Breaking Down The Kubernetes API

Where The API Runs

In the opening section of this blog post, you read that any time you interact with Kubernetes, you’re interacting with an API. The API lives on the Control Plane, sometimes referred to as the API server or the Master Node. Depending on your Kubernetes environment, you may either be running Kubernetes in the cloud or on-prem.

How it Works

Typically when you’re interacting with Kubernetes, you’re most likely using the kubectl command, which is the Kubernetes CLI. Although many people use kubectl, there are many other ways to interact with Kubernetes. For example:

  • If you’re on OpenShift, you can use the oc CLI or the oda CLI
  • If you use Terraform, you can create Kubernetes Deployments, Pods, etc.
  • If you use Python, Go, or any other programming language, you can create Kubernetes Deployments, Pods, etc.

API Groups and Versioning

Now that you know how the API works and a few different ways to interact with the Kubernetes API, let’s dive a bit deeper into how the APIs themselves work. First, let’s talk about API groups and versions.

  • Core Group
  • Named Group
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
selector:
matchLabels:
app: nginxdeployment
replicas: 2
template:
metadata:
labels:
app: nginxdeployment
spec:
containers:
- name: nginxdeployment
image: nginx:latest
ports:
- containerPort: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-nginxservice-a
spec:
ingressClassName: nginx-servicea
rules:
- host: localhost
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginxservice
port:
number: 8080

API Extensions

Let’s say there’s something in Kubernetes that doesn’t currently exist. What do you do? Well, since Kubernetes is an open-source project, you can create extensions. These extensions are sometimes called Controllers or Operators (typically Controllers for the most part). With Operators, you can extend the Kubernetes API based on the OpenAPI Kubernetes spec.

apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: vault-db-creds
spec:
# Vault CSI Provider
provider: vault
parameters:
# Vault role name to use during login
roleName: 'app'
# Vault's hostname
vaultAddress: '<https://vault:8200>'
# TLS CA certification for validation
vaultCACertPath: '/vault/tls/ca.crt'
objects: |
- objectName: "dbUsername"
secretPath: "database/creds/db-app"
secretKey: "username"
- objectName: "dbPassword"
secretPath: "database/creds/db-app"
secretKey: "password"

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Levan

Michael Levan

234 Followers

Leader in Kubernetes consulting, research, and content creation ┇AWS Community Builder (Dev Tools Category)┇ HashiCorp Ambassador