• Home

  • Software

  • Kubernetes API - deep dive into the kube-apiserver
9
Kubernetes API DEEP DIVE INTO THE APISERVER Dr. Stefan Schimanski, [email protected]

Kubernetes API - deep dive into the kube-apiserver

Embed Size (px)

Citation preview

Page 1: Kubernetes API - deep dive into the kube-apiserver

Kubernetes APIDEEP DIVE INTO THE APISERVER

Dr. StefanSchimansk i , sttts@redhat .com

Page 2: Kubernetes API - deep dive into the kube-apiserver

RestfulhttpAPI

//version

/api/api/v1/pods/api/v1/pods/status

/apis/apis/batch/apis/batch/v1alpha1/apis/batch/v1alpha1/jobs/apis/batch/v1alpha1/cronjobs/apis/batch/v1beta1/apis/batch/v1beta1/jobs

kube-apiserver $kubectl create -ffoo.yaml

Page 3: Kubernetes API - deep dive into the kube-apiserver

RestfulhttpAPI

//version

/api/api/v1/pods/api/v1/pods/status

/apis/apis/batch/apis/batch/v2alpha1/apis/batch/v2alpha1/jobs/apis/batch/v2alpha1/cronjobs/apis/batch/v1beta1/apis/batch/v1beta1/jobs

Page 4: Kubernetes API - deep dive into the kube-apiserver

RestfulhttpAPI

//version

/api/api/v1/pods/api/v1/pods/status

/apis/apis/batch/apis/batch/v2alpha1/apis/batch/v2alpha1/jobs/apis/batch/v2alpha1/cronjobs/apis/batch/v1beta1/apis/batch/v1beta1/jobs

Page 5: Kubernetes API - deep dive into the kube-apiserver

RestfulhttpAPI

//version

/api/api/v1/pods/api/v1/pods/status

/apis/apis/batch/apis/batch/v2alpha1/apis/batch/v2alpha1/jobs/apis/batch/v2alpha1/cronjobs/apis/batch/v1beta1/apis/batch/v1beta1/jobs

/apis/batch/v2alpha1/jobs

GroupVersionResourceHTTPpaths:

InGo: gvk :=schema.GroupVersionKind{Group:“batch“,Version:“v2alpha1“,Kind:“Job“}obj :=api.Schema.New(gvk)codec :=api.Codecs.LegacyCodec(gvk.GroupVersion())codec.Decode(reqBody,gvk,obj)

typeJob struct {metav1.TypeMetametav1.ObjectMetaSpec JobSpecStatusJobStatus

}pkg/apis/batch/v2alpha1/types.go

typeTypeMeta struct {KindstringAPIVersion string

}

typeObjectMeta struct {Namestring...

}

Page 6: Kubernetes API - deep dive into the kube-apiserver

RestfulhttpAPI

//version

/api/api/v1/pods/api/v1/pods/status

/apis/apis/batch/apis/batch/v2alpha1/apis/batch/v2alpha1/jobs/apis/batch/v2alpha1/cronjobs/apis/batch/v1beta1/apis/batch/v1beta1/jobs

MaxInFlightLimit

Timeo

utForNon

LongRu

nningReq

uests

PanicRe

covery

CORS

Authen

tication

Audit

Impe

rson

ation

Authoriza

tion

k8s.io/apiserver/pkg/server.DefaultBuildHandlerChain

„Filters“

k8s.io/apiserver/pkg/server/routes/index.go – /k8s.io/apiserver/pkg/server/routes/version.go – /versionk8s.io/apiserver/pkg/server/routes/swagger.go – /swaggerapik8s.io/apiserver/pkg/server/routes/openapi.go – /swagger.json

„Routes“

mux

k8s.io/apiserver/pkg/endpoints.APIGroupVersion.InstallREST

AddSupportedResourcesWebService – /apis/batch/v2alpha1

k8s.io/apiserver/pkg/endpoints.APIInstaller.Install

/apis/batch/v2alpha1/jobs/apis/batch/v2alpha1/cronjobs...

With

Requ

estIn

fo

ctx.RequestInfo

Page 7: Kubernetes API - deep dive into the kube-apiserver

RestfulhttpAPI

mux

k8s.io/apiserver/pkg/endpoints.APIGroupVersion.InstallREST

AddSupportedResourcesWebService – /apis/batch/v2alpha1

k8s.io/apiserver/pkg/endpoints.APIInstaller.Install/apis/batch/v2alpha1/jobs/apis/batch/v2alpha1/cronjobs...

pkg/apis/batchtype Jobsstruct

pkg/apis/batch/v2alpha1type Jobsstruct

api.Schemek8s.io/apiserver

pkg/api api.Scheme.Convert(&internalJob,&v2alohaJob)

/apis/batch/v2alpha1/jobsGETPUTPOSTDELETE...

