Kubernetes API_云容器实例 CCI_API参考_华为云

(1)

API 参考

文档版本 01

发布日期 2022-02-10

(2)

播。

商标声明

和其他华为商标均为华为技术有限公司的商标。

本文档提及的其他所有商标或注册商标，由各自的所有人拥有。

注意

您购买的产品、服务或特性等应受华为公司商业合同和条款的约束，本文档中描述的全部或部分产品、服务或特性可能不在您的购买或使用范围之内。除非合同另有约定，华为公司对本文档内容不做任何明示或暗示的声明或保证。

由于产品版本升级或其他原因，本文档内容会不定期进行更新。除非另有约定，本文档仅作为使用指导，本文档中的所有陈述、信息和建议不构成任何明示或暗示的担保。

(3)

1 ^{使用前必读}

1.1 概述

欢迎使用云容器实例（Cloud Container Instance）。云容器实例提供 Serverless Container（无服务器容器）引擎，让您无需创建和管理服务器集群即可直接运行容器。

您可以使用本文档提供API对云容器实例进行相关操作，如创建、删除、变更规格等。

在调用云容器实例API之前，请确保已经充分了解云容器实例相关概念，并对 Kubernetes基本概念与知识有一定了解，详细信息请参见产品介绍。

1.2 调用说明

云容器实例提供了REST（Representational State Transfer）风格API，支持您通过 HTTPS请求调用，调用方法请参见如何调用API。

1.3 终端节点

终端节点（Endpoint）即调用API的请求地址，不同服务不同区域的终端节点不同，您可以从地区和终端节点中查询所有服务的终端节点。

1.4 约束与限制

● 您能创建的云容器实例资源的数量与配额有关系，具体请参见服务配额。如果您

需要扩大配额，请参见如何申请扩大配额。

● 更详细的限制请参见具体API的说明。

1.5 基本概念

● 帐号

用户注册时的帐号，帐号对其所拥有的资源及云服务具有完全的访问权限，可以重置用户密码、分配用户权限等。由于帐号是付费主体，为了确保帐号安全，建

(10)

理工作。

● 用户

由帐号在IAM中创建的用户，是云服务的使用人员，具有身份凭证（密码和访问密钥）。

在我的凭证下，您可以查看帐号ID和用户ID。通常在调用API的鉴权过程中，您需要用到帐号、用户和密码等信息。

● 区域（Region）

从地理位置和网络时延维度划分，同一个Region内共享弹性计算、块存储、对象存储、VPC网络、弹性公网IP、镜像等公共服务。Region分为通用Region和专属 Region，通用Region指面向公共租户提供通用云服务的Region；专属Region指只承载同一类业务或只面向特定租户提供业务服务的专用Region。

详情请参见区域和可用区。

● 可用区（AZ，Availability Zone）

一个AZ是一个或多个物理数据中心的集合，有独立的风火水电，AZ内逻辑上再将计算、网络、存储等资源划分成多个集群。一个Region中的多个AZ间通过高速光纤相连，以满足用户跨AZ构建高可用性系统的需求。

● 项目

区域默认对应一个项目，这个项目由系统预置，用来隔离物理区域间的资源（计算资源、存储资源和网络资源），以默认项目为单位进行授权，用户可以访问您帐号中该区域的所有资源。如果您希望进行更加精细的权限控制，可以在区域默认的项目中创建子项目，并在子项目中创建资源，然后以子项目为单位进行授权，使得用户仅能访问特定子项目中资源，使得资源的权限控制更加精确。

图1-1 项目隔离模型

● 企业项目

企业项目是项目的升级版，针对企业不同项目间资源的分组和管理，是逻辑隔离。企业项目中可以包含多个区域的资源，且项目中的资源可以迁入迁出。

关于企业项目ID的获取及企业项目特性的详细信息，请参见企业管理服务用户指南。

说明

CCI暂不支持企业子项目。

(11)

1.6 API 版本选择建议

云容器实例提供了Kubernetes API，此版本跟随Kubernetes社区最新版本，且提供了老版本Kubernetes API （OLD VERSIONS）。

建议您使用Kubernetes API，能够更好的满足您的需求。

(12)

2 ^{如何调用 API}

2.1 构造请求

本节介绍如何构造REST API的请求，并以调用IAM服务的获取用户Token说明如何调用API，该API获取用户的Token，Token可以用于调用其他API时鉴权。

