Access to cluster resources with python.
Creating Tokens
APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
SECRET_NAME=$(kubectl get serviceaccount default -o jsonpath='{.secrets[0].name}')
TOKEN=$(kubectl get secret $SECRET_NAME -o jsonpath='{.data.token}' | base64 --decode)
curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure
Granting default:default Permissions to the kubernetes service account
kubectl create clusterrolebinding default-admin --clusterrole cluster-admin --serviceaccount=default:default
from kubernetes import client, config
def main():
# Define the barer token we are going to use to authenticate.
# See here to create the token:
# https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/
aToken = "$TOKEN Thats Generated From Above"
# Create a configuration object
aConfiguration = client.Configuration()
# Specify the endpoint of your Kube cluster
aConfiguration.host = "https://XXX.XXX.XXX.XXX:6443"
# Security part.
# In this simple example we are not going to verify the SSL certificate of
# the remote cluster (for simplicity reason)
aConfiguration.verify_ssl = False
# Nevertheless if you want to do it you can with these 2 parameters
# configuration.verify_ssl=True
# ssl_ca_cert is the filepath to the file that contains the certificate.
# configuration.ssl_ca_cert="certificate"
aConfiguration.api_key = {"authorization": "Bearer " + aToken}
# Create a ApiClient with our config
aApiClient = client.ApiClient(aConfiguration)
# Do calls
v1 = client.CoreV1Api(aApiClient)
print("Listing pods with their IPs:")
ret = v1.list_pod_for_all_namespaces(watch=False)
for i in ret.items:
print("%s\t%s\t%s" %
(i.status.pod_ip, i.metadata.namespace, i.metadata.name))
if __name__ == '__main__':
main()
metadata.labels.kubernetes.io/hostname status.addresses[0].address status.allocatable.memory status.capacity.memory status.conditions -> Array
Links
- K9s for monitoring
- Kubernetes Python on Github