使用 K8S API 访问 pod [关闭]

Question

使用 kubectl 我们可以运行以下命令

kubectl exec -ti POD_NAME -- pwd

我可以从 API 级别做到这一点吗？我检查了 POD API，似乎它在那里丢失了 https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/

我正在寻找的是一个无需额外依赖即可查看 POD 中文件的 UI 工具

更新：

我在 pod 中找到了以下代码来执行命令

package main

import (
    "bytes"
    "context"
    "flag"
    "fmt"
    "path/filepath"

    corev1 "k8s.io/api/core/v1"
    _ "k8s.io/apimachinery/pkg/api/errors"
    metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    "k8s.io/apimachinery/pkg/runtime"
    "k8s.io/client-go/kubernetes"
    "k8s.io/client-go/tools/clientcmd"
    "k8s.io/client-go/tools/remotecommand"
    "k8s.io/client-go/util/homedir"
    //
    // Uncomment to load all auth plugins
    // _ "k8s.io/client-go/plugin/pkg/client/auth"
    //
    // Or uncomment to load specific auth plugins
    // _ "k8s.io/client-go/plugin/pkg/client/auth/azure"
    // _ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
    // _ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
    // _ "k8s.io/client-go/plugin/pkg/client/auth/openstack"
)

func main() {
    var kubeconfig *string
    if home := homedir.HomeDir(); home != "" {
        kubeconfig = flag.String("kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file")
    } else {
        kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file")
    }
    flag.Parse()

    // use the current context in kubeconfig
    config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig)
    if err != nil {
        panic(err.Error())
    }

    // create the clientset
    clientset, err := kubernetes.NewForConfig(config)
    if err != nil {
        panic(err.Error())
    }

    namespace := "stage"
    pods, err := clientset.CoreV1().Pods(namespace).List(context.TODO(), metav1.ListOptions{})
    if err != nil {
        panic(err.Error())
    }
    fmt.Printf("There are %d pods in the cluster\n", len(pods.Items))

    podName := "ubs-job-qa-0"
    containerName := "ubs-job"

    // https://github.com/kubernetes/kubernetes/blob/release-1.22/test/e2e/framework/exec_util.go
    // https://zhimin-wen.medium.com/programing-exec-into-a-pod-5f2a70bd93bb
    req := clientset.CoreV1().
        RESTClient().
        Post().
        Resource("pods").
        Name(podName).
        Namespace(namespace).
        SubResource("exec").
        Param("container", containerName)

    scheme := runtime.NewScheme()
    if err := corev1.AddToScheme(scheme); err != nil {
        panic("Cannot add scheme")
    }

    parameterCodec := runtime.NewParameterCodec(scheme)
    req.VersionedParams(&corev1.PodExecOptions{
        Stdin:     false,
        Stdout:    true,
        Stderr:    true,
        TTY:       true,
        Container: podName,
        Command:   []string{"ls", "-la", "--time-style=iso", "."},
    }, parameterCodec)

    exec, err := remotecommand.NewSPDYExecutor(config, "POST", req.URL())
    if err != nil {
        panic(err)
    }

    var stdout, stderr bytes.Buffer
    err = exec.Stream(remotecommand.StreamOptions{
        Stdin:  nil,
        Stdout: &stdout,
        Stderr: &stderr,
    })
    if err != nil {
        panic(err)
    }

    text := string(stdout.Bytes())
    fmt.Println(text)
}

Answer 1

在您的情况下，使用 kubectl 与调用 api-server 相同；依次调用节点上的 kubelet 并在 pod 命名空间中执行您的命令。

你可以这样试验：

kubectl proxy --port=8080 &

curl "localhost:8080/api/v1/namespaces/<namespace>/pods/<pod>/exec?command=pwd&stdin=false"

要复制文件，您可以使用：kubectl cp --help

Answer 2

您可以利用 Kubernetes Dashboard 等工具作为 UI 工具，或者如果您想进入企业级，请尝试 Rancher