华为云用户手册

状态码 状态码 描述 200 OK 201 Created 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 Conflict 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

响应参数 状态码：200 表2 响应Body参数 参数 参数类型 描述 apiVersion String APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources kind String Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds name String name is the name of the group. preferredVersion io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery object preferredVersion is the version preferred by the API server, which probably is the storage version. serverAddressByClientCIDRs Array of io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR objects a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. versions Array of io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery objects versions are the versions supported in this group. 表3 io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery 参数 参数类型 描述 groupVersion String groupVersion specifies the API group and version in the form "group/version" version String version specifies the version in the form of "version". This is to save the clients the trouble of splitting the GroupVersion. 表4 io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR 参数 参数类型 描述 clientCIDR String The CIDR with which clients can match their IP to figure out the server address that they should use. serverAddress String Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port.

状态码 状态码 描述 200 OK 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 Conflict 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

响应示例 状态码：200 OK { "apiVersion" : "v1", "kind" : "APIGroup", "name" : "extensions", "preferredVersion" : { "groupVersion" : "extensions/v1beta1", "version" : "v1beta1" }, "versions" : [ { "groupVersion" : "extensions/v1beta1", "version" : "v1beta1" } ] }

状态码 状态码 描述 200 OK 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 Conflict 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

响应示例 状态码：200 OK { "apiVersion" : "v1", "items" : [ { "metadata" : { "creationTimestamp" : "2018-01-13T08:40:21Z", "name" : "kubernetes", "namespace" : "default", "resourceVersion" : "49", "selfLink" : "/api/v1/namespaces/default/endpoints/kubernetes", "uid" : "64593b5d-f83d-11e7-9c3c-fa163eb8ad1a" }, "subsets" : [ { "addresses" : [ { "ip" : "192.168.0.64" } ], "ports" : [ { "name" : "https", "port" : 5444, "protocol" : "TCP" } ] } ] } ], "kind" : "EndpointsList", "metadata" : { "resourceVersion" : "598704", "selfLink" : "/api/v1/namespaces/default/endpoints" } }

URI GET /api/v1/namespaces/{namespace}/endpoints 表1 路径参数 参数 是否必选 参数类型 描述 namespace 是 String object name and auth scope, such as for teams and projects 表2 Query参数 参数 是否必选 参数类型 描述 allowWatchBookmarks 否 Boolean allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. continue 否 String The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. fieldSelector 否 String A selector to restrict the list of returned objects by their fields. Defaults to everything. labelSelector 否 String A selector to restrict the list of returned objects by their labels. Defaults to everything. limit 否 Integer limit is a maximum number of responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. resourceVersion 否 String resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset resourceVersionMatch 否 String resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset timeoutSeconds 否 Integer Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. watch 否 Boolean Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. pretty 否 String If 'true', then the output is pretty printed.

状态码 状态码 描述 200 OK 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 Conflict 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

URI PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name} 表1 路径参数 参数 是否必选 参数类型 描述 name 是 String name of the RoleBinding namespace 是 String object name and auth scope, such as for teams and projects 表2 Query参数 参数 是否必选 参数类型 描述 dryRun 否 String When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed fieldManager 否 String fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch). force 否 Boolean Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests. pretty 否 String If 'true', then the output is pretty printed.

请求参数 表3 请求Header参数 参数 是否必选 参数类型 描述 X-Auth-Token 是 String 用户Token。 通过调用 IAM 服务获取用户Token接口获取（响应消息头中X-Subject-Token的值）。 Content-Type 是 String 目前支持三种类型的PATCH请求方法的操作，参考《使用JSON合并patch更新Deployment》。 Json Patch, Content-Type: application/json-patch+json Merge Patch, Content-Type: application/merge-patch+json Strategic Merge Patch, Content-Type: application/strategic-merge-patch+json 在RFC6902协议的定义中，Json Patch包含一系列对目标JSON对象的操作，其本身也为JSON对象。服务器接收到该对象后，会将其表示的操作应用于目标JSON对象。 在RFC7386协议的定义中，Merge Patch必须包含对一个资源对象的部分描述，即为JSON对象。该JSON对象被提交到服务端后与服务端的当前对象合并，即替换当前资源对象中的列表域，从而创建一个新的对象。 Strategic Merge Patch是添加合法的元数据到API对象中，并通过这些新的元数据来决定哪个列表被合并，哪个列表不该被合并。当前这些元数据则作为结构标签。 表4 请求Body参数 参数 是否必选 参数类型 描述 - 是 Object Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.

