Ajeet Raina Docker Captain, ARM Innovator & Docker Bangalore Community Leader.

A Quick Look at the Kubernetes API Concepts

2 min read

The core of Kubernetes’ control plane is the API server and the HTTP API that it exposes. The Kubernetes API is the front end of the Kubernetes control plane and is how users interact with their Kubernetes cluster. Users, the different parts of your cluster, and external components all communicate with one another through the API server. The Kubernetes API lets you query and manipulate the state of API objects in Kubernetes (for example: Pods, Namespaces, ConfigMaps, and Events). The API directly using REST calls. Both human users and Kubernetes service accounts can be authorized for API access.

In the latest Kubernetes v1.23, there are three significant changes from api-machineryCLI, and autoscaling SIGs that were introduced. It introduces a brand new feature in alpha: events. Highly useful for users who wants to filter different types of events when observing their clusters.

kubectl events

With this newer Kubernetes release, Horizontal Pod Autoscaler (HPA) graduated to General Availability. HPA is the central component of Kubernetes that automatically scales the number of pods based on metrics. HPA can scale up or down many resources, such as replica sets, deployments, or stateful sets with well-known metrics like CPU utilization. It has been part of the Kubernetes API since 2015, and it’s finally graduating to general availability (GA).

The Kubernetes API is a resource-based (RESTful) programmatic interface provided via HTTP. It supports retrieving, creating, updating, and deleting primary resources via the standard HTTP verbs (POST, PUT, PATCH, DELETE, GET). When accessing the Kubernetes API for the first time, use the Kubernetes command-line tool, kubectl. To access a cluster, you need to know the location of the cluster and have credentials to access it.

Checking the location & credentials

[node1 kubelabs]$ kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.0.18:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate

Directly accessing the REST API

The kubectl handles locating and authenticating to the API server. If you want to directly access the REST API with an HTTP client like curl or wget, or a browser, there are multiple ways you can locate and authenticate against the API server:

  • Run kubectl in proxy mode (recommended). This method is recommended, since it uses the stored apiserver location and verifies the identity of the API server using a self-signed cert. No man-in-the-middle (MITM) attack is possible using this method.
  • Provide the location and credentials directly to the HTTP client. This works with client code that is confused by proxies. To protect against man in the middle attacks, you’ll need to import a root cert into your browser. Using the Go or Python client libraries provides accessing kubectl in proxy mode.

Using kubectl proxy

The following command runs kubectl in a mode where it acts as a reverse proxy. It handles locating the API server and authenticating.

kubectl proxy --port=8080 &

Then you can explore the API with curlwget, or a browser, like so:

curl http://localhost:8080/api/

The output is similar to this:

[node1 kubelabs]$ curl http://localhost:8080/api/
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "192.168.0.18:6443"
    }
  ]

Without kubectl proxy

  # Check all possible clusters, as you .KUBECONFIG may have multiple contexts:
kubectl config view -o jsonpath='{"Cluster name\tServer\n"}{range .clusters[*]}{.name}{"\t"}{.cluster.server}{"\n"}{end}'

# Select name of cluster you want to interact with from above output:
export CLUSTER_NAME="some_server_name"

# Point to the API server referring the cluster name
APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")

# Gets the token value
TOKEN=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode)

# Explore the API with TOKEN
curl -X GET $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure

Further Reference:

Have Queries? Join https://launchpass.com/collabnix

Ajeet Raina Docker Captain, ARM Innovator & Docker Bangalore Community Leader.

What are Kubernetes Pods and Containers? – KubeLabs Glossary

What are Kubernetes Pods? Kubernetes pods are the foundational unit for all higher Kubernetes objects. A pod hosts one or more containers. It can...
Ajeet Raina
9 min read

What is Helm?

Ajeet Raina
11 min read

39 Replies to “A Quick Look at the Kubernetes API Concepts”

  1. You really make it appear so easy together with your presentation however I in finding this matter to be actually something that I believe I’d by no means understand. It seems too complex and extremely wide for me. I’m looking ahead on your subsequent submit, I¦ll try to get the hold of it!

  2. I have been exploring for a little for any high quality articles or blog posts in this sort of space . Exploring in Yahoo I finally stumbled upon this web site. Studying this info So i¦m happy to convey that I’ve an incredibly just right uncanny feeling I discovered just what I needed. I such a lot without a doubt will make sure to don¦t put out of your mind this website and provides it a look on a continuing basis.

  3. An impressive share, I just given this onto a colleague who was doing a little analysis on this. And he in fact bought me breakfast because I found it for him.. smile. So let me reword that: Thnx for the treat! But yeah Thnkx for spending the time to discuss this, I feel strongly about it and love reading more on this topic. If possible, as you become expertise, would you mind updating your blog with more details? It is highly helpful for me. Big thumb up for this blog post!

  4. Keep up the fantastic piece of work, I read few blog posts on this web site and I believe that your web blog is very interesting and has got lots of good info .

  5. Hey there would you mind sharing which blog platform you’re using? I’m going to start my own blog soon but I’m having a tough time choosing between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I’m looking for something unique. P.S Apologies for getting off-topic but I had to ask!

  6. Hello just wanted to give you a quick heads up. The words in your content seem to be running off the screen in Firefox. I’m not sure if this is a formatting issue or something to do with web browser compatibility but I thought I’d post to let you know. The layout look great though! Hope you get the issue solved soon. Thanks

  7. Thanks for the auspicious writeup. It in truth was once a entertainment account it. Look complex to more brought agreeable from you! However, how could we keep up a correspondence?

  8. Whats up very cool website!! Man .. Beautiful .. Superb .. I’ll bookmark your site and take the feeds additionallyKI am happy to seek out so many helpful info right here within the post, we need develop extra techniques on this regard, thank you for sharing. . . . . .

  9. I’ll immediately snatch your rss as I can not in finding your e-mail subscription hyperlink or e-newsletter service. Do you have any? Please let me recognise in order that I could subscribe. Thanks.

  10. Hi there, just became alert to your blog through Google, and found that it’s really informative. I’m gonna watch out for brussels. I will be grateful if you continue this in future. Many people will be benefited from your writing. Cheers!

  11. That is the precise weblog for anybody who needs to find out about this topic. You understand so much its nearly laborious to argue with you (not that I truly would need…HaHa). You undoubtedly put a brand new spin on a topic thats been written about for years. Great stuff, simply nice!

  12. Can I just say what a aid to search out somebody who actually is aware of what theyre talking about on the internet. You positively know how one can bring a difficulty to light and make it important. Extra folks have to read this and perceive this facet of the story. I cant believe youre no more widespread because you positively have the gift.

  13. Heya i am for the primary time here. I came across this board and I in finding It really useful & it helped me out much. I am hoping to offer something back and help others such as you aided me.

  14. This blog is definitely rather handy since I’m at the moment creating an internet floral website – although I am only starting out therefore it’s really fairly small, nothing like this site. Can link to a few of the posts here as they are quite. Thanks much. Zoey Olsen

Leave a Reply

Your email address will not be published.