k8s的api-server組件負責提供restful api訪問端點, 並且將數據持久化到etcd server中. 那么k8s是如何組織它的restful api的?
一, namespaced resources
所謂的namespaced resources,就是這個resource是從屬於某個namespace的, 也就是說它不是cluster-scoped的資源. 比如pod, deployment, service都屬於namespaced resource. 那么我們看一下如何請求一個namespaced resources.
http://localhost:8080/api/v1/namespaces/default/pods/test-pod
可以看出, 該restful api的組織形式是:
| api | api版本 | namespaces | 所屬的namespace | 資源種類 | 所請求的資源名稱 |
| api | v1 | namespaces | default | pods | test-pod |
這里api version如果是v1的話,表示這是一個很穩定的版本了, 以后不會有大的修改,並且當前版本所支持的所有特性以后都會兼容. 而如果版本號是v1alpha1, v1beta1之類的,則不保證其穩定性.
二, non-namespaced resources
http://localhost:8080/apis/rbac.authorization.k8s.io/v1/clusterroles/test-clusterrole
這里可以觀察到它clusterrole與pod不同, apis表示這是一個非核心api. rbac.authorization.k8s.io指代的是api-group, 另外它沒有namespaces字段, 其他與namespaced resources類似.不再贅述.
三, non-resource url
這類資源和pod, clusterrole都不同. 例如
http://localhost:8080/healthz/etcd
這就是用來確認etcd服務是不是健康的.它不屬於任何namespace,也不屬於任何api版本.
總結, k8s的REST API的設計結構為:
[api/apis] / api-group / api-version / namespaces / namespace-name / resource-kind / resource-name
apis / rbac.authorization.k8s.io / v1 / namespaces / default / roles / test-role
所有的api結構都可以通過訪問相關斷點來獲取信息, 最低一層為api-server的地址, 訪問結果如下:
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/admissionregistration.k8s.io",
"/apis/admissionregistration.k8s.io/v1beta1",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1beta1",
"/apis/apiregistration.k8s.io",
"/apis/apiregistration.k8s.io/v1",
"/apis/apiregistration.k8s.io/v1beta1",
"/apis/apps",
"/apis/apps/v1",
"/apis/apps/v1beta1",
"/apis/apps/v1beta2",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2beta1",
"/apis/autoscaling/v2beta2",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v1beta1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1beta1",
"/apis/coordination.k8s.io",
"/apis/coordination.k8s.io/v1beta1",
"/apis/events.k8s.io",
"/apis/events.k8s.io/v1beta1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/networking.k8s.io",
"/apis/networking.k8s.io/v1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1",
"/apis/rbac.authorization.k8s.io/v1beta1",
"/apis/scheduling.k8s.io",
"/apis/scheduling.k8s.io/v1beta1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/autoregister-completion",
"/healthz/etcd",
"/healthz/log",
"/healthz/ping",
"/healthz/poststarthook/apiservice-openapi-controller",
"/healthz/poststarthook/apiservice-registration-controller",
"/healthz/poststarthook/apiservice-status-available-controller",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/ca-registration",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/kube-apiserver-autoregistration",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/healthz/poststarthook/start-kube-aggregator-informers",
"/healthz/poststarthook/start-kube-apiserver-admission-initializer",
"/healthz/poststarthook/start-kube-apiserver-informers",
"/logs",
"/metrics",
"/openapi/v2",
"/swagger-2.0.0.json",
"/swagger-2.0.0.pb-v1",
"/swagger-2.0.0.pb-v1.gz",
"/swagger.json",
"/swaggerapi",
"/version"
]
}