我希望能夠從 python kubernetes 客戶端訪問 GCP 中的 GKE (kubernetes) 集群。我無法驗證并連接到我的集群,也找不到原因。這是我到目前為止所嘗試的。
from google.auth import compute_engine
from google.cloud.container_v1 import ClusterManagerClient
from kubernetes import client
def test_gke(request):
project_id = "myproject"
zone = "myzone"
cluster_id = "mycluster"
credentials = compute_engine.Credentials()
cluster_manager_client = ClusterManagerClient(credentials=credentials)
cluster = cluster_manager_client.get_cluster(name=f'projects/{project_id}/locations/{zone}/clusters/{cluster_id}')
configuration = client.Configuration()
configuration.host = f"https://{cluster.endpoint}:443"
configuration.verify_ssl = False
configuration.api_key = {"authorization": "Bearer " credentials.token}
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
print("Listing pods with their IPs:")
pods = v1.list_pod_for_all_namespaces(watch=False)
for i in pods.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))
uj5u.com熱心網友回復:
我想讓配置作業我讓它作業在哪里,代碼在集群外運行,它kubectl為自己生成組態檔。(見最后更新)
原來的
第一個解決方案假設(!)您已經在本地(~/.kube/config并且可能通過KUBE_CONFIG)配置中配置了集群。
from google.cloud.container_v1 import ClusterManagerClient
from kubernetes import client,config
config.load_kube_config()
api_instance = client.CoreV1Api()
resp = api_instance.list_pod_for_all_namespaces()
for i in resp.items:
print(f"{i.status.pod_ip}\t{i.metadata.namespace}\t{i.metadata.name}")
筆記
- 假設您已經運行為當前集群
gcloud containers clusters get-credentials設定檔案(并且有一個set.~/.kube/configcurrent-context- 在檔案中使用您的用戶憑據,
~/.kube/config因此不需要額外的憑據。
更新
好的,我有它的作業。這是將生成kubectl配置并連接到集群的代碼。此代碼使用應用程式默認憑據為代碼提供服務帳戶密鑰(通常export GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json)
import os
import google.auth
import base64
from google.cloud.container_v1 import ClusterManagerClient
from kubernetes import client,config
from ruamel import yaml
PROJECT = os.getenv("PROJECT")
ZONE = os.getenv("ZONE")
CLUSTER = os.getenv("CLUSTER")
# Get Application Default Credentials
# `project_id` is the Service Account's
# This may differ to the cluster's `PROJECT`
credentials, project_id = google.auth.default()
# Get the cluster config from GCP
cluster_manager_client = ClusterManagerClient(credentials=credentials)
name=f"projects/{PROJECT}/locations/{ZONE}/clusters/{CLUSTER}"
cluster = cluster_manager_client.get_cluster(name=name)
SERVER = cluster.endpoint
CERT = cluster.master_auth.cluster_ca_certificate
configuration = client.Configuration()
# Create's a `kubectl` config
NAME="freddie" # arbitrary
CONFIG=f"""
apiVersion: v1
kind: Config
clusters:
- name: {NAME}
cluster:
certificate-authority-data: {CERT}
server: https://{SERVER}
contexts:
- name: {NAME}
context:
cluster: {NAME}
user: {NAME}
current-context: {NAME}
users:
- name: {NAME}
user:
auth-provider:
name: gcp
config:
scopes: https://www.googleapis.com/auth/cloud-platform
"""
# The Python SDK doesn't directly support providing a dict
# See: https://github.com/kubernetes-client/python/issues/870
kubeconfig = yaml.safe_load(CONFIG)
loader = config.kube_config.KubeConfigLoader(kubeconfig)
loader.load_and_set(configuration)
api_client= client.ApiClient(configuration)
api_instance = client.CoreV1Api(api_client)
# Enumerate e.g. Pods
resp = api_instance.list_pod_for_all_namespaces()
for i in resp.items:
print(f"{i.status.pod_ip}\t{i.metadata.namespace}\t{i.metadata.name}")
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/479417.html