您还可以通过这个视频教程了解如何构造请求调用API：https://

bbs.huaweicloud.com/videos/102987

请求 URI

请求URI由如下部分组成。

{URI-scheme} :// {Endpoint} / {resource-path} ? {query-string}

尽管请求URI包含在请求消息头中，但大多数语言或框架都要求您从请求消息中单独传递它，所以在此单独强调。

● URI-scheme：

表示用于传输请求的协议，当前所有API均采用HTTPS协议。

● Endpoint：

指定承载REST服务端点的服务器域名或IP，不同服务不同区域的Endpoint不同，

您可以从地区和终端节点获取。

例如IAM服务在“华北-北京四”区域的Endpoint为“iam.cn- north-4.myhuaweicloud.com”。

● resource-path：

资源路径，也即API访问路径。从具体API的URI模块获取，例如“获取用户 Token”API的resource-path为“/v3/auth/tokens”。

● query-string：

查询参数，是可选部分，并不是每个API都有查询参数。查询参数前面需要带一个

“？”，形式为“参数名=参数取值”，例如“limit=10”，表示查询不超过10条数据。

例如您需要获取IAM在“华北-北京四”区域的Token，则需使用“华北-北京四”区域的Endpoint（iam.cn-north-4.myhuaweicloud.com），并在获取用户Token的URI部分找到resource-path（/v3/auth/tokens），拼接起来如下所示。

(13)

https://iam.cn-north-4.myhuaweicloud.com/v3/auth/tokens

图2-1 URI 示意图

说明

为查看方便，在每个具体API的URI部分，只给出resource-path部分，并将请求方法写在一起。

这是因为URI-scheme都是HTTPS，同一个服务的Endpoint在同一个区域也相同，所以简洁起见将这两部分省略。

请求方法

HTTP请求方法（也称为操作或动词），它告诉服务你正在请求什么类型的操作。

● GET：请求服务器返回指定资源。

● PUT：请求服务器更新指定资源。

● POST：请求服务器新增资源或执行特殊操作。

● DELETE：请求服务器删除指定资源，如删除对象等。

● HEAD：请求服务器资源头部。

● PATCH：请求服务器更新资源的部分内容。当资源不存在的时候，PATCH可能会

去创建一个新的资源。

在获取用户Token的URI部分，您可以看到其请求方法为“POST”，则其请求为：

POST https://iam.cn-north-4.myhuaweicloud.com/v3/auth/tokens

请求消息头

附加请求头字段，如指定的URI和HTTP方法所要求的字段。例如定义消息体类型的请求头“Content-Type”，请求鉴权信息等。

如下公共消息头需要添加到请求中。

● Content-Type：消息体的类型（格式），必选，默认取值为“application/

json”，有其他取值时会在具体接口中专门说明。

● X-Auth-Token：用户Token，可选，当使用Token方式认证时，必须填充该字

段。用户Token也就是调用获取用户Token接口的响应值，该接口是唯一不需要认证的接口。

说明

API同时支持使用AK/SK认证，AK/SK认证是使用SDK对请求进行签名，签名过程会自动往请求中添加Authorization（签名认证信息）和X-Sdk-Date（请求发送的时间）请求头。

AK/SK认证的详细说明请参见AK/SK认证。

对于获取用户Token接口，由于不需要认证，所以只添加“Content-Type”即可，添加消息头后的请求如下所示。

(14)

请求消息体

请求消息体通常以结构化格式发出，与请求消息头中Content-type对应，传递除请求消息头之外的内容。若请求消息体中参数支持中文，则中文字符必须为UTF-8编码。

每个接口的请求消息体内容不同，也并不是每个接口都需要有请求消息体（或者说消息体为空），GET、DELETE操作类型的接口就不需要消息体，消息体具体内容需要根据具体接口而定。

对于获取用户Token接口，您可以从接口的请求部分看到所需的请求参数及参数说明。将消息体加入后的请求如下所示，加粗的斜体字段需要根据实际值填写，其中

username

为用户名，

domainname

为用户所属的帐号帐号名称，

********

为用户登录密码，

xxxxxxxxxxxxxxxxxx

为project的名称，如“cn-north-4”，您可以从地区和终端节点获取，对应地区和终端节点页面的“区域”字段的值。

说明

scope参数定义了Token的作用域，下面示例中获取的Token仅能访问project下的资源。您还可以设置Token作用域为某个帐号下所有资源或帐号的某个project下的资源，详细定义请参见获取用户Token。

POST https://iam.cn-north-4.myhuaweicloud.com/v3/auth/tokens Content-Type: application/json

{ "auth": { "identity": { "methods": [ "password"

],

"password": { "user": {

"name": "username", "password": "********", "domain": {

"name": "domainname"

