EndpointSlice 是 Kubernetes 中用于扩展和优化 Endpoints 功能的一种资源对象。它是对传统 Endpoints 的改进,主要用于更高效地管理和存储服务后端的端点信息。
EndpointSlice
资源可以通过 client.discovery().v1().endpointSlices()
访问。
EndpointSlice es = client.discovery().v1().endpointSlices()
.load(getClass().getResourceAsStream("/endpointslice.yml")).item();
EndpointSlice esFromServer = client.discovery().v1().endpointSlices()
.inNamespace("default").withName("es1").get();
EndpointSlice esToCreate = new EndpointSliceBuilder()
.withNewMetadata()
.withName(name)
.addToLabels("kubernetes.io/service-name", "example")
.endMetadata()
.withAddressType("IPv4")
.addNewPort()
.withName("http")
.withPort(80)
.endPort()
.addNewEndpoint()
.withAddresses("10.1.2.3")
.withNewConditions().withReady(true).endConditions()
.withHostname("pod-1")
.addToTopology("kubernetes.io/hostname", "node-1")
.addToTopology("topology.kubernetes.io/zone", "us-west2-a")
.endEndpoint()
.build();
esToCreate = client.discovery().v1().endpointSlices().inNamespace("ns1").resource(esToCreate).create();
EndpointSlice es = client.discovery().v1().endpointSlices().inNamespace("ns1").resource(endpointSlice).serverSideApply();
EndpointSliceList esList = client.discovery().v1().endpointSlices().inNamespace("default").list();
EndpointSliceList esList = client.discovery().v1().endpointSlices().inAnyNamespace().list();
EndpointSliceList esList = client.discovery().v1().endpointSlices().inNamespace("default").withLabel("foo", "bar").list();
client.discovery().v1().endpointSlices().inNamespace("default").withName("test-es").delete();
client.discovery().v1().endpointSlices().inNamespace("default").watch(new Watcher<>() {
@Override
public void eventReceived(Action action, EndpointSlice resource) {
// 根据操作类型执行某些操作
}
@Override
public void onClose(WatcherException cause) {
// 处理关闭事件
}
});
PersistentVolumeClaim (PVC) 是 Kubernetes 中用户对存储资源的请求,用于动态绑定 PersistentVolume (PV),为 Pod 提供持久化存储。
PersistentVolumeClaim
可以通过 client.persistentVolumeClaims()
访问。
PersistentVolumeClaim pvc = client.persistentVolumeClaims().load(new FileInputStream("pvc.yaml")).item();
PersistentVolumeClaim pvc = client.persistentVolumeClaims().inNamespace("default").withName("test-pv-claim").get();
PersistentVolumeClaim persistentVolumeClaim = new PersistentVolumeClaimBuilder()
.withNewMetadata().withName("test-pv-claim").endMetadata()
.withNewSpec()
.withStorageClassName("my-local-storage")
.withAccessModes("ReadWriteOnce")
.withNewResources()
.addToRequests("storage", new Quantity("500Gi"))
.endResources()
.endSpec()
.build();
client.persistentVolumeClaims().inNamespace("default").resource(persistentVolumeClaim).create();
PersistentVolumeClaim pvc = client.persistentVolumeClaims().inNamespace("default").resource(pvcToCreate).serverSideApply();
PersistentVolumeClaimList pvcList = client.persistentVolumeClaims().inNamespace("default").list();
PersistentVolumeClaimList pvcList = client.persistentVolumeClaims().inAnyNamespace().list();
PersistentVolumeClaimList pvcList = client.persistentVolumeClaims().inNamespace("default").withLabel("foo", "bar").list();
client.persistentVolumeClaims().inNamespace("default").withName("test-pv-claim").delete();
PersistentVolume (PV) 是 Kubernetes 中由管理员提供的存储资源,代表集群中的一块持久化存储,可供 Pod 通过 PersistentVolumeClaim (PVC) 绑定和使用。
PersistentVolume
资源可以通过 client.persistentVolumes()
访问。
PersistentVolume pv = client.persistentVolumes().load(new FileInputStream("pv.yaml")).item();
PersistentVolume pv = client.persistentVolumes().withName("test-local-pv").get();
PersistentVolume pv = new PersistentVolumeBuilder()