请求示例 更新指定的RoleBinding。 { "roleRef" : { "apiGroup" : "rbac.authorization.k8s.io", "kind" : "ClusterRole", "name" : "view" }, "subjects" : [ { "apiGroup" : "rbac.authorization.k8s.io", "kind" : "User", "name" : "07b82a44a680d5661f01c00b448f8f50" }, { "apiGroup" : "rbac.authorization.k8s.io", "kind" : "Group", "name" : "07b8387fd080d2963f92c00bb9a7341e" } ] }

响应示例 状态码：200 OK { "apiVersion" : "rbac.authorization.k8s.io/v1", "kind" : "RoleBinding", "metadata" : { "creationTimestamp" : "2020-04-07T08:25:46Z", "name" : "clusterrole_view_User_07b82a44a680d5661f01c00b448f8f50", "namespace" : "rbac-test", "resourceVersion" : "230608015", "selfLink" : "/apis/rbac.authorization.k8s.io/v1/namespaces/rbac-test/rolebindings/clusterrole_view_User_07b82a44a680d5661f01c00b448f8f50", "uid" : "6163c216-78a9-11ea-bcc5-340a9837e2a7" }, "roleRef" : { "apiGroup" : "rbac.authorization.k8s.io", "kind" : "ClusterRole", "name" : "view" }, "subjects" : [ { "apiGroup" : "rbac.authorization.k8s.io", "kind" : "User", "name" : "07b82a44a680d5661f01c00b448f8f50" }, { "apiGroup" : "rbac.authorization.k8s.io", "kind" : "Group", "name" : "07b8387fd080d2963f92c00bb9a7341e" } ] }

状态码 状态码 描述 200 OK 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 Conflict 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

URI GET /apis/rbac.authorization.k8s.io/v1/clusterroles/{name} 表1 路径参数 参数 是否必选 参数类型 描述 name 是 String name of the ClusterRole 表2 Query参数 参数 是否必选 参数类型 描述 pretty 否 String If 'true', then the output is pretty printed.

响应示例 状态码：200 OK { "apiVersion" : "rbac.authorization.k8s.io/v1", "kind" : "ClusterRole", "metadata" : { "creationTimestamp" : "2018-11-27T03:03:00Z", "name" : "secret-reader", "resourceVersion" : "13211", "selfLink" : "/apis/rbac.authorization.k8s.io/v1/clusterroles/secret-reader", "uid" : "f2cf199e-f1f0-11e8-b449-fa163ec24e06" }, "rules" : [ { "apiGroups" : [ "" ], "resources" : [ "secrets" ], "verbs" : [ "get", "watch", "list" ] } ] }

状态码 状态码 描述 200 OK 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 AlreadyExists 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

URI POST /api/v1/namespaces/{namespace}/pods/{name}/exec 表1 路径参数 参数 是否必选 参数类型 描述 name 是 String name of the PodExecOptions namespace 是 String object name and auth scope, such as for teams and projects 表2 Query参数 参数 是否必选 参数类型 描述 command 否 String Command is the remote command to execute. argv array. Not executed within a shell. container 否 String Container in which to execute the command. Defaults to only container if there is only one container in the pod. stderr 否 Boolean Redirect the standard error stream of the pod for this call. Defaults to true. stdin 否 Boolean Redirect the standard input stream of the pod for this call. Defaults to false. stdout 否 Boolean Redirect the standard output stream of the pod for this call. Defaults to true. tty 否 Boolean TTY if true indicates that a tty will be allocated for the exec call. Defaults to false.

