I just arranged what I did unchanged. I haven't touched Python so much, so I tried using it for studying. I don't know if it will be helpful, but if you want to use it in the same way, you may want to follow it.
The environment used is as follows.
Also, Kubernetes uses IBM Cloud Kubernetes Service (IKS), but I wonder if it can be used anywhere.
Follow git. Introduced Client with pip.
pip install kubernetes
Sample code (Refer to all pods)
from kubernetes import client, config
# Configs can be set in Configuration class directly or using helper utility
config.load_kube_config()
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
This code accesses the cluster based on the environment variable KUBECONGIG. Therefore, it is necessary to get the config of the IKS cluster.
Use the IBM Cloud CLI to get the KUBECONFIG.
After logging in to the target account, execute the following command.
$ ibmcloud ks cluster config --cluster mycluster
Kubernetes version 1.16 has removed deprecated APIs. For more information, see <http://ibm.biz/k8s-1-16-apis>
warning: The behavior of this command in your current CLI version is deprecated, and becomes unsupported when CLI version 1.0 is released in March 2020. To use the new behavior now, set the '{{.BetaVar}}' environment variable. In {{.Shell}}, run '{{.Command}}'.
Note: Changing the beta version can include other breaking changes.For more information, http://ibm.biz/iks-cli-See v1
OK
The mycluster configuration has been successfully downloaded.
Export your environment variables to get started with Kubernetes.
export KUBECONFIG=/Users/<user_name>/.bluemix/plugins/kubernetes-service/clusters/..../zzzz.yml
/ plugins / kubernetes-service → ⭕️ / plugins / container-service, but I wonder if there is any need to worry about that.$ python kubeapi.py Listing pods with their IPs:
10.76.68.235 kube-system calico-kube-controllers-7ddc977c56-ccrkh
10.76.68.235 kube-system calico-node-7b88g
・ ・ ・ ・ ・ ・ ・
・ ・ ・ ・ ・ ・ ・
I got a list of pods.
As a connection method that does not use kube-config, there is a connection method that uses a token or TLS certificate. Simply this. → https://github.com/kubernetes-client/python/blob/master/examples/remote_cluster.py
What I wanted to do was create a ServiceAccount and use the Kubernetes API based on that credentials. It was that.
I'm still studying around Service Account, so I would like to introduce only what I did.
The information used from Secret of Config information is token, ca.crt. Bese64 decode and use.
The created ca.cart file has this format. If you decode it, it should already be in this state, so paste it as it is.
-----BEGIN CERTIFICATE-----
Character string Character string Character string Character string Character Mojimo jimo ...
-----END CERTIFICATE-----
In the Python code, the part corresponding to the above config.load_kube_config () is as follows.
# Configs can be set in Configuration class directly or using helper utility
configuration = client.Configuration()
configuration.verify_ssl = True
configuration.host = 'https://xxx.xxx.xx.xx.xx.:yyy'
#Insert the acquired token as it is.
configuration.api_key['authorization'] = '<token>'
configuration.api_key_prefix['authorization'] = 'Bearer'
#ca.The path to cert. It doesn't move even if it is thrust as it is.
configuration.ssl_ca_cert = './ca.cert'
namespace = 'default'
v1 = client.CoreV1Api(client.ApiClient(configuration))
Now you can use the API! Should be! I think that you have taken various troublesome steps, but please adjust it by yourself. Especially around authority.
If you go beyond this, it will work almost according to Samples.
It's about writing notes, but that's it.
Recommended Posts