Updated on 2024-11-06 GMT+08:00

Kubernetes APIs

Description

Kubernetes APIs are resource-based (RESTful) programming interfaces provided through HTTP. It supports query, creation, update, and deletion of various cluster resources using standard HTTP request methods (POST, PUT, PATCH, DELETE, and GET).

CCE allows you to use native Kubernetes APIs in the following ways:

Calling Kubernetes APIs Through the Cluster API Server

You can use the API server of a Kubernetes cluster to call Kubernetes-native APIs.

  1. Obtain the cluster certificate and API server.

    • Method 1: Obtain the certificate by calling the API for obtaining the cluster certificate, save the returned information to the kubeconfig.json file, and extract the certificate, private key, and API server information. The commands are as follows:
      # Obtain the CA certificate of the cluster and save it as ca.crt.
      cat ./kubeconfig.json |grep certificate-authority-data | awk -F '"' '{print $4}' | base64 -d > ./ca.crt
      # Obtain the client certificate and save it as client.crt.
      cat ./kubeconfig.json |grep client-certificate-data | awk -F '"' '{print $4}' | base64 -d > ./client.crt
      # Obtain the client private key and save it as client.key.
      cat ./kubeconfig.json |grep client-key-data | awk -F '"' '{print $4}' | base64 -d > ./client.key
      # Obtain the API server.
      cat ./kubeconfig.json |grep server | awk -F '"' '{print $4}'
    • Method 2: Obtain the API server IP address (private or public network address) on the Overview page of the CCE console and download the certificate (ca.crt, client.crt, and client.key files).

  2. Call Kubernetes-native APIs using the cluster certificate.

    For example, run the curl command to call an API to view the pod information. The following is an example:

    curl --cacert ./ca.crt --cert ./client.crt --key ./client.key  https://192.168.0.198:5443/api/v1/namespaces/default/pods/

    Specifically:

    • ./ca.crt, ./client.crt, and ./client.key specify that the certificate files in the current path are used. Replace them with the actual file paths.
    • 192.168.0.198:5443 is the IP address of the cluster API server.
    • /api/v1/namespaces/default/pods/ specifies the URI of the cluster API for viewing pod information in the default namespace. For more cluster APIs, see Kubernetes API.

Calling Kubernetes APIs Through API Gateway

You can call Kubernetes-native APIs through API Gateway using the URL in the format of https://{clusterid}.Endpoint/uri. In the URL, {clusterid} indicates the cluster ID, and uri indicates the resource path, that is, the path for API access.

Table 1 URL parameters

Parameter

Description

{clusterid}

Cluster ID. After a cluster is created, call the API for obtaining a cluster in a specified project to obtain the cluster ID.

Endpoint

Entry (URL) for a web service, which can be obtained from Endpoints.

uri

Access path of an API for performing an operation. Obtain the value from the URI of the API. For details, see Kubernetes API.

  1. Obtain the token of the region where the cluster is located. For details about how to obtain the token, see Obtaining a Token.
  2. Obtain the cluster ID using either of the following methods:

  3. Determine the requested URL based on the URL format https://{clusterid}.Endpoint/uri.

    • {clusterid}: Obtain the value by using 2.
    • Endpoint: Obtain the endpoint from Regions and Endpoints.

      For example, the endpoint of CCE in the AP-Singapore region is cce.ap-southeast-3.myhuaweicloud.com.

    • uri: Set this parameter based on the API to be called. For example, if you want to create a Deployment, the request method is POST and the API URI is /apis/apps/v1/namespaces/{namespace}/deployments, where {namespace} indicates the cluster namespace name. In this example, the value is default.

      For more APIs, see Kubernetes APIs.

    Combine the preceding parameters following the URL format https://{clusterid}.Endpoint/uri.

    The following is an example of the URL for calling the API to view information about all pods:
    https://07da5*****.cce.ap-southeast-3.myhuaweicloud.com/apis/apps/v1/namespaces/default/deployments

  4. Use the request method specified by the API and set the request header parameters. If parameters in the body need to be added, add the structure corresponding to the API by referring to Kubernetes APIs.

    Example curl command to call the API for creating a Deployment using POST and adding the corresponding body:

    In this example, the nginx.json file is used to create a Deployment named nginx. The Deployment uses the nginx:latest image and contains two pods. Each pod occupies 100m CPU and 200 MiB memory.

    curl --location --request POST 'https://07da5*****.cce.ap-southeast-3.myhuaweicloud.com/apis/apps/v1/namespaces/default/deployments' \
    --header 'Content-Type: application/json' \
    --header 'X-Auth-Token: MIIWvw******' \
    --data @nginx.json
    Header parameters contained in the request are as follows:
    Table 2 Request header parameters

    Parameter

    Mandatory

    Type

    Description

    Content-Type

    Yes

    String

    Message body type (format), for example, application/json.

    X-Auth-Token

    Yes

    String

    Requests for calling an API can be authenticated using either a token or AK/SK. If token-based authentication is used, this parameter is mandatory and must be set to a user token. For details, see Obtaining a Token.

    nginx.json is located in the current directory and contains the following content:

    {
        "apiVersion": "apps/v1",
        "kind": "Deployment",
        "metadata": {
            "name": "nginx"
        },
        "spec": {
            "replicas": 2,
            "selector": {
                "matchLabels": {
                    "app": "nginx"
                }
            },
            "template": {
                "metadata": {
                    "labels": {
                        "app": "nginx"
                    }
                },
                "spec": {
                    "containers": [
                        {
                            "image": "nginx:latest",
                            "name": "container-0",
                            "resources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "200Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "200Mi"
                                }
                            }
                        }
                    ],
                    "imagePullSecrets": [
                        {
                            "name": "default-secret"
                        }
                    ]
                }
            }
        }
    }