Cracking Kubernetes
Part I: Kubernetes API
Kubernetes is a fully resource-centered system, meaning that Kubernetes maintains the desired state of resources based on a thing called a reconciliation loop, using CRUD operations on these resources.
A Kubernetes cluster consists of a set of independent components that run as separate processes on the nodes of a cluster (e.g.: kubelet, kube-proxy) and it has two main parts control-plane and an application-plane.
In the control-plane is where we find the API Server which is the core of Kubernetes’s control-plane because it exposes an HTTP API that lets us communicate with the cluster. Looking at it from a very simplified perspective, it looks something like this:
So when we’re using kubectl command line we’re interacting with the Kubernetes API server. Through the API, end users, the cluster itself, and external components can communicate with each other.
The API server is the front end of the Kubernetes control-plane and it runs as a pod in the kube-system namespace.
Kubectl usage and fundamentals
kubectl[command][type][name][flags]So let’s take a concrete example when we executekubectl get nodeswhat happens behind the scenes is as follows:
kubectlreads yourkubeconfigto determine the cluster that we want to interact with.kubectlcontacts the Kubernetes API server and authenticates using the credentials specified in thekubeconfigfile.- The API server receives the request and forwards it to the
kubeletthat runs on each node in the cluster, subsequently, the API server aggregates all the results from all the nodes and returns the final list of nodes to thekubectlcommand line tool which displays it in the StdOut.
Now let’s dig even further, we can increase the verbosity to really see what happens in the background using v flag (where the verbosity can vary between 0–9).
So now the output of kubectl get nodes -v 9 would look like this, in which we can see HTTP request contents without truncation of contents.
But this is just one API endpoint…if we want to list all the API services that are available in the Kubernetes cluster we can execute:kubectl get apiservices.
These API services define our interaction with the cluster, for example when we issue kubectl top nodes to check the resource consumption for the cluster’s nodes, we’re interacting with metrics.k8s.io API more exactly with Metrics Server, we can extract resource consumption info using:
kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"kubectlis the workhorse when it comes to listing and describing resources, kubectl describe po/node to check the details of a specific resource, or kubectl get po/deployments to list important information about the specified resources.
One of the most underestimated features of kubectl is -o flag, using it we can list the output either as a table using a comma-separated list or JSON/YAML formatted API object or any additional information.
kubectl get nodes -ojson
kubectl get nodes -owide
kubectl get nodes -oname
#get ONLY the STATUS column
kubectl get nodes -o custom-columns=STATUS:status.conditions[-1].typeA quick tutorial concerning manipulating the output for listing Pod-specific information can be found here. ❗️
Last but not least, remember to set up kubectl autocomplete (bash-completion package should be installed as a prerequisite):
# add autocomplete permanently to BASH shell
echo "source <(kubectl completion bash)" >> ~/.bashrcConclusions
This article is merely touching the tip of the iceberg when it comes to, but the main takeaways would be that kubectl is a client for the Kubernetes API, most operations can be performed through kubectl command-line interface but there are other command-line tools, such as kubeadm.
The Kubernetes API lets you query and manipulate the state of API objects in Kubernetes (for example Pods, Namespaces, ConfigMaps, Events), and stores the serialized state of objects by writing them into etcd, but we can also access the API directly using REST calls.