} } } }, "scope": { "project": {

"name": "xxxxxxxxxxxxxxxxxx"

} } } }

到这里为止这个请求需要的内容就具备齐全了，您可以使用curl、Postman或直接编写代码等方式发送请求调用API。对于获取用户Token接口，返回的响应消息头中“x- subject-token”就是需要获取的用户Token。有了Token之后，您就可以使用Token认证调用其他API。

2.2 认证鉴权

调用接口有如下两种认证方式，您可以选择其中一种进行认证鉴权。

● Token认证：通过Token认证调用请求。

(15)

● AK/SK认证：通过AK（Access Key ID）/SK（Secret Access Key)加密调用请求。

推荐使用AK/SK认证，其安全性比Token认证要高。

Token 认证

说明

Token的有效期为24小时，需要使用一个Token鉴权时，可以先缓存起来，避免频繁调用。

Token在计算机系统中代表令牌（临时）的意思，拥有Token就代表拥有某种权限。

Token认证就是在调用API的时候将Token加到请求消息头，从而通过身份认证，获得操作API的权限。

Token可通过调用获取用户Token接口获取，调用本服务API需要project级别的 Token，即调用获取用户Token接口时，请求body中auth.scope的取值需要选择 project，如下所示。

{ "auth": { "identity": { "methods": [ "password"

],

"password": { "user": {

"name": "username", "password": "********", "domain": {

"name": "domainname"

} } } }, "scope": { "project": {

"name": "xxxxxxxx"

} } } }

获取Token后，再调用其他接口时，您需要在请求消息头中添加“X-Auth-Token”，

其值即为Token。例如Token值为“ABCDEFJ....”，则调用接口时将“X-Auth-Token:

ABCDEFJ....”加到请求消息头即可，如下所示。

POST https://iam.cn-north-4.myhuaweicloud.com/v3/auth/projects Content-Type: application/json

X-Auth-Token: ABCDEFJ....

您还可以通过这个视频教程了解如何使用Token认证：https://

bbs.huaweicloud.com/videos/101333 。

AK/SK 认证

说明

AK/SK签名认证方式仅支持消息体大小12MB以内，12MB以上的请求请使用Token认证。

AK/SK认证就是使用AK/SK对请求进行签名，在请求时将签名信息添加到消息头，从而通过身份认证。

● AK(Access Key ID)：访问密钥ID。与私有访问密钥关联的唯一标识符；访问密钥

ID和私有访问密钥一起使用，对请求进行加密签名。

(16)

可标识发送方，并防止请求被修改。

使用AK/SK认证时，您可以基于签名算法使用AK/SK对请求进行签名，也可以使用专门的签名SDK对请求进行签名。详细的签名方法和SDK使用方法请参见API签名指南。

须知

签名SDK只提供签名功能，与服务提供的SDK不同，使用时请注意。

2.3 返回结果

状态码

请求发送以后，您会收到响应，包含状态码、响应消息头和消息体。

状态码是一组从1xx到5xx的数字代码，状态码表示了请求响应的状态，完整的状态码列表请参见状态码。

对于获取用户Token接口，如果调用后返回状态码为“201”，则表示请求成功。

响应消息头

对应请求消息头，响应同样也有消息头，如“Content-type”。

对于获取用户Token接口，返回如图2-2所示的消息头，其中“x-subject-token”就是需要获取的用户Token。有了Token之后，您就可以使用Token认证调用其他API。

图2-2 获取用户 Token 响应消息头

(17)

响应消息体（可选）

响应消息体通常以结构化格式返回，与响应消息头中Content-type对应，传递除响应消息头之外的内容。

对于获取用户Token接口，返回如下消息体。为篇幅起见，这里只展示部分内容。

{ "token": {

"expires_at": "2019-02-13T06:52:13.855000Z", "methods": [

"password"

],

"catalog": [ {

"endpoints": [ {

"region_id": "xxxxxxxx", ...