响应示例 状态码：200 OK { "apiVersion" : "crd.yangtse.cni/v1", "kind" : "EIPPool", "metadata" : { "creationTimestamp" : "2022-09-07T01:22:50Z", "finalizers" : [ "yangtse.io/eip-pool" ], "generation" : 1, "labels" : { "some-key" : "some-value" }, "name" : "eippool-test", "namespace" : "namespace-test", "resourceVersion" : "42396258", "selfLink" : "/apis/crd.yangtse.cni/v1/namespaces/namespace-test/eippools/eippool-test", "uid" : "e4dc5432-1d9b-4fcb-8840-ee445b6511ae" }, "spec" : { "amount" : 1, "eipAttributes" : { "bandwidth" : { "chargeMode" : "bandwidth", "name" : "eip-test", "shareType" : "PER", "size" : 5 }, "ipVersion" : 4, "networkType" : "5_g-vm" } }, "status" : { "eips" : [ { "alias" : "eip-test", "bandWidthChargeMode" : "bandwidth", "bandwidthShareType" : "PER", "bandwidthSize" : 5, "id" : "034a0bae-81f7-46f4-b933-3273adc32b54", "ipv4" : "100.85.221.2", "networkType" : "5_g-vm", "status" : "DOWN" } ], "usage" : "0/1" } }

状态码 状态码 描述 200 OK 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 Conflict 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

URI PATCH /apis/crd.yangtse.cni/v1/namespaces/{namespace}/eippools/{name} 表1 路径参数 参数 是否必选 参数类型 描述 name 是 String name of the EIPPool namespace 是 String object name and auth scope, such as for teams and projects 表2 Query参数 参数 是否必选 参数类型 描述 dryRun 否 String When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed fieldManager 否 String fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. pretty 否 String If 'true', then the output is pretty printed.

请求参数 表3 请求Header参数 参数 是否必选 参数类型 描述 X-Auth-Token 是 String 用户Token。 通过调用IAM服务获取用户Token接口获取（响应消息头中X-Subject-Token的值）。 Content-Type 是 String 目前支持三种类型的PATCH请求方法的操作，参考《使用JSON合并patch更新Deployment》。 Json Patch, Content-Type: application/json-patch+json Merge Patch, Content-Type: application/merge-patch+json Strategic Merge Patch, Content-Type: application/strategic-merge-patch+json 在RFC6902协议的定义中，Json Patch包含一系列对目标JSON对象的操作，其本身也为JSON对象。服务器接收到该对象后，会将其表示的操作应用于目标JSON对象。 在RFC7386协议的定义中，Merge Patch必须包含对一个资源对象的部分描述，即为JSON对象。该JSON对象被提交到服务端后与服务端的当前对象合并，即替换当前资源对象中的列表域，从而创建一个新的对象。 Strategic Merge Patch是添加合法的元数据到API对象中，并通过这些新的元数据来决定哪个列表被合并，哪个列表不该被合并。当前这些元数据则作为结构标签。 表4 请求Body参数 参数 是否必选 参数类型 描述 - 是 Object Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.

状态码 状态码 描述 200 OK 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 Conflict 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

响应示例 状态码：200 OK [ { "allowVolumeExpansion" : false, "metadata" : { "creationTimestamp" : "2022-07-26T04:58:34Z", "name" : "csi-disk-sas", "resourceVersion" : "289546", "selfLink" : "/apis/storage.k8s.io/v1/storageclasses/csi-disk-sas", "uid" : "f47fe78e-1677-4ac4-b02c-109cee63f34a" }, "parameters" : { "csi.storage.k8s.io/csi-driver-name" : "disk.csi.everest.io", "csi.storage.k8s.io/fstype" : "ext4", "everest.io/disk-volume-type" : "SAS", "everest.io/passthrough" : "true" }, "provisioner" : "everest-csi-provisioner", "reclaimPolicy" : "Delete", "volumeBindingMode" : "Immediate" }, { "allowVolumeExpansion" : false, "metadata" : { "creationTimestamp" : "2022-07-26T04:58:34Z", "name" : "csi-disk-sata", "resourceVersion" : "289547", "selfLink" : "/apis/storage.k8s.io/v1/storageclasses/csi-disk-sata", "uid" : "3df529ff-5300-4bd8-a292-34ed5ddd80cd" }, "parameters" : { "csi.storage.k8s.io/csi-driver-name" : "disk.csi.everest.io", "csi.storage.k8s.io/fstype" : "ext4", "everest.io/disk-volume-type" : "SATA", "everest.io/passthrough" : "true" }, "provisioner" : "everest-csi-provisioner", "reclaimPolicy" : "Delete", "volumeBindingMode" : "Immediate" } ]

