Demo for defining custom resouces in kubernetes.
Referring to official doc - Extending Kubernetes
There could be 2 options:
- CRDs
- API Aggregation
As official claimed:
Aggregated APIs are subordinate API servers that sit behind the primary API server, which acts as a proxy. This arrangement is called API Aggregation (AA). To users, the Kubernetes API appears extended.
CRDs allow users to create new types of resources without adding another API server. You do not need to understand API Aggregation to use CRDs.
Each of them should shows its flexibility and robus at some level.
In this demo project, we will try to explore both of them.
The mTLS is enabled on Kubernetes api-server. There are 2 certificate and 1 key file needed:
- CA certificate belonging to the CA that signed the server’s certificate
- Client certificate
- Client private key
We could find these information in the ${HOME}/.kube/config, in which these information are encoded with Base64.
For example,
- CA cert ->
.clusters[0].cluster.certificate-authority-data - Client cert ->
.users[0].user.client-certificate-data - Client private key ->
.users[0].user.client-key-data
You can use yq and base64 to decode it, i.e.:
yq e '.users[0].user.client-certificate-data' ~/.kube/config | base64 -d > client.crtAfter then, you can send watch request to the target kubernetes api-server by:
curl -i --cacert ca.crt --key client.key --cert client.crt https://localhost:6443/api/v1/watch/pods\?watch\=yesWith response:
HTTP/2 200
cache-control: no-cache, private
content-type: application/json
date: Wed, 23 Jun 2021 09:16:17 GMTMore details: