golang kubeclient使用kubeconfig访问k3s集群
k3s相关文件在/var/lib/rancher/k3s,先赋予当前用户文件夹权限
sudo chown -R ${USER} /var/lib/rancher/k3s/server
证书位于/var/lib/rancher/k3s/server/tls
kubeconfig位于/var/lib/rancher/k3s/server/cred
# 查看admin的config,admin有k3s所有权限
cat admin.kubeconfig
apiVersion: v1
clusters:
- cluster:
server: https://127.0.0.1:6444
certificate-authority: /var/lib/rancher/k3s/server/tls/server-ca.crt
name: local
contexts:
- context:
cluster: local
namespace: default
user: user
name: Default
current-context: Default
kind: Config
preferences: {}
users:
- name: user
user:
client-certificate: /var/lib/rancher/k3s/server/tls/client-admin.crt
client-key: /var/lib/rancher/k3s/server/tls/client-admin.key
使用admin.kubeconfig
package client
import (
"context"
"fmt"
"testing"
apiv1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/client-go/dynamic"
"k8s.io/client-go/tools/clientcmd"
)
func TestGetPods(t *testing.T) {
config, err := clientcmd.BuildConfigFromFlags("", "/var/lib/rancher/k3s/server/cred/admin.kubeconfig")
if err != nil {
fmt.Println(err.Error())
return
}
dyCli := dynamic.NewForConfigOrDie(config)
gvr := schema.GroupVersionResource{
Version: "v1",
Resource: "pods",
}
deploys, err := dyCli.Resource(gvr).Namespace("kube-system").List(context.Background(), metav1.ListOptions{})
if err != nil {
t.Fatal(err)
}
podList := &apiv1.PodList{}
err = runtime.DefaultUnstructuredConverter.FromUnstructured(deploys.UnstructuredContent(), podList)
if err != nil {
panic(err.Error())
}
for _, d := range podList.Items {
fmt.Printf("%v\t %v\t %v\n",
d.Namespace,
d.Status.Phase,
d.Name)
}
}
kube-system Running coredns-5cfbb9f57c-vf9qv
kube-system Running local-path-provisioner-5f8bbd68f9-jfltk
kube-system Succeeded helm-install-traefik-crd-6h7mw
kube-system Succeeded helm-install-traefik-pd7z7
kube-system Running metrics-server-65cd754bcd-ptgw6
kube-system Running svclb-traefik-77dc77a3-2sg7q
kube-system Running traefik-5cd8994cdd-h5rlx