当接口调用出错时，会返回错误码及错误信息说明，错误响应的Body体格式如下所示。

{ "error_msg": "The format of message is error", "error_code": "AS.0001"

}

其中，error_code表示错误码，error_msg表示错误描述信息。

(18)

3 ^快速入门

概述

本文通过调用一系列云容器实例的API使用nginx镜像创建一个工作负载，介绍使用云容器实例API的基本流程。

其中，镜像直接使用开源镜像中心的nginx镜像，容器的资源规格为0.25核CPU、

512M内存，并绑定一个负载均衡实例，通过负载均衡实例从外网访问容器负载。

API的调用方法请参见如何调用API。

创建流程

1. 调用创建Namespace接口创建命名空间。

2. 调用创建Network接口创建网络，与VPC和子网关联。

3. 调用创建Deployment接口创建nginx容器负载。

创建 Nginx 负载

步骤1 调用创建Namespace接口创建命名空间，并指定使用GPU型资源。

{ "apiVersion": "v1", "kind": "Namespace", "metadata": {

"name": "namespace-test", "annotations": {

"namespace.kubernetes.io/flavor": "gpu-accelerated"

} }, "spec": { "finalizers": [ "kubernetes"

] } }

您需要指定如下参数。

● name：命名空间的名称。

● namespace.kubernetes.io/flavor：命名空间的类型，当前支持GPU加速型（gpu- accelerated）和通用计算型（general-computing）。GPU加速型命名空间中可 以使用GPU显卡。

(19)

步骤2 调用创建Network接口创建网络，与VPC与子网关联。

{ "apiVersion": "networking.cci.io/v1beta1", "kind": "Network",

"metadata": {

"name": "test-network", "annotations": {

"network.alpha.kubernetes.io/default-security-group": "security-group-id", "network.alpha.kubernetes.io/domain-id": "domain-id",

"network.alpha.kubernetes.io/project-id": "project-id"

} }, "spec": {

"availableZone": "cn-north-4a", "cidr": "192.168.0.0/24", "attachedVPC": "vpc-id", "networkID": "network-id", "subnetID": "subnet-id",

"networkType": "underlay_neutron"

} }

● name：网络对象的名称。

● network.alpha.kubernetes.io/default-security-group：安全组ID，您可以在安全组控制台查看。

● network.alpha.kubernetes.io/domain-id：帐号ID，获取方法请参见获取帐号

ID。

● network.alpha.kubernetes.io/project-id：项目ID，获取方法请参见获取项目ID。

● availableZone：服务所在区域的可用区，您可以在地区与终端节点查询，例如

“cn-north-4a”，表示“华北-北京四”的“可用区一”。

● cidr：网段地址，虚拟私有云下可用子网的范围。

● attachedVPC：命名空间所在VPC（虚拟私有云）的ID，您可以在虚拟私有云控制

台中查询，也可以通过查询VPC列表API查询。

● networkID：VPC内子网的网络ID，您可以在虚拟私有云控制台中查询，也可以通

过查询子网列表API查询。

● subnetID：VPC内子网的ID，您可以在虚拟私有云控制台中查询，也可以通过查

询子网列表API查询。

步骤3 调用创建Deployment接口创建nginx容器负载。

负载名称为nginx，使用开源镜像中心的nginx:latest镜像，容器的资源规格为0.25核 CPU、1G内存。调用接口后，云容器实例会创建一个运行nginx的容器。

{ "apiVersion": "apps/v1", "kind": "Deployment", "metadata": { "name": "nginx"

}, "spec": { "replicas": 1, "selector": { "matchLabels": { "app": "nginx"

} },

"template": { "metadata": {

(20)

} }, "spec": { "containers": [ {

"image": "nginx:latest", "name": "container-0", "resources": { "limits": { "cpu": "250m", "memory": "1Gi"

},

"requests": { "cpu": "250m", "memory": "1Gi"

} } } ],

"imagePullSecrets": [ {

"name": "imagepull-secret"

} ] } } } }

● name：Deployment的名称。

● replicas：Pod的数量，即Deployment下有几个Pod。

● selector.matchLabels：Deployment使用哪些标签选择Pod，例如这里设置的标签 app=nginx，当Pod有这个标签时，就会被Deployment选中管理。

● template：Pod的模板，定义Pod的各种配置和规格。

– metadata.labels：Pod的标签。

– spec.containers：Pod中容器的定义。

▪

image：创建容器使用的镜像。

▪

resources.limits：容器使用资源的大小限制，即容器使用的资源不能超

过这个限制。

▪

resources.requests：容器申请使用资源的大小。

Nginx负载创建完后，您可以在云容器实例控制台查看到负载。

(21)

图3-1 nginx

----结束

(22)

4 ^API

4.1 Network

4.1.1 删除所有 Network

功能介绍

删除指定namespace下的所有Network对象。

调试

您可以在API Explorer中调试该接口。

URI

DELETE /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks

表4-1 路径参数

参数是否必选参数类型描述

namespace 是 String object name and auth scope,

such as for teams and projects

(23)

表4-2 Query 参数

continue 否 String The continue option should be

set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a

configuration change on the server the server will respond with a 410 ResourceExpired error indicating the client must restart their list without the continue field. This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any

modifications.

fieldSelector 否 String A selector to restrict the list of returned objects by their fields. Defaults to everything.

includeUniniti

alized 否 Boolean If true, partially initialized resources are included in the response.

labelSelector 否 String A selector to restrict the list of returned objects by their labels. Defaults to everything.

