curl 测试 k8s api

本机 curl 直接使用 k8s 里的证书调用 k8s api

curl -k \
  --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt \
  --key /etc/kubernetes/pki/apiserver-kubelet-client.key \
  --cacert /etc/kubernetes/pki/ca.crt \
  https://localhost:6443/api/v1/pods?limit=1

也可将先建一个 sh 文件

例如文件名：curl-k8s-api.sh

curl -k \
  --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt \
  --key /etc/kubernetes/pki/apiserver-kubelet-client.key \
  --cacert /etc/kubernetes/pki/ca.crt \
  $@

然后通过 该 sh 文件调用 k8s api

./curl-k8s-api.sh https://localhost:6443/api/v1/pods?limit=1

通过 ~/.kube/config 文件调用 k8s api

# 设置kubeconfig文件路径
KUBECONFIG=~/.kube/config
 
# 从kubeconfig中提取API服务器地址
APISERVER=$(grep -oP '(?<=server: https://)[^"]+' $KUBECONFIG)
 
# 从kubeconfig中提取认证令牌
TOKEN='kubernetes-admin@kubernetes'
 
# 从kubeconfig中提取认证方法
CERT=$(grep -oP '(?<=client-certificate-data: ).+' $KUBECONFIG | base64 --decode)
KEY=$(grep -oP '(?<=client-key-data: ).+' $KUBECONFIG | base64 --decode)
 
# 使用curl命令访问Kubernetes API
curl --cacert /etc/kubernetes/pki/ca.crt -H "Authorization: Bearer $TOKEN" https://$APISERVER