How do I programmatically connect to an AKS(Azure kubernetes service) cluster and create a K8 clientset in Golang?

huangapple go评论81阅读模式
英文:

How do I programmatically connect to an AKS(Azure kubernetes service) cluster and create a K8 clientset in Golang?

问题

我正在尝试使用Golang以编程方式获取AKS集群中的所有命名空间。为此,我需要为该特定的AKS集群创建一个Kubernetes clientset,以便我可以按如下方式列出命名空间:

k8ClientSet.CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{})

由于我需要从集群外部执行此操作,因此无法使用kube-config,并且我也无法使用Kubelogin exec插件,因为它需要在主机系统上安装,这是不可能的。即使是Azure auth插件也已被弃用。

我尝试使用Azure auth插件,尽管它已被弃用,但它还需要在Azure AD上创建一个apiserver应用注册,这对我来说不是一个理想的解决方案。

目前,我正在尝试使用Azure提供的此API-https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/run-command?tabs=HTTP,我认为这不是最佳方法,但这是我目前所拥有的。

如果可能的话,请帮助解决这个问题并分享代码示例。

英文:

I am trying to fetch all the namespaces present in an AKS cluster programmatically using Golang for which I need to create a Kubernetes clientset for that particular AKS cluster, so that I can list the namespace as follows:

k8ClientSet.CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{})

I will need to this from outside the cluster so kube-config cannot be used and I will not be able to use the Kubelogin exec plugin since it requires it to be installed on the host system which is not possible. Even, the azure auth plugin has been deprecated.

I tried using the Azure auth plugin although it has been deprecated but it also required creating an apiserver app registration on host Azure AD which is not an ideal solution for me.

As of now, I am trying to use this API provided by Azure - https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/run-command?tabs=HTTP which I do not think is the best approach, but that's all I have got so far.

Pls help with the issue and share code sample, if possible.

答案1

得分: 0

我从Azure QnA论坛上得到了这个解决方案,并且它有效!

import (
    "context"
    "fmt"
    "os"

    "github.com/Azure/azure-sdk-for-go/profiles/latest/containerservice/mgmt/containerservice"
    "github.com/Azure/go-autorest/autorest"
    "github.com/Azure/go-autorest/autorest/azure/auth"
    "k8s.io/client-go/kubernetes"
    "k8s.io/client-go/rest"
)

func main() {
    // 使用Azure Active Directory身份验证获取AKS集群凭据
    authorizer, err := auth.NewAuthorizerFromEnvironment()
    if err != nil {
        panic(err.Error())
    }
    subscriptionID := "<your-subscription-id>"
    resourceGroupName := "<your-resource-group-name>"
    clusterName := "<your-aks-cluster-name>"
    client := containerservice.NewManagedClustersClient(subscriptionID)
    client.Authorizer = authorizer
    credentials, err := client.ListClusterAdminCredentials(context.Background(), resourceGroupName, clusterName)
    if err != nil {
        panic(err.Error())
    }
    kubeconfig := string(credentials.Kubeconfigs[0].Value)

    // 创建一个Kubernetes clientset
    config, err := rest.InClusterConfig()
    if err != nil {
        config, err = clientcmd.NewClientConfigFromBytes([]byte(kubeconfig)).ClientConfig()
        if err != nil {
            panic(err.Error())
        }
    }
    clientset, err := kubernetes.NewForConfig(config)
    if err != nil {
        panic(err.Error())
    }

    // 列出AKS集群中的所有命名空间
    namespaces, err := clientset.CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{})
    if err != nil {
        panic(err.Error())
    }

    // 打印每个命名空间的名称
    for _, ns := range namespaces.Items {
        fmt.Println(ns.Name)
    }
}

我不得不做一些修改,例如,我使用了azidentity进行身份验证,因为azure-sdk-for-go/profiles/latest/containerservice/mgmt/containerservice已被弃用,我不得不使用azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2代替。

英文:

I got this solution from Azure QnA forum and it worked!

import (
&quot;context&quot;
&quot;fmt&quot;
&quot;os&quot;
&quot;github.com/Azure/azure-sdk-for-go/profiles/latest/containerservice/mgmt/containerservice&quot;
&quot;github.com/Azure/go-autorest/autorest&quot;
&quot;github.com/Azure/go-autorest/autorest/azure/auth&quot;
&quot;k8s.io/client-go/kubernetes&quot;
&quot;k8s.io/client-go/rest&quot;
)
func main() {
// Get the AKS cluster credentials using Azure Active Directory authentication
authorizer, err := auth.NewAuthorizerFromEnvironment()
if err != nil {
panic(err.Error())
}
subscriptionID := &quot;&lt;your-subscription-id&gt;&quot;
resourceGroupName := &quot;&lt;your-resource-group-name&gt;&quot;
clusterName := &quot;&lt;your-aks-cluster-name&gt;&quot;
client := containerservice.NewManagedClustersClient(subscriptionID)
client.Authorizer = authorizer
credentials, err := client.ListClusterAdminCredentials(context.Background(), resourceGroupName, clusterName)
if err != nil {
panic(err.Error())
}
kubeconfig := string(credentials.Kubeconfigs[0].Value)
// Create a Kubernetes clientset
config, err := rest.InClusterConfig()
if err != nil {
config, err = clientcmd.NewClientConfigFromBytes([]byte(kubeconfig)).ClientConfig()
if err != nil {
panic(err.Error())
}
}
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
panic(err.Error())
}
// &lt;span class=&quot; active-doc-0&quot; data-doc-items=&quot;0&quot;&gt;List all the namespaces present in the AKS cluster[1](#doc-pos=0)&lt;/span&gt;
namespaces, err := clientset.CoreV1().Namespaces().List(context.Background(), metav1.ListOptions{})
if err != nil {
panic(err.Error())
}
// Print the name of each namespace
for _, ns := range namespaces.Items {
fmt.Println(ns.Name)
}
}

I had to make a few modifications like instead of auth, I used azidentity for authentication and since azure-sdk-for-go/profiles/latest/containerservice/mgmt/containerservice has been deprecated, I had to use azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 instead.

huangapple
  • 本文由 发表于 2023年5月10日 16:28:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/76216366.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定