(24)

limit 否 Integer limit is a maximum number of responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results.

Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all

requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.

The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.

(25)

参数是否必选参数类型描述 resourceVersi

on 否 String When specified with a watch

call, shows changes that occur after that particular version of a resource. Defaults to

changes from the beginning of history. When specified for list:

- if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.

timeoutSecon

ds 否 Integer Timeout for the list/watch call.

This limits the duration of the call, regardless of any activity or inactivity.

watch 否 Boolean Watch for changes to the

described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

pretty 否 String If 'true', then the output is

pretty printed.

请求参数

表4-3 请求 Header 参数

X-Auth-Token 是 String 用户Token。

通过调用IAM服务获取用户 Token接口获取（响应消息头中 X-Subject-Token的值）。

Content-Type 是 String 消息体的类型（格式），默认取

值为“application/json”

缺省值：application/json

响应参数

状态码： 200

(26)

参数参数类型描述

apiVersion String APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/

contributors/devel/api- conventions.md#resources

code Integer Suggested HTTP return code for this status, 0 if not set.

details

io.k8s.apimac hinery.pkg.ap is.meta.v1.St atusDetails_v 3 object

Extended data associated with the reason.

Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.

kind String Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase.

More info: https://git.k8s.io/community/

contributors/devel/api-conventions.md#types- kinds

message String A human-readable description of the status of this operation.

metadata

io.k8s.apimac hinery.pkg.ap is.meta.v1.Lis tMeta_v2

object

Standard list metadata. More info: https://

git.k8s.io/community/contributors/devel/api- conventions.md#types-kinds

reason String A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.

status String Status of the operation. One of: "Success" or

"Failure". More info: https://git.k8s.io/

community/contributors/devel/api- conventions.md#spec-and-status

(27)

表4-5 io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails_v3

causes Array of

io.k8s.apimac hinery.pkg.ap is.meta.v1.St atusCause_v2

objects

The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.

group String The group attribute of the resource associated with the status StatusReason.

kind String The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/

community/contributors/devel/api- conventions.md#types-kinds

name String The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).

retryAfterSeco

nds Integer If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.

uid String UID of the resource. (when there is a single resource which can be described). More info:

http://kubernetes.io/docs/user-guide/

identifiers#uids

表4-6 io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause_v2

field String The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.

Examples: "name" - the field "name" on the current resource "items[0].name" - the field

"name" on the first array entry in "items"

(28)

message String A human-readable description of the cause of the error. This field may be presented as-is to a reader.

reason String A machine-readable description of the cause of the error. If this value is empty there is no information available.

表4-7 io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2

continue String continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a list may not be possible if the server configuration has changed or more than a few minutes have passed. The

resourceVersion field returned when using this continue value will be identical to the value in the first response.

resourceVersi

on String String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only.

contributors/devel/api-

conventions.md#concurrency-control-and- consistency

selfLink String selfLink is a URL representing this object.

Populated by the system. Read-only.

请求示例

无

响应示例

状态码： 200 OK

{ "apiVersion" : "v1",

(29)

"code" : 200, "kind" : "Status", "metadata" : { }, "status" : "Success"

}

状态码

状态码描述

200 OK

400 BadRequest

401 Unauthorized

403 Forbidden

404 NotFound

405 MethodNotAllowed 406 NotAcceptable 409 Conflict

415 UnsupportedMediaType

422 Invalid

429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

4.1.2 查询所有 Network

功能介绍

查询指定namespace下的所有Network对象。

调试

URI

GET /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks

(30)

continue 否 String The continue option should be

set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a

configuration change on the server the server will respond with a 410 ResourceExpired error indicating the client must restart their list without the continue field. This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any

modifications.

fieldSelector 否 String A selector to restrict the list of returned objects by their fields. Defaults to everything.

includeUniniti

alized 否 Boolean If true, partially initialized resources are included in the response.

labelSelector 否 String A selector to restrict the list of returned objects by their labels. Defaults to everything.

(31)

limit 否 Integer limit is a maximum number of

responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results.

Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all

requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.

The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.