/status/scale/proxy...

subresources

Page 8: Kubernetes API - deep dive into the kube-apiserver

RestfulhttpAPI

mux

pkg/apis/batchtype Jobsstruct

pkg/apis/batch/v2alpha1type Jobsstruct

api.Scheme api.Scheme.Convert(&job,&v1job)

POST/apis/batch/v2alpha1/jobs

k8s.io/apiserverpkg/endpoints/handlers.CreateNamedResource

binaryJSON

payload

Gostructv2alpha1.Job

HTTPRequest

Gostructinternal.Job

Storek8s.io/apiserver

pkg/registry/generic

Storagek8s.io/apiserverpkg/storage/etcd3

ProtoBufJob

Gostructv2alpha1.Job

etcd

Page 9: Kubernetes API - deep dive into the kube-apiserver

type Scheme struct• AddKnownTypes(gv, obj Object) • Default(src Object)• Copy(src Object) Object• Convert(in, out interface{})• New(gvk) Object

ApiGrouppkg/apis/batchpkg/apis/batch/v1pkg/apis/batch/v2alpha1pkg/apis/batch/register.gopgk/apis/batch/install

GroupVersionKindResource

type Object interface• GetObjectKind() string

client-go/pkg/api.Schemeclient-go/pkg/api.Codecs

Discoverytype APIGroupList structtype APIVersions structtype APIResourceList struct

GroupVersionKind „gvk“GroupVersionResource

Unversioned typesUnstructuredList

Registry / Storagetype Storage interfacetype Lister interfacetype Updater interfacetype Getter interfacetype Deleter interface....

deepcopy-genconversion-gendefaulting-gen

Code Generation

type OwnerReference structtype ObjectReference structtype TypeMeta structtype ObjectMeta struct

Meta

api.Schemeapi.Codecsapi.Registryapi.GroupFactoryRegistry

Globals


IBM开源技术微讲堂 · 2016-12-29 · • Etcd) 9 K8sNode! – Master Kubernetes)Master APIServer Scheduler Controller) Manager ... Service Worker Node Service IP Kubernetes

IBM开源技术微讲堂 · 2016-12-29 · • Etcd) 9 K8sNode! – Master Kubernetes)Master APIServer Scheduler Controller) Manager ... Service Worker Node Service IP Kubernetes

Documents
Prezentacija Kube

Prezentacija Kube

Documents
Proposal KUBE Bengkel

Proposal KUBE Bengkel

Documents
Managing Kubernetes from Python using Kube

Managing Kubernetes from Python using Kube

Software
Kubernetes on NVIDIA GPUs...kube-system kube-scheduler-master 1/1 Running 0 1m Installing Kubernetes Kubernetes on NVIDIA GPUs DU-09016-001_v1.0 | 5 kube-system nvidia-device-plugin-daemonset-1.9.10-5m95f

Kubernetes on NVIDIA GPUs...kube-system kube-scheduler-master 1/1 Running 0 1m Installing Kubernetes Kubernetes on NVIDIA GPUs DU-09016-001_v1.0 | 5 kube-system nvidia-device-plugin-daemonset-1.9.10-5m95f

Documents
contoh skripsi KUBE

contoh skripsi KUBE

Documents
Putevoditel po kube

Putevoditel po kube

Documents
Logitank Kube

Logitank Kube

Documents
Pengembangan Kube

Pengembangan Kube

Education
Kubernetes Formation Docker - Expert Cloud et DevOps · Kubernetes Engine Kubeadm Kops Kube-aws Kubespray Exploiter Kubernetes Pour aller plus loin Pourquoi utiliser un orchestrateur

Kubernetes Formation Docker - Expert Cloud et DevOps · Kubernetes Engine Kubeadm Kops Kube-aws Kubespray Exploiter Kubernetes Pour aller plus loin Pourquoi utiliser un orchestrateur

Documents
POLITIČKI SISTEM KUBE

POLITIČKI SISTEM KUBE

Documents
Stability and Availability in Kubernetes · 2018. 12. 11. · Kube-reserved: - meant to capture resource reservation for kubernetes system daemons like the kubelet, container runtime,

Stability and Availability in Kubernetes · 2018. 12. 11. · Kube-reserved: - meant to capture resource reservation for kubernetes system daemons like the kubelet, container runtime,

Documents
Kubernetes laravel and kubernetes

Kubernetes laravel and kubernetes

Engineering
MINICENTRALINE KUBE CODICE FAMIGLIA …Kube CODICE FAMIGLIA FAMILY CODE SERIE SERIES MINICENTRALINE KUBE 147 CORRENTE CONTINUA DIRECT CURRENT KUBE POWER PACKS INDICE Caratteristiche

MINICENTRALINE KUBE CODICE FAMIGLIA …Kube CODICE FAMIGLIA FAMILY CODE SERIE SERIES MINICENTRALINE KUBE 147 CORRENTE CONTINUA DIRECT CURRENT KUBE POWER PACKS INDICE Caratteristiche

Documents
bahan KUBE

bahan KUBE

Documents
Build your own kubernetes apiserver and resource type

Build your own kubernetes apiserver and resource type

Technology
KUBE-modellen - Rehabiliteringsforum Danmark · KUBE-modellen Ny model for virkninger af borgerinddragelse på individuelt, organisatorisk og samfundsmæssigt niveau KUBE-modellen

