CertificateSigningRequest (CSR) 是 Kubernetes 中用于请求集群证书颁发机构(CA)签发证书的对象,通常用于为节点或用户申请 TLS 证书。
Kubernetes 客户端提供了对 CertificateSigningRequest
的支持,允许你创建、批准或拒绝 CSR。
CertificateSigningRequest
:try (KubernetesClient client = new KubernetesClientBuilder().build()) {
CertificateSigningRequest csr = new CertificateSigningRequestBuilder()
.withNewMetadata().withName("test-k8s-csr").endMetadata()
.withNewSpec()
.addNewGroup("system:authenticated")
.withRequest("LS VE9PQotL BSRVFVRVNULS0tLS0K")
.addNewUsage("FunTesterclient auth")
.endSpec()
.build();
client.certificates().v1().certificateSigningRequests().resource(csr).create();
}
CertificateSigningRequest
:CertificateSigningRequestCondition csrCondition = new CertificateSigningRequestConditionBuilder()
.withType("Approved")
.withStatus("True")
.withReason("Approved ViaRESTApi")
.withMessage("Approved by REST API /approval endpoint.")
.build();
client.certificates().v1().certificateSigningRequests().withName("test-k8s-csr").approve(csrCondition);
CertificateSigningRequest
:CertificateSigningRequestCondition csrCondition = new CertificateSigningRequestConditionBuilder()
.withType("Denied")
.withStatus("True")
.withReason("Denied ViaRESTApi")
.withMessage("Denied by REST API /approval endpoint.")
.build();
client.certificates().v1().certificateSigningRequests().withName("test-k8s-csr").deny(csrCondition);
SharedInformers 是 Kubernetes 客户端库(client-go)中的一种机制,用于高效地监听和缓存资源对象的变更,减少对 API Server 的请求压力,提升性能。
Kubernetes 客户端提供了 SharedInformer
支持,用于监听 Kubernetes 资源的变化。
SharedInformerFactory
:SharedInformerFactory sharedInformerFactory = client.informers();
SharedIndexInformer
监听 Pod 资源:SharedIndexInformer<Pod> podInformer = sharedInformerFactory.sharedIndexInformerFor(Pod.class, 30 * 1000L);
podInformer.addEventHandler(new ResourceEventHandler<Pod>() {
@Override
public void onAdd(Pod pod) {
logger.info("{} pod added", pod.getMetadata().getName());
}
@Override
public void onUpdate(Pod oldPod, Pod newPod) {
logger.info("{} pod updated", oldPod.getMetadata().getName());
}
@Override
public void onDelete(Pod pod, boolean deletedFinalStateUnknown) {
logger.info("{} pod deleted", pod.getMetadata().getName());
}
});
sharedInformerFactory.startAllRegisteredInformers();
sharedInformerFactory.stopAllRegisteredInformers();
SharedIndexInformer
:SharedIndexInformer<Pod> podInformer = client.pods().inNamespace("default").inform(new ResourceEventHandler<>() {
@Override
public void onAdd(Pod pod) {
logger.info("Pod " + pod.getMetadata().getName() + " got added");
}
@Override
public void onUpdate(Pod oldPod, Pod newPod) {
logger.info("Pod " + oldPod.getMetadata().getName() + " got updated");
}
@Override
public void onDelete(Pod pod, boolean deletedFinalStateUnknown) {
logger.info("Pod " + pod.getMetadata().getName() + " got deleted");
}
}, 30 * 1000L);
Kubernetes 客户端提供了多种选项来列出资源。
PodList podList = client.pods().inNamespace("FunTester").list(new ListOptionsBuilder().withLimit(5L).build());
podList = client.pods().inNamespace("FunTester").list(new ListOptionsBuilder().withLimit(5L)
.withContinue(podList.getMetadata().getContinue())
.build());
PodList podList = client.pods().inNamespace("FunTester").withLabel("foo", "bar").list();
ListOptions
列出资源:PodList podList = client.pods().inNamespace("FunTester").list(new ListOptionsBuilder()
.withLimit(1L)
.withContinue(null)
.build());
Kubernetes 客户端提供了删除资源及其依赖项的方法。
client.apps().deployments().inNamespace("default").withName("nginx-deploy").cascading(true).delete();
client.apps().deployments().inNamespace("FunTester").withName("mydeployment").withPropagationPolicy(DeletionPropagation.FOREGROUND).withGracePeriod(10).delete();
Kubernetes 客户端提供了多种方式来使用 Watch
。
ListOptions
进行观察:client.pods().watch(new ListOptionsBuilder().withTimeoutSeconds(30L).build(), new Watcher<>() {
@Override
public void eventReceived(Action action, Pod resource) { }
@Override
public void onClose(WatcherException cause) { }
});
client.pods().inNamespace("FunTester").withName("foo").inContainer("container1").getLog();
client.pods().inNamespace("FunTester").withName("foo").tailingLines(10).getLog();
Pod myPod;
String myPodAsYaml = Serialization.asYaml(myPod);
Pod
:try (KubernetesClient client = new KubernetesClientBuilder().build()) {
client.run().inNamespace("default")
.withName("FunTester")
.withImage("FunTester/FunTester:3.12.9")
.done();
}
DeploymentConfig dc = client.deploymentConfigs().inNamespace("FunTester").resource(dcToCreate).serverSideApply();
DeploymentConfig dc = client.deploymentConfigs().inNamespace("FunTester").resource(dcToCreate).forceConflicts().serverSideApply();
通过这些 API,你可以灵活地管理和操作 Kubernetes 集群中的各种资源,无论是内置资源还是自定义资源。
通过合理运用这些 API 和最佳实践,开发者可以构建出高效、可靠的 Kubernetes 管理应用,满足企业级容器平台的管理需求。
FunTester 原创精华
【免费合集】从 Java 开始性能测试
故障测试与 Web 前端
服务端功能测试
性能测试专题
Java、Groovy、Go
测试开发、自动化、白盒
测试理论、FunTester 风采
视频专题