(32)

resourceVersi

on 否 String When specified with a watch

call, shows changes that occur after that particular version of a resource. Defaults to

changes from the beginning of history. When specified for list:

- if unset, then the result is returned from remote storage based on quorum-read flag; - if it's 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.

timeoutSecon

ds 否 Integer Timeout for the list/watch call.

This limits the duration of the call, regardless of any activity or inactivity.

watch 否 Boolean Watch for changes to the

described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

pretty printed.

请求参数

响应参数

状态码： 200

(33)

表4-11 响应 Body 参数

items Array of

io.k8s.api.cci.

v1beta1.Net work objects

Network is a network resource in container.

metadata

io.k8s.apimac hinery.pkg.ap is.meta.v1.Lis tMeta_v2

object

git.k8s.io/community/contributors/devel/api- conventions.md#metadata

表4-12 io.k8s.api.cci.v1beta1.Network

(34)

metadata

io.k8s.apimac hinery.pkg.ap is.meta.v1.Ob jectMeta_v3

object

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

spec

io.k8s.api.cci.

v1beta1.Net workSpec

object

Spec defines the attributes on a network

status

io.k8s.api.cci.

v1beta1.Net workStatus

object

Status describes the network status

表4-13 io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3

annotations Map<String,St

ring> Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/

annotations

clusterName String The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimes

tamp String CreationTimestamp is a timestamp

representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate

operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/

contributors/devel/api- conventions.md#metadata

(35)

参数参数类型描述 deletionGrace

PeriodSecond s

Long Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when

deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimes

tamp String DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the

deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or

automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info:

https://git.k8s.io/community/contributors/

devel/api-conventions.md#metadata enable Boolean Enable identify whether the resource is

available finalizers Array of

strings Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the

deletionTimestamp of the object is non-nil, entries in this list can only be removed.

(36)

generateNam

e String GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same

validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/

devel/api-conventions.md#idempotency generation Long A sequence number representing a specific

generation of the desired state. Populated by the system. Read-only.

initializers

io.k8s.apimac hinery.pkg.ap is.meta.v1.Ini tializers_v3

object

An initializer is a controller which enforces some system invariant at object creation time.

This field is a list of initializers that have not yet acted on this object. If nil or empty, this object has been completely initialized.

Otherwise, the object is considered

uninitialized and is hidden (in list/watch and get calls) from clients that haven't explicitly asked to observe uninitialized objects.

When an object is created, the system will populate this list with the current set of initializers. Only privileged users may set or modify this list. Once it is empty, it may not be modified further by any user.

labels Map<String,St

ring> Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://

kubernetes.io/docs/user-guide/labels

(37)

name String Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info:

identifiers#names

namespace String Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but

"default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated.

More info: http://kubernetes.io/docs/user- guide/namespaces

ownerReferen

ces Array of

io.k8s.apimac hinery.pkg.ap is.meta.v1.O wnerReferen ce_v2 objects

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersi

on String An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic

concurrency, change detection, and the watch operation on a resource or set of resources.

Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/

selfLink String SelfLink is a URL representing this object.

(38)

uid String UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info:

identifiers#uids

表4-14 io.k8s.apimachinery.pkg.apis.meta.v1.Initializers_v3

pending Array of

io.k8s.apimac hinery.pkg.ap is.meta.v1.Ini tializer_v2

objects

Pending is a list of initializers that must execute in order before this object is visible.

When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients.

result

io.k8s.apimac hinery.pkg.ap is.meta.v1.St atus_v3

object

If result is set with the Failure field, the object will be persisted to storage and then deleted, ensuring that other clients can observe the deletion.

表4-15 io.k8s.apimachinery.pkg.apis.meta.v1.Initializer_v2

name String name of the process that is responsible for initializing this object.

表4-16 io.k8s.apimachinery.pkg.apis.meta.v1.Status_v3

code Integer Suggested HTTP return code for this status, 0 if not set.

(39)

参数参数类型描述 details

io.k8s.apimac

hinery.pkg.ap is.meta.v1.St atusDetails_v 3 object

Extended data associated with the reason.

Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.

message String A human-readable description of the status of this operation.

metadata

io.k8s.apimac hinery.pkg.ap is.meta.v1.Lis tMeta_v2

object

reason String A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.

status String Status of the operation. One of: "Success" or

"Failure". More info: https://git.k8s.io/

community/contributors/devel/api- conventions.md#spec-and-status

表4-17 io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails_v3

causes Array of

io.k8s.apimac hinery.pkg.ap is.meta.v1.St atusCause_v2

objects

The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.

group String The group attribute of the resource associated with the status StatusReason.