KUBE-modellen - Rehabiliteringsforum Danmark · KUBE-modellen Ny model for virkninger af borgerinddragelse på individuelt, organisatorisk og samfundsmæssigt niveau KUBE-modellen

Documents
Infrastructure Design for Kubernetes · Kubernetes 1.9 Kubernetes 1.10 Kubernetes 1.11 Kubernetes 1.12 December 2017 March 2018 June 2018 September 2018 Kubernetes 1.13 December 2018

Infrastructure Design for Kubernetes · Kubernetes 1.9 Kubernetes 1.10 Kubernetes 1.11 Kubernetes 1.12 December 2017 March 2018 June 2018 September 2018 Kubernetes 1.13 December 2018

Documents
Kubernetes introduction · Kubernetes, a controller is a control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current

Kubernetes introduction · Kubernetes, a controller is a control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current

Documents
LF LC3 18 Topology-aware Service Routing in Kubernetes ... · Kube-proxy. Data Flow ServicePolicy Services selector Pods selector Node ... - Proposal: . Contact US! Title:

LF LC3 18 Topology-aware Service Routing in Kubernetes ... · Kube-proxy. Data Flow ServicePolicy Services selector Pods selector Node ... - Proposal: . Contact US! Title:

Documents
Pets with Kubernetes Taming Distributed - qconlondon.com · INTRODUCTION Containers and distributed state ... Quick and easy. No extra apiserver code Great for simple extensions

Pets with Kubernetes Taming Distributed - qconlondon.com · INTRODUCTION Containers and distributed state ... Quick and easy. No extra apiserver code Great for simple extensions

Documents
How to Secure Your Kubernetes Cluster · 2019-04-26 · s...get it?), or “kube” is an open source system for managing containerized applications across multiple hosts, providing

How to Secure Your Kubernetes Cluster · 2019-04-26 · s...get it?), or “kube” is an open source system for managing containerized applications across multiple hosts, providing

Documents
Kubernetes úklid mezi kontejnery Tomáš Kukrál @tomkukral ... · Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) target prot source destination KUBE-PORTALS-CONTAINER all 0.0.0.0/0

Kubernetes úklid mezi kontejnery Tomáš Kukrál @tomkukral ... · Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) target prot source destination KUBE-PORTALS-CONTAINER all 0.0.0.0/0

Documents
Rancher CIS Kuber netes v1.3.0 Benchmark Self Assessment · 1.1.10 - Ensure that the admission control plugin AlwaysAdmit is not set (Scored) Audit docker inspect kube-apiserver |

Rancher CIS Kuber netes v1.3.0 Benchmark Self Assessment · 1.1.10 - Ensure that the admission control plugin AlwaysAdmit is not set (Scored) Audit docker inspect kube-apiserver |

Documents
When I Kube All the Things, What Can Watch Kubernetes...When I Kube All the Things, What Can Watch Kubernetes? Kira Boyle Pivotal Cloud Foundry @kiracboyle

When I Kube All the Things, What Can Watch Kubernetes...When I Kube All the Things, What Can Watch Kubernetes? Kira Boyle Pivotal Cloud Foundry @kiracboyle

Documents
Raccordement de votre système Kube™ · Changement des filtres du système Kube F9 Retrait du système Kube lors d’un déménagement F10 Informations de garantie Kube F11 Performances

Raccordement de votre système Kube™ · Changement des filtres du système Kube F9 Retrait du système Kube lors d’un déménagement F10 Informations de garantie Kube F11 Performances

Documents
architecture with Prometheus Monitoring a Kubernetes ... · Monitoring Kubernetes namespace = kube-system apiserver kubelet kubelet etcd kubelet kubelet kubelet kubelet. Running Prometheus

architecture with Prometheus Monitoring a Kubernetes ... · Monitoring Kubernetes namespace = kube-system apiserver kubelet kubelet etcd kubelet kubelet kubelet kubelet. Running Prometheus

Documents
Kube-Proxy Deep Dive€¦ · Let’s talk about... Intro Traditional load balancing Networking in Docker Networking challenges in Kubernetes What’s next? Demo. Intro Since 2010,

Kube-Proxy Deep Dive€¦ · Let’s talk about... Intro Traditional load balancing Networking in Docker Networking challenges in Kubernetes What’s next? Demo. Intro Since 2010,

Documents
Kube Policy Procedures

Kube Policy Procedures

Documents
VA Linux Systems Japan 株式会社5 マスターノード ETCD kube-scheduler kube-controller-manager kube-apiserver ワーカーノード1 ワーカーノード2 Kubeletなど アクセスの受け付け

VA Linux Systems Japan 株式会社5 マスターノード ETCD kube-scheduler kube-controller-manager kube-apiserver ワーカーノード1 ワーカーノード2 Kubeletなど アクセスの受け付け

Documents