【模块一】kubernetes容器编排进阶实战之资源管理核心概念

kubernetes 资源管理核心概念

k8s的设计理念—分层架构

CRI-container runtime interface-容器运行接口
CNI-container network interface-容器网络接口
CSI-container storage interface-容器存储接口

k8s的设计理念—API设计原则

https://www.kubernetes.org.cn/kubernetes%e8%ae%be%e8%ae%a1%e7%90%86%e5%bf%b5所有API应该是声明式的。
API对象是彼此互补而且可组合的。
高层API以操作意图为基础设计。
低层API根据高层API的控制需要设计。
尽量避免简单封装，不要有在外部API无法显式知道的内部隐藏的机制。API操作复杂度与对象数量成正比。
API对象状态不能依赖于网络连接状态。
尽量避免让操作机制依赖于全局状态，因为在分布式系统中要保证全局状态的同步是非常困难的。

kubernetes API简介

内置API：部署好kubernetes集群后自带的 API接口.

自定义资源：CRD(Custom Resource Definition)，部署kubernetes之后通过安装其它组件等方式扩展出来的API。

kubernetes 内置API及资源对象简介

# curl --cacert /etc/kubernetes/ssl/ca.pem -H "Authorization: Bearer TOKEN" https://127.0.0.1:6443[root@k8s-master1 2.dashboard-v2.7.0]#kubectl get secrets -A |grep admin
kubernetes-dashboard   dashboard-admin-user   kubernetes.io/service-account-token   3      4m27s
kuboard                kuboard-admin-token    kubernetes.io/service-account-token   3      8d
#获取token
[root@k8s-master1 2.dashboard-v2.7.0]#kubectl describe secrets  -n kubernetes-dashboard dashboard-admin-user curl --cacert /etc/kubernetes/ssl/ca.pem -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InFDU2NVUThyQ3RPREkySExNdTN0dktnRWpkbnhYcXp5b091NmE2TEZTRlEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdXNlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2UwYmY2MmQtMDk3YS00MmU4LWE5NjItZTNmMTAxMGFlM2NjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLXVzZXIifQ.LVc_o1AebQHNGveuCQMSsQXNWwDXEyzg-HyLZccLm7IFENETN7PqnR1l6PC0WszWo0ekVfwwqkIpWl0sXLqcgqTGqv-FzIGHS7okwpskdReQOBfzPPPo73O_CLdWMLgo9iISVB-WK7YbMZzrCwZ8aosHTXjI4_5XhlZtbI2UZu0Fiuwxkq5DMwkYQ-_x1vFV_zwyN8u01MdUkpsRo_8CA-b72dAOVmABEO3PxSHVoekVvVkvXLf7rZsMJdiqn1qGFAQL3-xTlivg2bfBPTeHkx7YExn12sre4omRFWkMEGl6Yv9OGenRQgakTImJWjSZhmJgm6bX9XED3LT0kJ9rLA " https://10.0.0.188:6443[root@k8s-master1 2.dashboard-v2.7.0]#curl --cacert /etc/kubernetes/ssl/ca.pem -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InFDU2NVUThyQ3RPREkySExNdTN0dktnRWpkbnhYcXp5b091NmE2TEZTRlEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdXNlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiM2UwYmY2MmQtMDk3YS00MmU4LWE5NjItZTNmMTAxMGFlM2NjIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmVybmV0ZXMtZGFzaGJvYXJkOmFkbWluLXVzZXIifQ.LVc_o1AebQHNGveuCQMSsQXNWwDXEyzg-HyLZccLm7IFENETN7PqnR1l6PC0WszWo0ekVfwwqkIpWl0sXLqcgqTGqv-FzIGHS7okwpskdReQOBfzPPPo73O_CLdWMLgo9iISVB-WK7YbMZzrCwZ8aosHTXjI4_5XhlZtbI2UZu0Fiuwxkq5DMwkYQ-_x1vFV_zwyN8u01MdUkpsRo_8CA-b72dAOVmABEO3PxSHVoekVvVkvXLf7rZsMJdiqn1qGFAQL3-xTlivg2bfBPTeHkx7YExn12sre4omRFWkMEGl6Yv9OGenRQgakTImJWjSZhmJgm6bX9XED3LT0kJ9rLA " https://10.0.0.188:6443
{"paths": ["/.well-known/openid-configuration","/api","/api/v1","/apis","/apis/","/apis/admissionregistration.k8s.io","/apis/admissionregistration.k8s.io/v1","/apis/apiextensions.k8s.io","/apis/apiextensions.k8s.io/v1","/apis/apiregistration.k8s.io","/apis/apiregistration.k8s.io/v1","/apis/apps","/apis/apps/v1","/apis/authentication.k8s.io","/apis/authentication.k8s.io/v1","/apis/authorization.k8s.io","/apis/authorization.k8s.io/v1","/apis/autoscaling","/apis/autoscaling/v1","/apis/autoscaling/v2","/apis/batch","/apis/batch/v1","/apis/certificates.k8s.io","/apis/certificates.k8s.io/v1","/apis/coordination.k8s.io","/apis/coordination.k8s.io/v1","/apis/discovery.k8s.io","/apis/discovery.k8s.io/v1","/apis/events.k8s.io","/apis/events.k8s.io/v1","/apis/flowcontrol.apiserver.k8s.io","/apis/flowcontrol.apiserver.k8s.io/v1beta2","/apis/flowcontrol.apiserver.k8s.io/v1beta3","/apis/networking.k8s.io","/apis/networking.k8s.io/v1","/apis/node.k8s.io","/apis/node.k8s.io/v1","/apis/policy","/apis/policy/v1","/apis/rbac.authorization.k8s.io","/apis/rbac.authorization.k8s.io/v1","/apis/scheduling.k8s.io","/apis/scheduling.k8s.io/v1","/apis/storage.k8s.io","/apis/storage.k8s.io/v1","/apis/storage.k8s.io/v1beta1","/healthz","/healthz/autoregister-completion","/healthz/etcd","/healthz/log","/healthz/ping","/healthz/poststarthook/aggregator-reload-proxy-client-cert","/healthz/poststarthook/apiservice-openapi-controller","/healthz/poststarthook/apiservice-openapiv3-controller","/healthz/poststarthook/apiservice-registration-controller","/healthz/poststarthook/apiservice-status-available-controller","/healthz/poststarthook/bootstrap-controller","/healthz/poststarthook/