This environment is set up for learning how the Kubernetes API server works in isolation.
Even though this "cluster" isn't fully functional (no controller manager or scheduler),
kubectl
can still be used to interact with the Kubernetes API server:
kubectl cluster-info
💡 Use the k
alias to keep commands short.
krew
also available to install plugins:
kubectl krew --help
Since the Kubernetes API is just a regular REST API, it can be accessed directly using curl:
curl -k -H "Authorization: Bearer iximiuz" https://127.0.0.1:6443/api
💡 The token iximiuz
authenticates as a user part of system:masters
.
Use jq
to colorize or filter the output of curl requests.
Create a new namespace:
kubectl create namespace test
List namespaces:
kubectl get namespaces
Get namespace details:
kubectl get namespace test
kubectl auth whoami
kubectl get pods --watch
kubectl get pods -l app=nginx
Creating pods will fail by default because they attempt to automount the default service account token:
# This will fail
kubectl run test-pod --image=nginx
Mitigations:
kubectl run test-pod --image=nginx --overrides='{"spec":{"automountServiceAccountToken":false}}'
kubectl create serviceaccount default
Resources that depend on the controller manager won't function properly:
# These will create API objects but won't result in actual pods
kubectl create deployment podinfo --image=ghcr.io/stefanprodan/podinfo
kubectl create job test-job --image=busybox -- echo "hello"
The API server will accept these resources, but without the controller manager:
Customize API server flags:
echo "KUBE_APISERVER_OPTS=\"--feature-gates=Foo=true\"" | sudo tee /etc/default/kube-apiserver
sudo systemctl restart kube-apiserver
Check API server status:
sudo systemctl status kube-apiserver
View API server logs:
sudo journalctl -xeu kube-apiserver
Happy learning! 🚀
This environment is set up for learning how the Kubernetes API server works in isolation.
Even though this "cluster" isn't fully functional (no controller manager or scheduler),
kubectl
can still be used to interact with the Kubernetes API server:
kubectl cluster-info
💡 Use the k
alias to keep commands short.
krew
also available to install plugins:
kubectl krew --help
Since the Kubernetes API is just a regular REST API, it can be accessed directly using curl:
curl -k -H "Authorization: Bearer iximiuz" https://127.0.0.1:6443/api
💡 The token iximiuz
authenticates as a user part of system:masters
.
Use jq
to colorize or filter the output of curl requests.
Create a new namespace:
kubectl create namespace test
List namespaces:
kubectl get namespaces
Get namespace details:
kubectl get namespace test
kubectl auth whoami
kubectl get pods --watch
kubectl get pods -l app=nginx
Creating pods will fail by default because they attempt to automount the default service account token:
# This will fail
kubectl run test-pod --image=nginx
Mitigations:
kubectl run test-pod --image=nginx --overrides='{"spec":{"automountServiceAccountToken":false}}'
kubectl create serviceaccount default
Resources that depend on the controller manager won't function properly:
# These will create API objects but won't result in actual pods
kubectl create deployment podinfo --image=ghcr.io/stefanprodan/podinfo
kubectl create job test-job --image=busybox -- echo "hello"
The API server will accept these resources, but without the controller manager:
Customize API server flags:
echo "KUBE_APISERVER_OPTS=\"--feature-gates=Foo=true\"" | sudo tee /etc/default/kube-apiserver
sudo systemctl restart kube-apiserver
Check API server status:
sudo systemctl status kube-apiserver
View API server logs:
sudo journalctl -xeu kube-apiserver
Happy learning! 🚀
Pro Tip: Install iximiuz Labs CLI to start playgrounds and SSH into them from your favorite local terminal:
curl -sf https://labs.iximiuz.com/cli/install.sh | sh