dig it by yourself.
  • Okay, I understand I have to pass the kube config file. This for the server apiVersion: v1 kind: Config clusters: - name: local cluster: certificate-authority: /etc/kubernetes/ssl/ca.pem server: http://127.0.0.1:8080 users: - name: kubelet user: client-certificate: /etc/kubernetes/ssl/node-node1.pem client-key: /etc/kubernetes/ssl/node-node1-key.pem contexts: - context: cluster: local user: kubelet name: kubelet-cluster.local current-context: kubelet-cluster.local Can I directly use this by changing only the server address.