从容器中获取所有k8s pod的IP地址 [英] Get IP addresses of all k8s pods from within a container
问题描述
我有一个名为my-service的服务,其端点为refreshCache. my-service托管在多台服务器上,有时我希望其中一台服务器上my-service中的事件触发所有服务器上my-service上的refreshCache.为此,我手动维护所有托管my-service的服务器的列表,提取该列表,然后为每个服务器向<server>/.../refreshCache发送REST请求.
I have a service called my-service with an endpoint called refreshCache. my-service is hosted on multiple servers, and occasionally I want an event in my-service on one of the servers to trigger refreshCache on my-service on all servers. To do this I manually maintain a list of all the servers that host my-service, pull that list, and send a REST request to <server>/.../refreshCache for each server.
我现在正在将服务迁移到k8s.与之前类似,在托管my-service的所有服务器上运行refreshCache的位置,现在我希望能够在托管my-service的所有Pod上运行refreshCache.不幸的是,我无法手动维护Pod IP列表,因为我的理解是IP在k8s中是短暂的,因此我需要能够从那些Pod中的一个容器内动态获取节点中所有Pod的IP.这可能吗?
I'm now migrating my service to k8s. Similarly to before, where I was running refreshCache on all servers that hosted my-service, I now want to be able to run refreshCache on all the pods that host my-service. Unfortunately I cannot manually maintain a list of pod IPs, as my understanding is that IPs are ephemeral in k8s, so I need to be able to dynamically get the IPs of all pods in a node, from within a container in one of those pods. Is this possible?
注意:我知道此信息可用于kubectl get endpoints ...,但是kubectl在我的容器中将不可用.
Note: I'm aware this information is available with kubectl get endpoints ..., however kubectl will not be available within my container.
推荐答案
您不需要kubectl即可访问Kubernetes API.您可以使用任何可以发出HTTP请求的工具来做到这一点.
You don't need kubectl to access the Kubernetes API. You can do it with any tool that can make HTTP requests.
Kubernetes API是一个简单的HTTP REST API,并且如果它在集群中作为Pod运行,则容器中将显示您需要的所有身份验证信息.
The Kubernetes API is a simple HTTP REST API, and all the authentication information that you need is present in the container if it runs as a Pod in the cluster.
要获取端点群集中的容器中名为my-service的对象,您可以执行以下操作:
To get the Endpoints object named my-service from within a container in the cluster, you can do:
curl -k -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
https://kubernetes.default.svc:443/api/v1/namespaces/{namespace}/endpoints/my-service
注意:将{namespace}替换为my-service端点资源的命名空间.
Note: replace {namespace} with the namespace of the my-service Endpoints resource.
要提取返回的JSON的IP地址,您可以将输出通过管道传输到jq之类的工具:
And to extract the IP addresses of the returned JSON, you could pipe the output to a tool like jq:
... | jq -r '.subsets[].addresses[].ip'
请注意,您从中执行此操作的Pod需要具有Endpoints资源的读取权限,否则API请求将被拒绝.
您可以使用ClusterRole,ClusterRoleBinding和Service Account(只需设置一次)来完成此操作:
You can do this with a ClusterRole, ClusterRoleBinding, and Service Account (you need to set this up only once):
kubectl create sa endpoint-reader
kubectl create clusterrole endpoint-reader --verb=get,list --resource=endpoints
kubectl create clusterrolebinding endpoint-reader --serviceaccount=default:endpoint-reader --clusterrole=endpoint-reader
Then, use the endpoint-reader ServiceAccount for the Pod from which you want to execute the above curl command by specifying it in the pod.spec.serviceAccountName field.
其他任何API操作(即动词和资源的组合)的授予权限都以相同的方式起作用.
Granting permissions for any other API operations (i.e. combinations of verbs and resources) works in the same way.
这篇关于从容器中获取所有k8s pod的IP地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
