Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What is API Server in the core principle of Kubernetes?

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)05/31 Report--

This article introduces how API Server is in the core principle of Kubernetes. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

1. Brief introduction to API Server

K8s API Server provides the addition, deletion, modification and query of all kinds of K8s resource objects (pod,RC,Service, etc.) and HTTP Rest interfaces such as watch, which is the data bus and data center of the whole system.

Functions of kubernetes API Server:

Provides REST API interface for cluster management (including authentication authorization, data verification and cluster status change)

Provides a hub for data exchange and communication between other modules (other modules query or modify data through API Server, and only API Server directly manipulates etcd)

Is the entrance to resource quota control

It has a complete cluster security mechanism.

Kube-apiserver working schematic diagram

two。 How to access kubernetes API

K8s is served by the kube-apiserver process, which runs on a single k8s-master node. There are two ports by default.

2.1. Local port

This port is used to receive HTTP requests

The default value of the port is 8080, which can be modified by the value of the startup parameter "--insecure-port" of API Server.

The default IP address is "localhost", which can be modified by the value of the startup parameter "--insecure-bind-address".

Non-authenticated or authorized HTTP requests access the API Server through this port.

2.2. Secure port

The default value of the port is 6443, which can be modified by the value of the startup parameter "--secure-port".

The default IP address is a non-local (Non-Localhost) network port, which is set by the startup parameter "--bind-address"

This port is used to receive HTTPS requests

Used for authentication based on Tocken files or client certificates and HTTP Base

For policy-based authorization

HTTPS security access control is not enabled by default.

2.3. Access mode

Kubernetes REST API can refer to https://kubernetes.io/docs/api-reference/v1.6/

2.3.1. Curlcurl localhost:8080/apicurl localhost:8080/api/v1/podscurl localhost:8080/api/v1/servicescurl localhost:8080/api/v1/replicationcontrollers2.3.2. Kubectl Proxy

The Kubectl Proxy agent can act as both a reverse proxy for API Server and a proxy for ordinary clients to access API Server. Start the agent through port 8080 of the master node.

Kubectl proxy-- port=8080 &

See kubectl proxy-- help for details.

2.3.3. Kubectl client

The command line tool kubectl client converts the command line argument to a REST API call to API Server and outputs the result of the call.

Command format: kubectl [command] [options]

For more information, please refer to Kubernetes common commands.

2.3.4. Programmatic call

Use the scene:

1. User processes running in Pod call kubernetes API, which is usually used to achieve the goal of building a distributed cluster.

2. Develop a management platform based on kubernetes, such as calling kubernetes API to complete the graphical creation and management interface of resource objects such as Pod, Service, RC and so on. You can use the Client Library provided by kubernetes.

For more information, please see https://github.com/kubernetes/client-go.

3. Access to Node, Pod, and Service through API Server

The main REST interface of K8s API Server is the addition, deletion, modification and query of resource objects, and there is also a special kind of REST interface-K8s Proxy API interface, which acts as a proxy for REST requests, that is, kubernetes API Server forwards the received REST requests to the REST port of the kubelet daemon on a Node, and the kubelet process is responsible for responding.

3.1. Node related interface

The REST path for Node-related interfaces is: / api/v1/proxy/nodes/ {name}, where {name} is the name or IP address of the node.

/ api/v1/proxy/nodes/ {name} / pods/ # list all Pod information within the specified node / api/v1/proxy/nodes/ {name} / stats/ # list statistics of physical resources within the specified node / api/v1/prxoy/nodes/ {name} / spec/ # list the summary information of the specified node

The Pod information obtained here comes from Node rather than etcd database, and there may be a deviation between the two points in time. If you add the-- enable-debugging-handles=true parameter when the kubelet process starts, kubernetes Proxy API also adds the following interfaces:

/ api/v1/proxy/nodes/ {name} / run # run a container on the node / api/v1/proxy/nodes/ {name} / exec # run a command / api/v1/proxy/nodes/ {name} / attach # in a container on the node attach a container on the node / api/v1/proxy/nodes/ {name} / portForward # to implement Pod port forwarding / api/v1/proxy/ on the node Nodes/ {name} / logs # lists various types of log information of the node / api/v1/proxy/nodes/ {name} / metrics # lists the Metrics information related to the node / api/v1/proxy/nodes/ {name} / runningpods # lists the Pod information running within the node / api/v1/proxy/nodes/ {name} / debug/pprof # lists the status of the current web service within the node Including CPU and memory usage 3.2. Pod-related interface / api/v1/proxy/namespaces/ {namespace} / pods/ {name} / {path:*} # access to a service interface of pod / api/v1/proxy/namespaces/ {namespace} / pods/ {name} # access Pod# is written differently The function is the same as / api/v1/namespaces/ {namespace} / pods/ {name} / proxy/ {path:*} # to access a service interface of pod / api/v1/namespaces/ {namespace} / pods/ {name} / proxy # to access Pod3.3. Service related API / api/v1/proxy/namespaces/ {namespace} / services/ {name}

The function of Pod's proxy API: access the service (HTTP service) of a pod container outside the kubernetes cluster, which can be implemented with Proxy API. This scenario is mostly used for management purposes, such as checking the Pod copies of Service one by one and checking which Pod services have abnormal problems.

4. Communication between Cluster function Modules

As the core of the cluster, kubernetes API Server is responsible for the communication between the functional modules of the cluster. each functional module in the cluster stores the information in etcd through API Server, and when it needs to obtain and operate these data, it is realized through the REST interface provided by API Server (GET\ LIST\ WATCH method), so as to realize the information exchange between the modules.

4.1. Kubelet interacts with API Server

Kubelet on each Node node periodically calls API Server's REST interface to report its own status. After receiving this information, API Server updates the node status information to etcd. Kubelet also listens for Pod information through the Watch interface of API Server, thus managing POD on Node machines.

Monitor information

Kubelet action

Remarks

The new POD copy is scheduled and bound to the node to execute the creation and startup logic of the container corresponding to POD. The POD object is deleted, the corresponding POD container modification POD information on this node is deleted, and the POD container 4.2 of this node is modified. Kube-controller-manager interacts with API Server

The Node Controller module in kube-controller-manager monitors the information of Node in real time through the Watch interface provided by API Server, and deals with it accordingly.

4.3. Kube-scheduler interacts with API Server

After Scheduler listens to the information of the newly created Pod copy through the Watch interface of API Server, it retrieves all the Node lists that meet the requirements of the Pod and starts executing the Pod scheduling logic. Bind the Pod to the target node after scheduling is successful.

4.4. Special instructions

In order to alleviate the pressure of each module to access API Server, each functional module uses caching mechanism to cache data. Each functional module regularly obtains the specified resource object information (LIST/WATCH method) from API Server, and then saves the information to the local cache. In some cases, the functional module does not directly access API Server, but indirectly accesses API Server by accessing cached data.

On the core principles of Kubernetes API Server is shared here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report