-
배워서 남주자 : kube-apiserver혼자서 공부하기/DevOps 2023. 5. 12. 22:24728x90반응형SMALL
kube-apiserver
- 쿠버네티스 API를 제공하는 핵심 구성요소
- 쿠버네티스 프론트엔드 클러스터로 온 요청의 유효성을 검증
- 다른 컴포넌트간 통신을 중재
- kubectl 유틸리티가 접근하는 주체
k get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system coredns-787d4945fb-s49bk 1/1 Running 0 24m kube-system etcd-minikube 1/1 Running 0 24m kube-system kube-apiserver-minikube 1/1 Running 0 24m kube-system kube-controller-manager-minikube 1/1 Running 0 24m kube-system kube-proxy-qtxgx 1/1 Running 0 24m kube-system kube-scheduler-minikube 1/1 Running 0 24m kube-system storage-provisioner 1/1 Running 0 24mk describe pod kube-apiserver-minikube -n kube-systemName: kube-apiserver-minikube Namespace: kube-system Priority: 2000001000 Priority Class Name: system-node-critical Node: minikube/192.168.49.2 Start Time: Fri, 12 May 2023 00:29:22 +0900 Labels: component=kube-apiserver tier=control-plane Annotations: kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: 192.168.49.2:8443 kubernetes.io/config.hash: cdcbce216c62c4407ac9a51ac013e7d7 kubernetes.io/config.mirror: cdcbce216c62c4407ac9a51ac013e7d7 kubernetes.io/config.seen: 2023-05-11T15:29:13.110191226Z kubernetes.io/config.source: file Status: Running IP: 192.168.49.2 IPs: IP: 192.168.49.2 Controlled By: Node/minikube Containers: kube-apiserver: Container ID: docker://36654d15be70b16bd8ee1013fd3b0cb932d5da75ac43e808f84408d5f4008e4e Image: registry.k8s.io/kube-apiserver:v1.26.3 Image ID: docker-pullable://registry.k8s.io/kube-apiserver@sha256:b8dda58b0c680898b6ab7fdbd035a75065d3607a70c3c4986bc1d8cfba5f0ec8 Port: <none> Host Port: <none> Command: kube-apiserver --advertise-address=192.168.49.2 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/var/lib/minikube/certs/ca.crt --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota --enable-bootstrap-token-auth=true --etcd-cafile=/var/lib/minikube/certs/etcd/ca.crt --etcd-certfile=/var/lib/minikube/certs/apiserver-etcd-client.crt --etcd-keyfile=/var/lib/minikube/certs/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379 --kubelet-client-certificate=/var/lib/minikube/certs/apiserver-kubelet-client.crt --kubelet-client-key=/var/lib/minikube/certs/apiserver-kubelet-client.key --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --proxy-client-cert-file=/var/lib/minikube/certs/front-proxy-client.crt --proxy-client-key-file=/var/lib/minikube/certs/front-proxy-client.key --requestheader-allowed-names=front-proxy-client --requestheader-client-ca-file=/var/lib/minikube/certs/front-proxy-ca.crt --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User --secure-port=8443 --service-account-issuer=https://kubernetes.default.svc.cluster.local --service-account-key-file=/var/lib/minikube/certs/sa.pub --service-account-signing-key-file=/var/lib/minikube/certs/sa.key --service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/var/lib/minikube/certs/apiserver.crt --tls-private-key-file=/var/lib/minikube/certs/apiserver.key State: Running Started: Fri, 12 May 2023 00:29:14 +0900 Ready: True Restart Count: 0 Requests: cpu: 250m Liveness: http-get https://192.168.49.2:8443/livez delay=10s timeout=15s period=10s #success=1 #failure=8 Readiness: http-get https://192.168.49.2:8443/readyz delay=0s timeout=15s period=1s #success=1 #failure=3 Startup: http-get https://192.168.49.2:8443/livez delay=10s timeout=15s period=10s #success=1 #failure=24 Environment: <none> Mounts: /etc/ca-certificates from etc-ca-certificates (ro) /etc/ssl/certs from ca-certs (ro) /usr/local/share/ca-certificates from usr-local-share-ca-certificates (ro) /usr/share/ca-certificates from usr-share-ca-certificates (ro) /var/lib/minikube/certs from k8s-certs (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: ca-certs: Type: HostPath (bare host directory volume) Path: /etc/ssl/certs HostPathType: DirectoryOrCreate etc-ca-certificates: Type: HostPath (bare host directory volume) Path: /etc/ca-certificates HostPathType: DirectoryOrCreate k8s-certs: Type: HostPath (bare host directory volume) Path: /var/lib/minikube/certs HostPathType: DirectoryOrCreate usr-local-share-ca-certificates: Type: HostPath (bare host directory volume) Path: /usr/local/share/ca-certificates HostPathType: DirectoryOrCreate usr-share-ca-certificates: Type: HostPath (bare host directory volume) Path: /usr/share/ca-certificates HostPathType: DirectoryOrCreate QoS Class: Burstable Node-Selectors: <none> Tolerations: :NoExecute op=Exists Events: <none>mini-kube에서는 kube-apiserver의 포는 8443 으로 지정되어 있음
이외에도 kube-apiserver는 대부분 다른 컴포넌트들과 통신을 하면서 중재를 하는 역할을 하기 때문에 어떻게 보면 쿠버네티스의 선장 역학을 api-server가 한다고 볼수 있다.
api-server는 쿠버네티스의 프론트엔드로써 클러스터로 온 요청이 유효한지 검증하고 api-server로 부터 다른 컴포넌트들로 필요한 정보들을 주고받을수 있도록 하는 핵심적인 역할을 함.
728x90반응형LIST'혼자서 공부하기 > DevOps' 카테고리의 다른 글
배워서 남주자 시리즈 : kube-scheduler (0) 2023.05.13 배워서 남주자 시리즈 : 쿠버네티스 3 (0) 2023.05.12 배워서 남주자 시리즈 : Kubernetes 구축 (0) 2023.05.12 배워서남주자시리즈 : Kubernetes (k8s) 구조 (0) 2023.05.11 Ubuntu 22.04 + Jenkins (2.397+) 설치 (0) 2023.05.06