.withNewMetadata().withName("test-local-pv").endMetadata()
.withNewSpec()
.addToCapacity(Collections.singletonMap("storage", new Quantity("500Gi")))
.withAccessModes("ReadWriteOnce")
.withPersistentVolumeReclaimPolicy("Retain")
.withStorageClassName("my-local-storage")
.withNewLocal()
.withPath("/mnt/disks/vol1")
.endLocal()
.withNewNodeAffinity()
.withNewRequired()
.addNewNodeSelectorTerm()
.withMatchExpressions(Arrays.asList(new NodeSelectorRequirementBuilder()
.withKey("kubernetes.io/hostname")
.withOperator("In")
.withValues("my-node")
.build()
))
.endNodeSelectorTerm()
.endRequired()
.endNodeAffinity()
.endSpec()
.build();
PersistentVolume pvCreated = client.persistentVolumes().resource(pv).create();
PersistentVolume pv = client.persistentVolumes().resource(pvToCreate).serverSideApply();
PersistentVolumeList pvList = client.persistentVolumes().list();
PersistentVolumeList pvList = client.persistentVolumes().withLabel("foo", "bar").list();
client.persistentVolumes().withName("test-local-pv").delete();
NetworkPolicy 是 Kubernetes 中用于定义 Pod 之间网络通信规则的对象,通过标签选择器控制入站和出站流量,实现网络隔离和安全策略。
NetworkPolicy
可以通过 client.network().networkPolicies()
访问。
NetworkPolicy loadedNetworkPolicy = client.network().networkPolicies()
.load(new FileInputStream("/test-networkpolicy.yml")).item();
NetworkPolicy getNetworkPolicy = client.network().networkPolicies()
.withName("networkpolicy").get();
NetworkPolicy networkPolicy = new NetworkPolicyBuilder()
.withNewMetadata()
.withName("networkpolicy")
.addToLabels("foo","bar")
.endMetadata()
.withNewSpec()
.withNewPodSelector()
.addToMatchLabels("role","db")
.endPodSelector()
.addToIngress(0,
new NetworkPolicyIngressRuleBuilder()
.addToFrom(0, new NetworkPolicyPeerBuilder().withNewPodSelector()
.addToMatchLabels("role","frontend").endPodSelector()
.build()
).addToFrom(1, new NetworkPolicyPeerBuilder().withNewNamespaceSelector()
.addToMatchLabels("project","myproject").endNamespaceSelector()
.build()
)
.addToPorts(0,new NetworkPolicyPortBuilder().withPort(new IntOrString(6379))
.withProtocol("TCP").build())
.build()
)
.endSpec()
.build();
NetworkPolicy npCreated = client.network().networkPolicies().resource(networkPolicy).create();
NetworkPolicy npCreated = client.network().networkPolicies().resource(networkPolicy).serverSideApply();
NetworkPolicyList networkPolicyList = client.network().networkPolicies().list();
NetworkPolicyList networkPolicyList = client.network().networkPolicies()
.withLabels(Collections.singletonMap("foo","bar")).list();
client.network().networkPolicies().withName("np-test").delete();
PodDisruptionBudget (PDB) 是 Kubernetes 中用于限制自愿中断(如升级或维护)时 Pod 的最大不可用数量或最小可用数量,确保应用的高可用性。
PodDisruptionBudget
可以通过 client.policy().v1().podDisruptionBudget()
访问。
PodDisruptionBudget pdb = client.policy().v1().podDisruptionBudget().load(new FileInputStream("/test-pdb.yml")).item();
PodDisruptionBudget podDisruptionBudget = client.policy().v1().podDisruptionBudget().inNamespace("default").withName("poddisruptionbudget1").get();
PodDisruptionBudget podDisruptionBudget = new PodDisruptionBudgetBuilder()
.withNewMetadata().withName("zk-pkb").endMetadata()
.withNewSpec()
.withMaxUnavailable(new IntOrString("1%"))
.withNewSelector()
.withMatchLabels(Collections.singletonMap("app", "zookeeper"))
.endSelector()
.endSpec()
.build();
client.policy().v1().podDisruptionBudget().inNamespace("default").resource(podDisruptionBudget).create();
PodDisruptionBudget pdb = client.policy().v1().podDisruptionBudget().inNamespace("default").resource(podDisruptionBudgetObj).serverSideApply();
PodDisruptionBudgetList podDisruptionBudgetList = client.policy().v1().podDisruptionBudget().inNamespace("default").list();
PodDisruptionBudgetList pdbList = client.policy().v1().podDisruptionBudget().inAnyNamespace().list();
PodDisruptionBudgetList pdbList = client.policy().v1().podDisruptionBudget().inNamespace("default").withLabel("foo", "bar").list();
client.policy().v1().podDisruptionBudget().inNamespace("default").withName("poddisruptionbudget1").delete();
try (KubernetesClient client = new KubernetesClientBuilder().build()) {
SelfSubjectAccessReview ssar = new SelfSubjectAccessReviewBuilder()
.withNewSpec()
.withNewResourceAttributes()
.withGroup("apps")
.withResource("deployments")
.withVerb("create")
.withNamespace("dev")
.endResourceAttributes()
.endSpec()
.build();
ssar = client.authorization().v1().selfSubjectAccessReview().create(ssar);
System.out.println("Allowed: " + ssar.getStatus().getAllowed());
}
try (KubernetesClient client = new KubernetesClientBuilder().build()) {
SubjectAccessReview sar = new SubjectAccessReviewBuilder()
.withNewSpec()
.withNewResourceAttributes()
.withGroup("apps")
.withResource("deployments")
.withVerb("create")
.withNamespace("default")
.endResourceAttributes()
.withUser("kubeadmin")
.endSpec()
.build();
sar = client.authorization().v1().subjectAccessReview().create(sar);
System.out.println("Allowed: " + sar.getStatus().getAllowed());
}
try (KubernetesClient client = new KubernetesClientBuilder().build()) {
LocalSubjectAccessReview lsar = new LocalSubjectAccessReviewBuilder()
.withNewMetadata().withNamespace("default").endMetadata()
.withNewSpec()
.withUser("foo")
.withNewResourceAttributes()
.withNamespace("default")
.withVerb("get")
.withGroup("apps")
.withResource("pods")
.endResourceAttributes()
.endSpec()
.build();
lsar = client.authorization().v1().localSubjectAccessReview().inNamespace("default").create(lsar);
System.out.println(lsar.getStatus().getAllowed());
}
try (KubernetesClient client = new KubernetesClientBuilder().build()) {
SelfSubjectRulesReview selfSubjectRulesReview = new SelfSubjectRulesReviewBuilder()
.withNewMetadata().withName("foo").endMetadata()
.withNewSpec()
.withNamespace("default")
.endSpec()
.build();
selfSubjectRulesReview = client.authorization().v1().selfSubjectRulesReview().create(selfSubjectRulesReview);
System.out.println(selfSubjectRulesReview.getStatus().getIncomplete());
System.out.println("Non-resource rules: " + selfSubjectRulesReview.getStatus().getNonResourceRules().size());
System.out.println("Resource rules: " + selfSubjectRulesReview.getStatus().getResourceRules().size());
}
ClusterRole 是 Kubernetes 中定义集群范围内权限的对象,用于授予对集群资源(如节点、命名空间等)的访问权限,通常与 ClusterRoleBinding
结合使用。
ClusterRole
可以通过 client.rbac().clusterRoles()
访问。
ClusterRole clusterRole = client.rbac().clusterRoles().load(new FileInputStream("clusterroles-test.yml")).item();
ClusterRole clusterRole = client.rbac().clusterRoles().withName("clusterrole1").get();
ClusterRoleList clusterRoleList = client.rbac().clusterRoles().list();
ClusterRoleList clusterRoleList = client.rbac().clusterRoles().withLabel("key1", "value1").list();
client.rbac().clusterRoles().withName("clusterrole1").delete();
ClusterRoleBinding
可以通过 client.rbac().clusterRoleBindings()
访问。
ClusterRoleBinding clusterRoleBinding = client.rbac().clusterRoleBindings().load(new FileInputStream("clusterrolebinding-test.yml")).item();
List<Subject> subjects = new ArrayList<>();
Subject subject = new Subject();
subject.setKind("ServiceAccount");
subject.setName("serviceaccountname");
