如何使用kubernetes-python客户端从EKS集群获取所有守护进程信息?

bz4sfanl  于 12个月前  发布在  Kubernetes
关注(0)|答案(1)|浏览(128)

使用Kubernetes-python客户端,我需要EKS集群中特定命名空间的所有daemon-set信息(如ip和port等)。
下面代码的问题是,它挂起了很多分钟,不打印任何错误或信息。

from __future__ import print_function
import os
import sys

import boto3
import base64
import tempfile
import subprocess
from pprint import pprint
from kubernetes import client, config
from kubernetes.client.rest import ApiException

os.environ['AWS_DEFAULT_REGION'] = "us-east-2"
boto3.setup_default_session(region_name="us-east-2")

boto3_session = boto3.Session(profile_name='abc_xyz_eks_prod_dev')
aws_credentials = boto3_session.get_credentials()

# setting creds as environment variables
os.environ['AWS_ACCESS_KEY_ID'] = aws_credentials.access_key
os.environ['AWS_SECRET_ACCESS_KEY'] = aws_credentials.secret_key
os.environ['AWS_SESSION_TOKEN'] = aws_credentials.token

cluster_name = 'abc-xyz-uat01-eks'

def get_eks_token(cluster_name_in: str) -> str:
    get_token_cmd = f"aws eks get-token --cluster-name='{cluster_name_in}'"
    token_raw_output = subprocess.getstatusoutput(get_token_cmd)
    # print(token_raw_output)
    token_kind = eval(token_raw_output[1])
    eks_token_out = token_kind['status']['token']
    return eks_token_out

def write_cafile_local(data: str):
    file_full_path = os.getcwd() + os.sep + 'ca.cert'
    with open(file_full_path, 'wb') as tf:
        cadata_b64 = data
        cadata = base64.b64decode(cadata_b64)
        tf.write(cadata)
    return file_full_path

cluster_token = get_eks_token(cluster_name)

# eks boto3 client
eks_client = boto3.client('eks')
cluster_details = eks_client.describe_cluster(name=cluster_name)['cluster']
cluster_ca_file = write_cafile_local(cluster_details['certificateAuthority']['data'])
print('ca_file full path -', cluster_ca_file)

# make configuration
kube_client_config = client.configuration.Configuration()
kube_client_config.host = cluster_details['endpoint'] + ":443"
kube_client_config.verify_ssl = True
kube_client_config.ssl_ca_cert = cluster_ca_file
kube_client_config.assert_hostname = True
kube_client_config.api_key_prefix['authorization'] = 'Bearer'
kube_client_config.api_key['authorization'] = cluster_token

config.load_kube_config()

k8_api_client = client.ApiClient(kube_client_config)

k8_app_client = client.AppsV1Api(api_client=k8_api_client)

try:
    api_response = k8_app_client.list_namespaced_daemon_set(namespace="logging", pretty=True, watch=False)
    pprint(api_response)
except ApiException as e:
    print("Exception when calling AppsV1Api->list_namespaced_daemon_set: %s\n" % e)

字符串

5kgi1eie

5kgi1eie1#

我认为您的Lambda execution role缺少所需的权限。
应该是这样的:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "eks:ListClusters",
        "eks:DescribeCluster"
      ],
      "Resource": "*"
    }
  ]
}

字符串

相关问题