URI GET /apis/storage.k8s.io/v1/storageclasses 表1 Query参数 参数 是否必选 参数类型 描述 allowWatchBookmarks 否 Boolean allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. continue 否 String The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications. fieldSelector 否 String A selector to restrict the list of returned objects by their fields. Defaults to everything. labelSelector 否 String A selector to restrict the list of returned objects by their labels. Defaults to everything. limit 否 Integer limit is a maximum number of responses to return for a list call. If more items exist, the server will set the continue field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned. resourceVersion 否 String resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset resourceVersionMatch 否 String resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details. Defaults to unset timeoutSeconds 否 Integer Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity. watch 否 Boolean Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion. pretty 否 String If 'true', then the output is pretty printed.

创建Namespace Namespace下需要有一个Network关联VPC及子网，创建完Namespace后需要创建一个Network。 通常情况下，没有频繁创建Namespace的需求，建议通过云容器实例的控制台界面创建Namespace。 以下示例创建一个名为namespace-test的Namespace，指定云容器实例的资源类型为general-computing。 apiVersion: v1 kind: Namespace metadata: name: namespace-test labels: sys_enterprise_project_id: "0" annotations: namespace.kubernetes.io/flavor: general-computing spec: finalizers: - kubernetes 这里的定义文件采用YAML格式描述，也是使用JSON格式。 sys_enterprise_project_id：表示企业项目ID，可进入企业管理的企业项目详情页面获取。未开通企业管理的用户无需配置此参数。不配置时默认为0，表示default企业项目。 namespace.kubernetes.io/flavor: general-computing：指定命名空间类型。 命令空间的类型有如下两种： general-computing：通用计算型，支持创建含CPU资源的容器实例及工作负载，适用于通用计算场景。 gpu-accelerated：GPU型，支持创建含GPU资源的容器实例及工作负载，适用于深度学习、科学计算、视频处理等场景。 假如上面Namespace定义的文件名称为ns.yaml，则执行kubectl create -f ns.yaml即可创建命名空间，-f 表示从文件创建。 # kubectl create -f ns.yaml namespace/namespace-test created 执行kubectl get ns查询namespace是否创建成功，ns为namespace的缩写。 # kubectl get ns NAME STATUS AGE namespace-test Active 23s 如上，可以看到namespace-test这个命名空间创建成功，且存在的时长为23秒。 登录云容器实例控制台，单击左侧导航栏“命名空间”，您可以看到命令空间创建成功，但状态为“异常”。这是因为在云容器实例中，您需要为Namespace定义网络策略，具体操作方法请参见创建Network。 图2 Namespace-异常

为kubectl上下文指定Namespace 上面创建Network是在指定的Namespace下创建的，本文档后续的资源创建都是在某个命名空间下操作，每次都指定命名空间比较麻烦，您可以为kubectl上下文指定命名空间，这样在某个上下文中，创建的资源就都是在某个命名空间下，方便操作。 指定Namespace只需要在设置上下文命令中添加一个“--namespace”选项，如下所示。 kubectl config set-context $context --namespace=$ns 其中，$ns为Namespace的名称；$context 为上下文的名称，可以自定义，也可执行如下命令获取： # kubectl config get-contexts CURRENT NAME CLUSTER AUTHINFO NAMESPACE cci-context-cn-east-3-1C8PNI0POPP CS FGXPM6S cci-cluster-cn-east-3 cci-user-cn-east-3-1C8PNI0POPPCSFGXPM6S * cci-context-cn-east-3-hwuser_xxx cci-cluster-cn-east-3 cci-user-cn-east-3-hwuser_xxx kubernetes-admin@kubernetes kubernetes kubernetes-admin 假设，上面创建的Namespace名称为namespace-test，则示例如下。 # kubectl config set-context cci-context --namespace=namespace-test 指定Namespace后，就可以使用 kubectl 命令直接操作云容器实例的相关资源。如下所示，执行kubectl get pod，查看Pod资源，一切正常。 # kubectl get pod No resources found.

