Python has a worthy library for interacting with kubernetes (k8s) clusters. This talk will discuss 2 quick tools to get your feet wet when it comes to interacting with k8s using python and show you some of the things to gaze out for, as well as the fundamentals of native vs intra-cluster security.
The first service is a simple flask based application that will be operating as a pod inside the cluster exposing the endpoint using a Service and Ingress sources. When you call the “/pod/versions” endpoint, it will return the versions of any applications operating in the cluster as JSON. There are some security constraints constructed into k8s that you should be aware of when trying to entry the k8s API internally. We will walk you through how to allow this service to entry this API even with Role Based Access Control (RBAC) enabled using a ServiceAccount. This method will only grant this specific service inside a particular namespace read-only entry to pod information for the cluster.
The second application will make use of this flask endpoint and be run from your native command. k8s config file to get entry. We will then use it to compare a secondary application operating in a different namespace. This is a smaller version of some real world tooling we use at Rally Health as we migrate from mesos to k8s and need to compare state between these 2 environments as well as between clusters in different environments. These techniques are just the tip of the iceberg, but ideally they should give you some thought as to what the kubernetes python client is succesful of handling.
Chicago Python __main__ is streaming talks live on YouTube! See the full livestream with additional Q&A here: https://youtu.be/CWs3KFpRQjU