Kubernetes API

What is the Kubernetes API?

Kubernetes Clusters are used for operating and monitoring applications across multiple servers in a containerized manner. The K8 clusters or Kubes have numerous resources such as pods, services, containers, and more across which an application is distributed. This distribution is used to ensure the smooth functioning of the app in an efficient and scalable manner.

The API is the Kubernetes control plane or the administration layer, which manages how the K8 clusters should operate. This involves monitoring clusters at all times, detecting changes, freeing up resources, assigning and reassigning them, and more, based on the app’s requirements.

Structure of the Kubernetes API

The Kubernetes API is used for interaction with the cluster and its various resources. There are different resource types and resource instances, which are in the form of API objects. These are a part of the cluster, and API directs them to perform specific actions whenever necessary. These actions are known as verbs.

For the API to have clarity on all resources and API endpoints connected to the system, they are divided into API Groups. These API Groups consist of the following information:

●     Resource Name

●     Resource Kind

●     apiVersion

●     Namespace

Based on this, the resources can be called and instructed to perform specific actions (Verbs) as and when necessary.

How does the Kubernetes API work?

The Kubernetes API can perform several actions on the resources. Some of the most common ones include the CRUD and Watch actions.

CRUD stands for:

●     Creating a New Resource

●     Updating an Existing Resource

●     Deleting a Resource

Creating a Resource

The Kubernetes API creates different resources based on the requirement. For example, a Job resource is made for a request to be handled and processed. The YAML file is written to create an ApiClient and API Stub Instance. Since Job as a resource is part of the Batch API, a Batchv1Api instance is created.

This would then invoke the cluster’s API Server. Next, the V1JobBuildder instance is instantiated, and all the necessary details or properties are entered. The API Stub instance is then called, thereby creating the Job.

Updating a Resource

Updating a resource means certain properties of the resources are modified based on the requests entering the cluster or other requirements. In such scenarios, a PATCH request is sent to the API Server, where the fields or modified properties are mentioned, along with the modified values.

There are four major ways to go about this process, but the simplest one is using a YAML file. The YAML file consists of all properties of a particular resource. The ones that need to be modified are changed and advertised to the server.

 However, sending a partial YAML is difficult. So, first, an object with modified fields is created and converted into a YAML or .JSON string. This is then used to make the changes to the resources, and the fields are updated.

Deleting a Resource

Deleting a resource is the simplest operation. For instance, deleting a job simply requires one to pass the deleteNamespacedJob method with all the values as null, and the resource is deleted.

Watch

The watch operation simply returns the current state of the object in concern. One uses this to find out what’s happening with a specific resource or a set of resources at the moment and also get constant updates of what happens after. It is essentially efficient in detecting changes.

These are the major operations Kubernetes API instructs the Kubernetes clusters to perform. However, besides these, the DevOps engineers would also be required to access the Kubernetes clusters through the API.

How to Access Kubernetes API?

There are two ways in which the Kubernetes cluster can be accessed via the API. This is by using kubectl and the REST API.

kubectl

The kubectl command is used to access the cluster via the Kubernetes API for the first time. This command can also be used to set up the configuration of the clusters. Alternatively, if the cluster is already set up, the DevOps engineer needs to know the location and the credentials for accessing it.

The command is:

kubectl config view

Direct Access with REST API

The kubectl proxy can be leveraged to access the REST API directly. While there is an alternative method, there is a possibility of a Man-in-the-Middle attack occurring. So, leveraging the kubectl proxy is recommended.

Furthermore, this would locate the API Server and authenticate to it. The command is:

kubectl proxy –port=8080 &

The API can then be explored with HTTP Clients such as curl or wget. The command is:

curl http://localhost:8080/api/

Uses of Kubernetes API

The Kubernetes API acts as the medium via which all operations of the clusters can be managed. These include:

Cluster Health Monitoring

With API endpoints such as /healthz and /livez, the health of your cluster and the issues in it can be retrieved.

Watch Bookmarks

The Bookmark feature allows the API to mark the specific instance up to which the status of the different resources has been sent. This way, the statuses after the Bookmark are sent for the subsequent Watch request.

Retrieving Large Results Sets in Chunks

When a large set of resources or objects are requested, the server becomes busier, takes more time, and the entire retrieval process becomes inefficient. Thus, the API allows the DevOps engineer to get all the necessary data in the form of smaller chunks to avoid the issue.

 Receiving Resources as Tables

While retrieving resources as tables, there are challenges, such as recovering third-party resources unknown at compile time and ones involved with the non-trivial logic. These can be solved with the Kubernetes API, which returns objects in the Table content format.

Besides these, the API also monitors nodes, pods, metric attributes, and more to ensure the clusters are functioning in an efficient fashion.

How to Enable Kubernetes API

To enable or disable the Kubernetes API, the runtime-config command is used. Here, certain API versions can be turned off based on the requirements of the DevOps engineer. The command also enables the retrieval of all APIs or merely Legacy APIs.

This is the complete overview of the Kubernetes API, its features, functionalities, and uses.

Read Next

Principle of Least Privilege

What is the Principle of Least Privilege? The principle of least privilege (PoLP) states that...

Known Exploited Vulnerabilities Catalog (KEV)

In cybersecurity, vulnerabilities are weaknesses (actually bugs) that attackers exploit to compromise systems or data....

Container Image Scanning

What is image scanning? Image scanning is the process of inspecting container images for potential...

Stay up to date