subject.setNamespace("default");
subjects.add(subject);
RoleRef roleRef = new RoleRef();
roleRef.setApiGroup("rbac.authorization.k8s.io");
roleRef.setKind("ClusterRole");
roleRef.setName("clusterrolename");
ClusterRoleBinding clusterRoleBindingCreated = new ClusterRoleBindingBuilder()
.withNewMetadata().withName("clusterrolebindingname").withNamespace("default").endMetadata()
.withRoleRef(roleRef)
.addAllToSubjects(subjects)
.build();
ClusterRoleBinding clusterRoleBinding = client.rbac().clusterRoleBindings().resource(clusterRoleBindingCreated).create();
ClusterRoleBinding clusterRoleBinding = client.rbac().clusterRoleBindings().withName("clusterrolebindingname").get();
ClusterRoleBindingList clusterRoleBindingList = client.rbac().clusterRoleBindings().list();
ClusterRoleBindingList clusterRoleBindingList = client.rbac().clusterRoleBindings().withLabel("key1", "value1").list();
client.rbac().clusterRoleBindings().withName("clusterrolebindingname").delete();
Role
可以通过 client.rbac().roles()
访问。以下是一些常见的 Role
使用示例:
Role
:Role role = client.rbac().roles().load(new FileInputStream("FunTester-role.yml")).item();
Role
:List<PolicyRule> policyRuleList = new ArrayList<>();
PolicyRule endpoints = new PolicyRule();
endpoints.setApiGroups(Arrays.asList(""));
endpoints.setResources(Arrays.asList("FunTester"));
endpoints.setVerbs(Arrays.asList("get", "list", "watch", "create", "update", "patch"));
policyRuleList.add(endpoints);
Role roleCreated = new RoleBuilder()
.withNewMetadata().withName("FunTester-role").withNamespace("default").endMetadata()
.addAllToRules(policyRuleList)
.build();
Role role = client.rbac().roles().resource(roleCreated).create();
Role
:Role role = client.rbac().roles().inNamespace("default").withName("FunTester-role").get();
Role
对象:RoleList roleList = client.rbac().roles().inNamespace("default").list();
Role
对象:RoleList roleList = client.rbac().roles().inNamespace("default").withLabel("FunTester-key", "FunTester-value").list();
Role
对象:client.rbac().roles().withName("FunTester-role").delete();
RoleBinding
可以通过 client.rbac().roleBindings()
访问。以下是一些常见的 RoleBinding
使用示例:
RoleBinding
:RoleBinding roleBinding = client.rbac().roleBindings().load(new FileInputStream("FunTester-rolebinding.yml")).item();
RoleBinding
:List<Subject> subjects = new ArrayList<>();
Subject subject = new Subject();
subject.setNamespace("default");
subject.setKind("ServiceAccount");
subject.setName("FunTester-serviceaccount");
subjects.add(subject);
RoleRef roleRef = new RoleRef();
roleRef.setName("FunTester-role");
roleRef.setKind("Role");
roleRef.setApiGroup("rbac.authorization.k8s.io");
RoleBinding roleBindingToCreate = new RoleBindingBuilder()
.withNewMetadata().withName("FunTester-rolebinding").withNamespace("default").endMetadata()
.addAllToSubjects(subjects)
.withRoleRef(roleRef)
.build();
RoleBinding roleBinding = client.rbac().roleBindings().resource(roleBindingToCreate).create();
RoleBinding
:RoleBinding roleBinding = client.rbac().roleBindings().inNamespace("default").withName("FunTester-rolebinding").get();
RoleBinding
对象:RoleBindingList roleBindingList = client.rbac().roleBindings().inNamespace("default").list();
RoleBinding
对象:RoleBindingList roleBindingList = client.rbac().roleBindings().inNamespace("default").withLabel("FunTester-key", "FunTester-value").list();
RoleBinding
对象:client.rbac().roleBindings().inNamespace("default").withName("FunTester-rolebinding").delete();
FunTester 原创精华
【免费合集】从 Java 开始性能测试
故障测试与 Web 前端
服务端功能测试
性能测试专题
Java、Groovy、Go
测试开发、自动化、白盒
测试理论、FunTester 风采
视频专题