Search
๐Ÿ‘ฅ

[CKA] 45. API Groups

Date
2025/01/14
Category
Devops
Tag
Kubernetes
CKA
Security
๋ชฉ์ฐจ

ย API Groups

์ฟ ๋ฒ„๋„คํ‹ฐ์Šค API๋Š” ๋ชฉ์ ์— ๋”ฐ๋ผ ์—ฌ๋Ÿฌ ๊ทธ๋ฃน์œผ๋กœ ๋‚˜๋‰˜์–ด ์žˆ์œผ๋ฉฐ, ๊ฐ๊ฐ์˜ ๊ทธ๋ฃน์€ ํŠน์ • ๊ธฐ๋Šฅ์„ ์ œ๊ณตํ•œ๋‹ค.
โ€ข
/version - ํด๋Ÿฌ์Šคํ„ฐ์˜ ๋ฒ„์ „์„ ์กฐํšŒ
โ€ข
/healthz - ํด๋Ÿฌ์Šคํ„ฐ์˜ health๋ฅผ ๋ชจ๋‹ˆํ„ฐ๋ง
โ€ข
/metrics - ํด๋Ÿฌ์Šคํ„ฐ์˜ ๋ฉ”ํŠธ๋ฆญ์„ ์ˆ˜์ง‘ํ•˜๊ณ  ํ™•์ธ
โ€ข
/logs - ์„œ๋“œํŒŒํ‹ฐ ๋กœ๊น… ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜๊ณผ ํ†ตํ•ฉ
API๋Š” ํด๋Ÿฌ์Šคํ„ฐ ๊ธฐ๋Šฅ์„ ์ฑ…์ž„์ง€๋Š” ์—ญํ• ์— ๋งž์ถฐ ๋‘ ๊ฐ€์ง€๋กœ ๋ถ„๋ฅ˜ํ•  ์ˆ˜ ์žˆ๋‹ค: Core & Named

ย Core Group

์ฝ”์–ด ๊ทธ๋ฃน์—๋Š” Kubernetes์˜ ๋ชจ๋“  ํ•ต์‹ฌ ๊ธฐ๋Šฅ์ด ํฌํ•จ๋˜์–ด ์žˆ๋‹ค.

ย Named Group

๋ช…๋ช… ๊ทธ๋ฃน์€ ๋” ์กฐ์งํ™”๋œ ํ˜•ํƒœ๋กœ ์ œ๊ณต๋˜๋ฉฐ, ์ƒˆ๋กœ์šด ๊ธฐ๋Šฅ์€ ๋ช…๋ช… ๊ทธ๋ฃน์„ ํ†ตํ•ด ์ œ๊ณต๋œ๋‹ค. ๊ฐ API ๊ทธ๋ฃน์—๋Š” ์—ฌ๋Ÿฌ ๋ฆฌ์†Œ์Šค๊ฐ€ ์žˆ์œผ๋ฉฐ, ์ด๋Ÿฌํ•œ ๋ฆฌ์†Œ์Šค์—๋Š” ํŠน์ • ์ž‘์—…์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ๋Š” ์ž‘์—…๋“ค์ด ์—ฐ๊ฒฐ๋˜์–ด ์žˆ๋‹ค. ์ด๋Ÿฌํ•œ ์ž‘์—…๋“ค์„ Verbs๋ผ๊ณ  ํ•˜๋ฉฐ, Kubernetes API๋ฅผ ํ†ตํ•ด ๋ฆฌ์†Œ์Šค๋ฅผ ์กฐ์ž‘ํ•˜๋Š” ๋ฐ ์‚ฌ์šฉ๋œ๋‹ค.
์˜ˆ๋ฅผ ๋“ค์–ด, ์•ฑ ๊ทธ๋ฃน ๋‚ด์˜ ๋ฐฐํฌ ๋ฆฌ์†Œ์Šค์— ๋Œ€ํ•œ Verbs๋Š” ๋‹ค์Œ๊ณผ ๊ฐ™๋‹ค:
โ€ข
list, get, create, delete, update, watch
API ๊ทธ๋ฃน์˜ ์„ธ๋ถ€์‚ฌํ•ญ์€ Kubernetes API Reference ํŽ˜์ด์ง€์—์„œ ํ™•์ธํ•  ์ˆ˜ ์žˆ๋‹ค.

