因为我们一般 debug 我们的代码,那么需要这个代码被触发掉。kubernetes 的Informer 会导致许许多多的客户端都有本地的缓存。
Informer 内部实现极其复杂,所以很少有相关的文章,如果需要请谷歌搜索外文。
Informer 是 Client-go 中的一个核心工具包。在 Kubernetes 源码中,如果 Kubernetes 的某个组件,需要 List/Get Kubernetes 中的 Object,在绝大多 数情况下,会直接使用 Informer 实例中的 Lister()方法(该方法包含 了 Get 和 List 方法),而很少直接请求 Kubernetes API。Informer 最基本 的功能就是 List/Get Kubernetes 中的 Object。
package main
import (
_ "time/tzdata" // for timeZone support in CronJob
_ "k8s.io/component-base/logs/json/register" // for JSON log format registration
_ "k8s.io/component-base/metrics/prometheus/clientgo" // load all the prometheus client-go plugins
_ "k8s.io/component-base/metrics/prometheus/version" // for version metric registration
func main() {
command := app.NewAPIServerCommand()
code := cli.Run(command)
::: tip 很简单的一个函数,调用 command 方法一直跑就对了,Run 方法是个循环,直到你退出 API Server,code 交给 os.Exit。
转到 定义:
// NewAPIServerCommand creates a *cobra.Command object with default parameters
func NewAPIServerCommand() *cobra.Command {
s := options.NewServerRunOptions()
cmd := &cobra.Command{
Use: "kube-apiserver",
Long: `The Kubernetes API server validates and configures data
for the api objects which include pods, services, replicationcontrollers, and
others. The API Server services REST operations and provides the frontend to the
cluster's shared state through which all other components interact.`,
// stop printing usage when the command errors
SilenceUsage: true,
PersistentPreRunE: func(*cobra.Command, []string) error {
// silence client-go warnings.
// kube-apiserver loopback clients should not log self-issued warnings.
return nil
RunE: func(cmd *cobra.Command, args []string) error {
fs := cmd.Flags()
// Activate logging as soon as possible, after that
// show flags with the final logging configuration.
if err := logsapi.ValidateAndApply(s.Logs, utilfeature.DefaultFeatureGate); err != nil {
return err
// set default options
completedOptions, err := Complete(s)
if err != nil {
return err
// validate options
if errs := completedOptions.Validate(); len(errs) != 0 {
return utilerrors.NewAggregate(errs)
// add feature enablement metrics
return Run(completedOptions, genericapiserver.SetupSignalHandler())
Args: func(cmd *cobra.Command, args []string) error {
for _, arg := range args {
if len(arg) > 0 {
return fmt.Errorf("%q does not take any arguments, got %q", cmd.CommandPath(), args)
return nil
fs := cmd.Flags()
namedFlagSets := s.Flags()
globalflag.AddGlobalFlags(namedFlagSets.FlagSet("global"), cmd.Name(), logs.SkipLoggingConfigurationFlags())
for _, f := range namedFlagSets.FlagSets {
cols, _, _ := term.TerminalSize(cmd.OutOrStdout())
cliflag.SetUsageAndHelpFunc(cmd, namedFlagSets, cols)
return cmd
cri 是 如何 run command 的:
func run(cmd *cobra.Command) (logsInitialized bool, err error) {
defer logs.FlushLogs()
// When error printing is enabled for the Cobra command, a flag parse
// error gets printed first, then optionally the often long usage
// text. This is very unreadable in a console because the last few
// lines that will be visible on screen don't include the error.
// The recommendation from #sig-cli was to print the usage text, then
// the error. We implement this consistently for all commands here.
// However, we don't want to print the usage text when command
// execution fails for other reasons than parsing. We detect this via
// the FlagParseError callback.
// Some commands, like kubectl, already deal with this themselves.
// We don't change the behavior for those.
if !cmd.SilenceUsage {
cmd.SilenceUsage = true
cmd.SetFlagErrorFunc(func(c *cobra.Command, err error) error {
// Re-enable usage printing.
c.SilenceUsage = false
return err
// In all cases error printing is done below.
cmd.SilenceErrors = true
// This is idempotent.
// Inject logs.InitLogs after command line parsing into one of the
// PersistentPre* functions.
switch {
case cmd.PersistentPreRun != nil:
pre := cmd.PersistentPreRun
cmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
logsInitialized = true
pre(cmd, args)
case cmd.PersistentPreRunE != nil:
pre := cmd.PersistentPreRunE
cmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
logsInitialized = true
return pre(cmd, args)
cmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
logsInitialized = true
err = cmd.Execute()
这是一个蛮简单的过程,进行 run 操作最后调用 cmd.Execute()
Server Account 机制是 Kubernetes 中组件和 API Server 交互的标准方式
出于安全考虑,1.24版本和以后版本,不再自动为一个 Server Account 创建 Secret ,需要自己手动创建。
为 SA 授权,能够操作 API 对象
Token 将放在http Header 中发送到 API Server 从而进行鉴权
为了能和 API Server 建立安全连接,Postman需要 改 SA 对应证书
把下载好的证书 下载到 Postman 所在机器,并上传到 Postman 设置中
