Topic

Python has a great library for interacting with kubernetes (k8s) clusters. This talk will discuss two quick tools to get your feet wet when it comes to interacting with k8s using python and show you some of the things to look out for, as well as the basics of local vs intra-cluster security.

"the phone calls are coming from inside the house!"

The first service is a simple flask based application that will be running as a pod inside the cluster exposing the endpoint using a Service and Ingress resources. When you call the "/pod/versions" endpoint, it will return the versions of any applications running in the cluster as JSON. There are some security constraints built into k8s that you should be aware of when trying to access the k8s API internally. We will walk you through how to allow this service to access this API even with Role Based Access Control (RBAC) enabled using a ServiceAccount. This method will only grant this specific service inside a particular namespace read-only access to pod information for the cluster.

The second application will make use of this flask endpoint and be run from your local command. k8s config file to get access. We will then use it to compare a secondary application running in a different namespace. This is a smaller version of some real world tooling we use at Rally Health as we migrate from mesos to k8s and need to compare state between these two environments as well as between clusters in different environments. These techniques are just the tip of the iceberg, but ideally they should give you some idea as to what the kubernetes python client is capable of handling.