crd-informer-synced","/healthz/poststarthook/generic-apiserver-start-informers","/healthz/poststarthook/kube-apiserver-autoregistration","/healthz/poststarthook/priority-and-fairness-config-consumer","/healthz/poststarthook/priority-and-fairness-config-producer","/healthz/poststarthook/priority-and-fairness-filter","/healthz/poststarthook/rbac/bootstrap-roles","/healthz/poststarthook/scheduling/bootstrap-system-priority-classes","/healthz/poststarthook/start-apiextensions-controllers","/healthz/poststarthook/start-apiextensions-informers","/healthz/poststarthook/start-cluster-authentication-info-controller","/healthz/poststarthook/start-kube-aggregator-informers","/healthz/poststarthook/start-kube-apiserver-admission-initializer","/healthz/poststarthook/start-kube-apiserver-identity-lease-controller","/healthz/poststarthook/start-kube-apiserver-identity-lease-garbage-collector","/healthz/poststarthook/start-legacy-token-tracking-controller","/healthz/poststarthook/storage-object-count-tracker-hook","/livez","/livez/autoregister-completion","/livez/etcd","/livez/log","/livez/ping","/livez/poststarthook/aggregator-reload-proxy-client-cert","/livez/poststarthook/apiservice-openapi-controller","/livez/poststarthook/apiservice-openapiv3-controller","/livez/poststarthook/apiservice-registration-controller","/livez/poststarthook/apiservice-status-available-controller","/livez/poststarthook/bootstrap-controller","/livez/poststarthook/crd-informer-synced","/livez/poststarthook/generic-apiserver-start-informers","/livez/poststarthook/kube-apiserver-autoregistration","/livez/poststarthook/priority-and-fairness-config-consumer","/livez/poststarthook/priority-and-fairness-config-producer","/livez/poststarthook/priority-and-fairness-filter","/livez/poststarthook/rbac/bootstrap-roles","/livez/poststarthook/scheduling/bootstrap-system-priority-classes","/livez/poststarthook/start-apiextensions-controllers","/livez/poststarthook/start-apiextensions-informers","/livez/poststarthook/start-cluster-authentication-info-controller","/livez/poststarthook/start-kube-aggregator-informers","/livez/poststarthook/start-kube-apiserver-admission-initializer","/livez/poststarthook/start-kube-apiserver-identity-lease-controller","/livez/poststarthook/start-kube-apiserver-identity-lease-garbage-collector","/livez/poststarthook/start-legacy-token-tracking-controller","/livez/poststarthook/storage-object-count-tracker-hook","/logs","/metrics","/openapi/v2","/openapi/v3","/openapi/v3/","/openid/v1/jwks","/readyz","/readyz/autoregister-completion","/readyz/etcd","/readyz/etcd-readiness","/readyz/informer-sync","/readyz/log","/readyz/ping","/readyz/poststarthook/aggregator-reload-proxy-client-cert","/readyz/poststarthook/apiservice-openapi-controller","/readyz/poststarthook/apiservice-openapiv3-controller","/readyz/poststarthook/apiservice-registration-controller","/readyz/poststarthook/apiservice-status-available-controller","/readyz/poststarthook/bootstrap-controller","/readyz/poststarthook/crd-informer-synced","/readyz/poststarthook/generic-apiserver-start-informers","/readyz/poststarthook/kube-apiserver-autoregistration","/readyz/poststarthook/priority-and-fairness-config-consumer","/readyz/poststarthook/priority-and-fairness-config-producer","/readyz/poststarthook/priority-and-fairness-filter","/readyz/poststarthook/rbac/bootstrap-roles","/readyz/poststarthook/scheduling/bootstrap-system-priority-classes","/readyz/poststarthook/start-apiextensions-controllers","/readyz/poststarthook/start-apiextensions-informers","/readyz/poststarthook/start-cluster-authentication-info-controller","/readyz/poststarthook/start-kube-aggregator-informers","/readyz/poststarthook/start-kube-apiserver-admission-initializer","/readyz/poststarthook/start-kube-apiserver-identity-lease-controller","/readyz/poststarthook/start-kube-apiserver-identity-lease-garbage-collector","/readyz/poststarthook/start-legacy-token-tracking-controller","/readyz/poststarthook/storage-object-count-tracker-hook","/readyz/shutdown","/version"][root@k8s-master1 ~]#curl --cacert /etc/kubernetes/ssl/ca.pem -H "Authorization: Bearer <YOUR_ACTUAL_TOKEN> " https://10.0.0.188:6443/api/v1/nodes/10.0.0.123[root@k8s-master1 ~]#curl --cacert /etc/kubernetes/ssl/ca.pem -H "Authorization: Bearer <YOUR_ACTUAL_TOKEN> " https://10.0.0.188:6443/metrics