ย Access API Server

ํด๋Ÿฌ์Šคํ„ฐ์˜ API ์„œ๋ฒ„์— ์ ‘๊ทผํ•˜๋ฉด ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•œ API ๊ทธ๋ฃน ๋ฆฌ์ŠคํŠธ๋ฅผ ์–ป์„ ์ˆ˜ ์žˆ๋‹ค
curl https://localhost:6443 -k { "path": [ "/api", "/api/v1", "/apis", "/apis/", "/healthz", ... }
Bash
๋ณต์‚ฌ
Named API Group ๋‚ด์—์„œ ์ง€์›๋˜๋Š” ๋ชจ๋“  ๋ฆฌ์†Œ์Šค ๊ทธ๋ฃน์„ ํ™•์ธํ•  ์ˆ˜๋„ ์žˆ๋‹ค.
curl https://localhost:6443/apis -k | grep "name" { ... "name": "extensions", "name": "apps", "name": "events.k8s.io", "name": "authentication.k8s.io", "name": "authorization.k8s.io", ... }
Bash
๋ณต์‚ฌ

ย With Certificates

์ด๋•Œ curl์„ ํ†ตํ•œ API์— ๋Œ€ํ•œ ์ง์ ‘์ ์ธ ์•ก์„ธ์Šค๋Š” apiVersion ๊ฐ™์€ ํŠน์ • API๋ฅผ ์ œ์™ธํ•˜๊ณค ์•ก์„ธ์Šค๋˜์ง€ ์•Š๋Š”๋‹ค. ์ธ์ฆ์„œ ํŒŒ์ผ์„ ํ†ตํ•ด API์— ๋Œ€ํ•œ ์ธ์ฆ์„ ๊ฑฐ์ณ์•ผ ์•ก์„ธ์Šค๊ฐ€ ๊ฐ€๋Šฅํ•˜๋‹ค.
curl https://localhost:6443 -k \ --key admin.key --cert admin.crt --cacert ca.crt
Bash
๋ณต์‚ฌ

ย kubectl proxy

๋‹ค๋ฅธ ๋ฐฉ๋ฒ•์€ kubectl proxy client๋ฅผ ์‹œ์ž‘ํ•˜๋Š” ๊ฒƒ์ด๋‹ค. kubectl proxy ๋ช…๋ น์€ ๋กœ์ปฌ์—์„œ 8001 ํฌํŠธ์— ํ”„๋ก์‹œ ์„œ๋น„์Šค๋ฅผ ์‹œ์ž‘ํ•˜๋ฉฐ, kubeconfig ํŒŒ์ผ์˜ ์ž๊ฒฉ ์ฆ๋ช…๊ณผ ์ธ์ฆ์„œ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํด๋Ÿฌ์Šคํ„ฐ์— ์ ‘๊ทผํ•œ๋‹ค. ์ด๋ฅผ ํ†ตํ•ด curl ๋ช…๋ น์—์„œ ์ธ์ฆ์„œ๋ฅผ ์ง€์ •ํ•  ํ•„์š”๊ฐ€ ์—†๋‹ค.
# kubectl proxy client ์‹œ์ž‘ $ kubectl proxy Starting to serve on 127.0.0.1:8001 # ์ธ์ฆ์„œ ๋ช…์‹œํ•  ํ•„์š” ์—†์ด ์•ก์„ธ์Šค ๊ฐ€๋Šฅ $ curl https://localhost:6443 -k { "path": [ "/api", "/api/v1", "/apis", "/apis/", "/healthz", ... }
Bash
๋ณต์‚ฌ
์ฐธ๊ณ : kube proxy โ‰  kubectl proxy
โ€ข
kube proxy: ํด๋Ÿฌ์Šคํ„ฐ Pod์™€ Service ๊ฐ„์˜ ๋„คํŠธ์›Œํฌ ํŠธ๋ž˜ํ”ฝ์„ ๊ด€๋ฆฌํ•˜๋Š” Component
โ€ข
kubectl proxy: HTTP Proxy ์„œ๋น„์Šค๋กœ, kubectl ์ด kube-apiserver์— ์ ‘๊ทผ ๊ฐ€๋Šฅํ•˜๊ฒŒ ํ•จ

ย Summary

Kubernetes๋Š” ๋ฆฌ์†Œ์Šค๋ฅผ ํšจ์œจ์ ์œผ๋กœ ๊ด€๋ฆฌํ•˜๊ธฐ ์œ„ํ•ด ๋‹ค์–‘ํ•œ API ๊ทธ๋ฃน์œผ๋กœ ๋ฆฌ์†Œ์Šค๋ฅผ ๋ถ„๋ฅ˜ํ•œ๋‹ค.

API Group

โ€ข
Core API Group: Kubernetes์˜ ๊ธฐ๋ณธ ๋ฆฌ์†Œ์Šค ํฌํ•จ
โ€ข
Named API Group: ํŠน์ • ๊ธฐ๋Šฅ์ด๋‚˜ ์„œ๋น„์Šค์— ๋งž์ถฐ ๊ตฌ์„ฑ๋œ ๋ฆฌ์†Œ์Šค ํฌํ•จ

Resources & Verbs

API Group ๋‚ด์—๋Š” ๋‹ค์–‘ํ•œ ๋ฆฌ์†Œ์Šค๊ฐ€ ์กด์žฌํ•˜๋ฉฐ, ๊ฐ ๋ฆฌ์†Œ์Šค๋Š” CRUD ์ž‘์—…์„ ํฌํ•จํ•œ ์—ฌ๋Ÿฌ ๋™์ž‘(Verbs)์„ ์ˆ˜ํ–‰ํ•  ์ˆ˜ ์žˆ๋‹ค.