As a client officially maintained by k8s, k8s go-client can be said to be the only option for using k8s in the go language. However, I personally don’t think the official usage example is very clear, especially for users who are not familiar with k8s. Here I will summarize the pitfalls encountered during use, and hope to give some reference to those in need.
Let’s start with the official example: Let’s explain the k8s connection problem here. There will be a .kube directory on the node of the cluster (this directory is usually in the root user home directory) and there will be a config file in the directory, which records all the information required to connect to the k8s cluster, such as the apiserver address, user authentication token, etc. Generally speaking, this configuration file is required for client connection clusters. Here is the official sample code.
var kubeconfig *string
//If the config directory is configured, read the config information in the directory if home := (); home != "" {
kubeconfig = ("kubeconfig", (home, ".kube", "config"), "(optional) absolute path to the kubeconfig file")
} else {
// Otherwise, you need to specify the configuration file path kubeconfig = ("kubeconfig", "", "absolute path to the kubeconfig file")
}
()
config, err := ("", *kubeconfig)
if err != nil {
panic(err)
}
clientset, err := (config)
if err != nil {
panic(err)
}You can see that the config file must be specified in the initialization go-client. However, in actual use, we often do not have the idealization here. For example, our code runs outside the cluster, and our code connects to clients that need to switch back and forth on different clusters. What's more, the cluster we need to connect to will change at any time, the number of clusters changes, and the connection information of the cluster changes. In short, in many cases, it is impossible to obtain the config file directly from the cluster, nor can it use a fixed config file.
Generally speaking, usage scenarios include in-cluster and out-cluster access, and can also be divided into fixed access and dynamic access. For the cluster and the configuration of the cluster is fixed, it is still quite simple to use.
1. The cluster configuration is fixed and runs in a process mode, that is, after the code is compiled, it runs directly on a node of the cluster in a process mode and only accesses local or external fixed clusters. In this case, the config file path of the local cluster is fixed, and the external cluster can place the config file locally in advance, and use the configuration method of the sample code
2. The cluster is configured in a fixed way and runs in pod. For local clusters, although pods run in the cluster, the container cannot obtain the configuration information of the cluster due to isolation. At this time, you can access the local cluster through the default configuration and k8s RBAC, that is, use the default apiserver address and port environment variables in the pod (you can directly use the default config of go-client) to connect to the cluster, and at the same time configure the admin role of the cluster for the pod. You can also mount the .kube directory to the pod and initialize the client by reading the configuration file in the directory. There is no big difference between accessing external clusters and in 1.
3. The clusters to be accessed are not fixed (the number of clusters increases or decreases at any time, and the cluster authentication information will expire). In this case, whether it is running in the container or not, it is not easy to use the official sample code to connect to the cluster. In this case, a place that can obtain cluster authentication information (token, user password, etc.). With these information codes, you can manually create a new config, and use this config to initialize the cluster, and at the same time, re-initialize it in time after the authentication information fails.
Manually specify the apiserver address, where the address can be url or host plus port
kubeconfig,er := (apiUrl,"")
Configure authentication information, token or username encryption code or other authentication methods
= token
Initialize client
clientset, err := ,rConfig(kubeconfig)
When there is a change or the authentication information is invalid, the client may report the corresponding permission error and re-acquire the authentication information and initialize it. This ensures that the program will not be restarted and the cluster changes will be adapted without manually modifying the configuration.
The above is the detailed content of the use of k8s in the go language and the introduction to client initialization. For more information about k8s go client initialization, please follow my other related articles!