(40)

kind String The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/

community/contributors/devel/api- conventions.md#types-kinds

name String The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).

retryAfterSeco

nds Integer If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.

uid String UID of the resource. (when there is a single resource which can be described). More info:

identifiers#uids

表4-18 io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause_v2

field String The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.

Examples: "name" - the field "name" on the current resource "items[0].name" - the field

"name" on the first array entry in "items"

message String A human-readable description of the cause of the error. This field may be presented as-is to a reader.

reason String A machine-readable description of the cause of the error. If this value is empty there is no information available.

(41)

表4-19 io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta_v2

continue String continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a list may not be possible if the server configuration has changed or more than a few minutes have passed. The

resourceVersion field returned when using this continue value will be identical to the value in the first response.

resourceVersi

on String String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only.

selfLink String selfLink is a URL representing this object.

表4-20 io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference_v2

apiVersion String API version of the referent.

blockOwnerD

eletion Boolean If true, AND if the owner has the

"foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete"

permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller Boolean If true, this reference points to the managing controller.

kind String Kind of the referent. More info: https://

(42)

name String Name of the referent. More info: http://

kubernetes.io/docs/user-guide/

identifiers#names

uid String UID of the referent. More info: http://

kubernetes.io/docs/user-guide/identifiers#uids

表4-21 io.k8s.api.cci.v1beta1.NetworkSpec

attachedVPC String ID of the VPC to attach availableZone String available zone

cidr String The CIDR of the network

networkID String network ID

networkType String network type like 'overlay_l2'

subnetID String Subnet ID

表4-22 io.k8s.api.cci.v1beta1.NetworkStatus

message String Message describes why network is in current state

state String State describes the network state

请求示例

无

响应示例

状态码： 200 OK

{ "apiVersion" : "networking.cci.io/v1beta1", "items" : [ {

"metadata" : { "annotations" : {

"network.alpha.kubernetes.io/default-security-group" : "19c5d024-aed5-4856-b958-c0f65ce70855", "network.alpha.kubernetes.io/domain-id" : "aadb43c0b14c4cafbccfff483d075987",

"network.alpha.kubernetes.io/project-id" : "51bf52609f2a49c68bfda3398817b376"

},

(43)

"creationTimestamp" : "2018-09-03T11:21:00Z", "enable" : true,

"name" : "namespace-test-dc1-default-network", "namespace" : "namespace-test",

"resourceVersion" : "5016899",

"selfLink" : "/apis/networking.cci.io/v1beta1/namespaces/namespace-test/networks/namespace-test- dc1-default-network",

"uid" : "6fb85414-af6b-11e8-b6ef-f898ef6c78b4"

}, "spec" : {

"attachedVPC" : "0d4080e5-546a-46c4-86fe-f3e26d685177", "availableZone" : "cn-north-1a",

"cidr" : "192.168.244.0/23",

"networkID" : "0022e356-f730-4226-802e-9cdaa6e7da17", "networkType" : "underlay_neutron",

"subnetID" : "1ffd839d-e534-4fa8-a59d-42356335bf74"

}, "status" : { "state" : "Active"

} } ],

"kind" : "NetworkList", "metadata" : {

"resourceVersion" : "5016953",

"selfLink" : "/apis/networking.cci.io/v1beta1/namespaces/namespace-test/networks"

}}

状态码

状态码描述

200 OK

400 BadRequest

401 Unauthorized

403 Forbidden

404 NotFound

405 MethodNotAllowed 406 NotAcceptable 409 Conflict

415 UnsupportedMediaType

422 Invalid

429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

(44)

功能介绍

创建一个Network对象。

Network对象是华为云CCI新增对象，用于定义kubernetes中一个namespace内的网络。目前CCI支持VPC网络，一个VPC网络类型的network对象对应于华为云虚拟私有云服务中的一个子网。

CCI的容器网络依赖于华为云底层VPC网络，因此在创建network对象前，需要先调用虚拟私有云的接口创建或者查询已有子网信息。

说明

须知：此处VPC和子网的网段不能为10.247.0.0/16，10.247.0.0/16是云容器实例预留给Service的网段。如果您使用此网段，后续可能会造成IP冲突，导致负载无法创建或服务不可用；如果您不需要通过Service访问，而是直接访问Pod，则可以使用此网段。

具体如何创建一个Network对象，可以参考Namespace和Network

调试

URI

POST /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks

表4-23 路径参数

pretty printed.

