Accessing Kubernetes API on Google Container Engine

问题

According to Kubernetes API docs it is possible to create/list/delete pods, replication controllers and services:

http://kubernetes.io/third_party/swagger-ui/#!/v1beta1

However in the Google Container Engine documentation they don't seem to expose this API. The only resources you can manage through a REST API are clusters. Pods, replication controllers and services have to be managed using gcloud.

Is it possible to access the Kubernetes API when using Google Container Engine?

回答1:

Once you launch your container cluster on Google Container Engine, you will have a master running the kubernetes API on a VM in your GCP project. If you run gcloud preview container clusters list you will see the endpoint at which the kubernetes API is available as well as the http basic auth credentials needed to access it.

gcloud comes bundled with a recent version of kubectl and the ability to execute it for any container cluster you have launched with Google Container Engine. To list pods, for instance, you can run gcloud preview container kubectl list pods.

https://cloud.google.com/sdk/gcloud/reference/preview/container/kubectl describes the gcloud preview container kubectl command and what flags it accepts.

回答2:

I created a blog post just for this topic. It includes a video walkthrough of the code and demo. Essentially, you can get the Kubernetes credentials from the Google Container Engine API. Here is how to do it in golang:

func newKubernetesClient(clstr *container.Cluster) (*kubernetes.Clientset, error) {
    cert, err := base64.StdEncoding.DecodeString(clstr.MasterAuth.ClientCertificate)
    if err != nil {
        return nil, err
    }
    key, err := base64.StdEncoding.DecodeString(clstr.MasterAuth.ClientKey)
    if err != nil {
        return nil, err
    }
    ca, err := base64.StdEncoding.DecodeString(clstr.MasterAuth.ClusterCaCertificate)
    if err != nil {
        return nil, err
    }
    config := &rest.Config{
        Host:            clstr.Endpoint,
        TLSClientConfig: rest.TLSClientConfig{CertData: cert, KeyData: key, CAData: ca},
        Username:        clstr.MasterAuth.Username,
        Password:        clstr.MasterAuth.Password,
        // Insecure:        true,
    }
    kbrnts, err := kubernetes.NewForConfig(config)
    if err != nil {
        return nil, err
    }
    return kbrnts, nil
}

来源：https://stackoverflow.com/questions/28694346/accessing-kubernetes-api-on-google-container-engine