先說(shuō)CloudFoundry的命令行工具CLI。我們?cè)贑loudFoundry環(huán)境下工作，第一個(gè)使用的命令就是cf login。

如果在環(huán)境變量里維護(hù)CF_TRACE的值為true：

則我們能發(fā)現(xiàn)，諸如cf login這種命令，實(shí)際上也是通過(guò)消費(fèi)Restful API來(lái)完成的。

下圖是cf login這個(gè)命令的api endpoint請(qǐng)求細(xì)節(jié)，供大家參考：

API endpoint: https://api.cf.eu10.hana.

REQUEST: [2018-09-21T14:50:57+08:00]

GET /v2/info HTTP/1.1

Host: api.cf.eu10.hana.

Accept: application/json

Content-Type: application/json

User-Agent: go-cli 6.36.1+e3799ad7e.2018-04-04 / windows

RESPONSE: [2018-09-21T14:50:59+08:00]

HTTP/1.1 200 OK

Connection: close

Content-Length: 550

Content-Type: application/json;charset=utf-8

Date: Fri, 21 Sep 2018 06:50:58 GMT

Server: nginx

X-Content-Type-Options: nosniff

X-Vcap-Request-Id: abf32f52-294a-41f5-5919-be948d78f0dd::a32b17bb-da82-4d45-930f-f0344c8a83b3

{"name":"","build":"","support":"","version":0,"description":"Cloud Foundry at SAP Cloud Platform","authorization_endpoint":"https://login.cf.eu10.hana.","token_endpoint":"[PRIVATE DATA HIDDEN]","min_cli_version":null,"min_recommended_cli_version":null,"api_version":"2.115.0","app_ssh_endpoint":"ssh.cf.eu10.hana.:2222","app_ssh_host_key_fingerprint":"f3:12:47:b5:3a:19:6e:6c:4e:9d:90:2e:6f:8e:87:cc","app_ssh_oauth_client":"ssh-proxy","doppler_logging_endpoint":"wss://doppler.cf.eu10.hana.:443"}

REQUEST: [2018-09-21T14:50:59+08:00]

GET /login HTTP/1.1

Host: login.cf.eu10.hana.

Accept: application/json

Content-Type: application/json

User-Agent: go-cli 6.36.1+e3799ad7e.2018-04-04 / windows

API響應(yīng)結(jié)果：

RESPONSE: [2018-09-21T14:51:00+08:00]

HTTP/1.1 200 OK

Connection: close

Content-Length: 551

Cache-Control: no-store

Content-Language: en-US

Content-Type: application/json;charset=UTF-8

Date: Fri, 21 Sep 2018 06:50:59 GMT

Set-Cookie: X-Uaa-Csrf=8uoxBvyG8QCwo29efrrZNh; Max-Age=86400; Expires=Sat, 22-Sep-2018 06:51:00 GMT; Path=/; Secure; HttpOnly

Strict-Transport-Security: max-age=31536000 ; includeSubDomains

X-Content-Type-Options: nosniff

X-Frame-Options: DENY

X-Vcap-Request-Id: f6b29d8f-f78e-4c5e-61f3-5c9d906828ed

X-Xss-Protection: 1; mode=block

{"app":{"version":"4.19.0"},"links":{"uaa":"https://uaa.cf.eu10.hana.","passwd":"https://accounts./ui/createForgottenPasswordMail?spName=cf.eu10.hana.","login":"https://login.cf.eu10.hana.","register":"https://accounts./ui/public/showRegisterForm?spName=cf.eu10.hana."},"zone_name":"uaa","entityID":"login.cf.eu10.hana.","commit_id":"7897100","idpDefinitions":{},"prompts":{"username":["text","Email"],"password":["password","Password"]},"timestamp":"2018-06-13T12:02:09-0700"}

Email>

再看Kubernetes。我們用的很多的命令：

kubectl get pods，返回pods列表。

CloudFoundry命令行和Kubernetes命令行的Restful API消費(fèi)方式

而用命令行

kubectl --v=8 get pods

則發(fā)現(xiàn)，get pods這個(gè)命令實(shí)際上也是發(fā)請(qǐng)求發(fā)往Kubernetes的API server：

https://<ip>:6443/api/v1/namespaces/default/pods?limit=500

API請(qǐng)求明細(xì)如下：

API server是Kubernetes最重要的核心組件之一：

1. 提供集群管理的REST API接口，包括認(rèn)證授權(quán)、數(shù)據(jù)校驗(yàn)以及集群狀態(tài)變更等

2. 提供其他模塊之間的數(shù)據(jù)交互和通信的樞紐（其他模塊通過(guò)API Server查詢(xún)或修改

數(shù)據(jù)，只有API Server才直接操作etcd）

kube-apiserver支持同時(shí)提供https（默認(rèn)監(jiān)聽(tīng)在6443端口）和http API（默認(rèn)監(jiān)聽(tīng)在

127.0.0.1的8080端口），其中http API是非安全接口，不做任何認(rèn)證授權(quán)機(jī)制，不建議

生產(chǎn)環(huán)境啟用。兩個(gè)接口提供的REST API格式相同，參考Kubernetes API Reference查

看所有API的調(diào)用格式。

在實(shí)際使用中，通常通過(guò)kubectl來(lái)訪(fǎng)問(wèn)apiserver，也可以通過(guò)Kubernetes各個(gè)語(yǔ)言的

client庫(kù)來(lái)訪(fǎng)問(wèn)apiserver。

比如上面get pods命令對(duì)應(yīng)的API的文檔：

https:///docs/reference/generated/kubernetes-api/v1.10/#list-62

要獲取更多Jerry的原創(chuàng)文章，請(qǐng)關(guān)注公眾號(hào)"汪子熙":