(45)

请求参数

Content-Type 是 String 消息体的类型（格式），默认取

值为“application/json”

缺省值：application/json

表4-26 请求 Body 参数

apiVersion 否 String APIVersion defines the

versioned schema of this representation of an object.

Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.

More info: https://git.k8s.io/

community/contributors/

devel/api-

conventions.md#resources

kind 否 String Kind is a string value

representing the REST

resource this object represents.

Servers may infer this from the endpoint the client

submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/

devel/api-

conventions.md#types-kinds

metadata 否

io.k8s.apimac

hinery.pkg.ap is.meta.v1.Ob jectMeta_v3

object

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

(46)

spec 否

io.k8s.api.cci.

v1beta1.Net workSpec

object

Spec defines the attributes on a network

status 否

io.k8s.api.cci.

v1beta1.Net workStatus

object

Status describes the network status

表4-27 io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta_v3

annotations 否 Map<String,St

ring> Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.

They are not queryable and should be preserved when modifying objects. More info:

http://kubernetes.io/docs/user- guide/annotations

clusterName 否 String The name of the cluster which the object belongs to. This is used to distinguish resources with same name and

namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

(47)

参数是否必选参数类型描述 creationTimes

tamp 否 String CreationTimestamp is a

timestamp representing the server time when this object was created. It is not

guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system.

Read-only. Null for lists. More info: https://git.k8s.io/

devel/api-

conventions.md#metadata deletionGrace

PeriodSecond s

否 Long Number of seconds allowed

for this object to gracefully terminate before it will be removed from the system.

Only set when

deletionTimestamp is also set.

May only be shortened. Read- only.

(48)

deletionTimes

tamp 否 String DeletionTimestamp is RFC

3339 date and time at which this resource will be deleted.

This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the

finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful

termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API.

In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can

determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is

requested. Read-only. More info: https://git.k8s.io/

devel/api-

conventions.md#metadata

(49)

enable 否 Boolean Enable identify whether the

resource is available

finalizers 否 Array of

strings Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateNam

e 否 String GenerateName is an optional

prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix

required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://

git.k8s.io/community/

conventions.md#idempotency

Kubernetes API_云容器实例 CCI_API参考_华为云

API 参考

目 录

1 使用前必读... 1

2 如何调用 API...4

3 快速入门...10

4 API...14

5 Kubernetes API... 119

6 数据结构... 4982

7 权限和授权项... 5205

8 附录... 5222

9 历史 API...5254

A 修订记录...5408

1 使用前必读

1.1 概述

1.2 调用说明

1.3 终端节点

1.4 约束与限制

1.5 基本概念

1.6 API 版本选择建议

2 如何调用 API

2.1 构造请求

bbs.huaweicloud.com/videos/102987

请求 URI

请求方法

请求消息头

请求消息体

username

domainname

********

xxxxxxxxxxxxxxxxxx

2.2 认证鉴权

Token 认证

bbs.huaweicloud.com/videos/101333 。

AK/SK 认证

2.3 返回结果

状态码

响应消息头

响应消息体（可选）

3 快速入门

概述

创建流程

创建 Nginx 负载

ID。

▪

▪

▪

4 API

4.1 Network

4.1.1 删除所有 Network

功能介绍

调试

URI

请求参数

响应参数

io.k8s.apimac hinery.pkg.ap is.meta.v1.St atusDetails_v 3 object

io.k8s.apimac hinery.pkg.ap is.meta.v1.Lis tMeta_v2

io.k8s.apimac hinery.pkg.ap is.meta.v1.St atusCause_v2

请求示例

响应示例

状态码

4.1.2 查询所有 Network

功能介绍

调试

URI

请求参数

响应参数

io.k8s.api.cci.

v1beta1.Net work objects

io.k8s.apimac hinery.pkg.ap is.meta.v1.Lis tMeta_v2

io.k8s.apimac hinery.pkg.ap is.meta.v1.Ob jectMeta_v3

io.k8s.api.cci.

v1beta1.Net workSpec

io.k8s.api.cci.

v1beta1.Net workStatus

io.k8s.apimac hinery.pkg.ap is.meta.v1.Ini tializers_v3

io.k8s.apimac hinery.pkg.ap is.meta.v1.O wnerReferen ce_v2 objects

io.k8s.apimac hinery.pkg.ap is.meta.v1.Ini tializer_v2

io.k8s.apimac hinery.pkg.ap is.meta.v1.St atus_v3

io.k8s.apimac

目录

1 ^{使用前必读}

2 ^{如何调用 API}

3 ^快速入门

4 ^API