Namespace与网络的关系 从网络角度看，命名空间对应一个虚拟私有云（VPC）中一个子网，如图1所示，在创建命名空间时会关联已有VPC或创建一个新的VPC，并在VPC下创建一个子网。后续在该命名空间下创建Pod、Service等资源时都会在对应的VPC及子网之内，且占用子网中的IP地址。 通常情况下，如果您在同一个VPC下还会使用其他服务的资源，您需要考虑您的网络规划，如子网网段划分、IP数量规划等，确保有可用的网络资源。 图1 命名空间与VPC子网的关系

状态码 状态码 描述 200 OK 201 Created 202 Accepted 400 BadRequest 401 Unauthorized 403 Forbidden 404 NotFound 405 MethodNotAllowed 406 NotAcceptable 409 AlreadyExists 415 UnsupportedMediaType 422 Invalid 429 TooManyRequests 500 InternalError 503 ServiceUnavailable 504 ServerTimeout

响应示例 状态码：200 OK { "apiVersion" : "apps/v1", "kind" : "Deployment", "metadata" : { "creationTimestamp" : "2018-09-06T03:39:32Z", "generation" : 1, "labels" : { "app" : "redis" }, "name" : "deployment-test", "namespace" : "namespace-test", "resourceVersion" : "5630832", "selfLink" : "/apis/apps/v1/namespaces/namespace-test/deployments/deployment-test", "uid" : "777dce52-b186-11e8-8cb0-c81fbe371a17" }, "spec" : { "progressDeadlineSeconds" : 600, "replicas" : 1, "revisionHistoryLimit" : 10, "selector" : { "matchLabels" : { "app" : "redis" } }, "strategy" : { "rollingUpdate" : { "maxSurge" : "25%", "maxUnavailable" : "25%" }, "type" : "RollingUpdate" }, "template" : { "metadata" : { "annotations" : { "cri.cci.io/container-type" : "secure-container" }, "creationTimestamp" : null, "labels" : { "app" : "redis" } }, "spec" : { "containers" : [ { "image" : "redis", "imagePullPolicy" : "IfNotPresent", "name" : "container-0", "resources" : { "limits" : { "cpu" : "500m", "memory" : "1Gi" }, "requests" : { "cpu" : "500m", "memory" : "1Gi" } }, "terminationMessagePath" : "/dev/termination-log", "terminationMessagePolicy" : "File" } ], "dnsPolicy" : "ClusterFirst", "imagePullSecrets" : [ { "name" : "imagepull-secret" } ], "restartPolicy" : "Always", "schedulerName" : "default-scheduler", "securityContext" : { } } } }, "status" : { } }

请求示例 创建一个名为"deployment-test"的普通Deployment，使用redis镜像创建一个Pod，每个Pod占用500m { "apiVersion" : "apps/v1", "kind" : "Deployment", "metadata" : { "name" : "deployment-test" }, "spec" : { "replicas" : 1, "selector" : { "matchLabels" : { "app" : "redis" } }, "template" : { "metadata" : { "labels" : { "app" : "redis" } }, "spec" : { "containers" : [ { "image" : "redis", "name" : "container-0", "resources" : { "limits" : { "cpu" : "500m", "memory" : "1024Mi" }, "requests" : { "cpu" : "500m", "memory" : "1024Mi" } } } ], "imagePullSecrets" : [ { "name" : "imagepull-secret" } ], "priority" : 0 } } } } 创建使用GPU的Deployment，NVIDIA GPU的驱动版本为418.126。 { "apiVersion" : "apps/v1", "kind" : "Deployment", "metadata" : { "name" : "test-app", "namespace" : "test-namespace" }, "spec" : { "replicas" : 2, "selector" : { "matchLabels" : { "app" : "test-app" } }, "template" : { "metadata" : { "annotations" : { "cri.cci.io/gpu-driver" : "gpu-418.126" }, "labels" : { "app" : "test-app" } }, "spec" : { "containers" : [ { "image" : "library/nginx:stable-alpine-perl", "lifecycle" : { }, "name" : "container-0", "resources" : { "limits" : { "cpu" : "4", "memory" : "32Gi", "nvidia.com/gpu-tesla-v100-16GB" : "1" }, "requests" : { "cpu" : "4", "memory" : "32Gi", "nvidia.com/gpu-tesla-v100-16GB" : "1" } } } ], "imagePullSecrets" : [ { "name" : "imagepull-secret" } ], "restartPolicy" : "Always" } } } } core CPU、1024Mi内存。