User-defined Playground

kube-apiserver Playground

Play with the Kubernetes API server and discover what makes Kubernetes tick.

Startup configuration
kube-apiserver
kube-apiserver playground: Play with the Kubernetes API server and discover what makes Kubernetes tick.

This environment is set up for learning how the Kubernetes API server works in isolation.

🎯 Getting Started

Even though this "cluster" isn't fully functional (no controller manager or scheduler), kubectl can still be used to interact with the Kubernetes API server:

kubectl cluster-info

💡 Use the k alias to keep commands short.

Hint 💡

krew also available to install plugins:

kubectl krew --help

Since the Kubernetes API is just a regular REST API, it can be accessed directly using curl:

curl -k -H "Authorization: Bearer iximiuz" https://127.0.0.1:6443/api

💡 The token iximiuz authenticates as a user part of system:masters.

Hint 💡

Use jq to colorize or filter the output of curl requests.

🔬 Examples

Working with namespaces

Create a new namespace:

kubectl
curl
kubectl create namespace test
curl -k \
    -X POST \
    -H "Authorization: Bearer iximiuz" \
    -H "Content-Type: application/json" \
    https://127.0.0.1:6443/api/v1/namespaces \
    -d '{"metadata":{"name":"test"}}'

List namespaces:

kubectl
curl
kubectl get namespaces
curl -k \
    -H "Authorization: Bearer iximiuz" \
    https://127.0.0.1:6443/api/v1/namespaces

Get namespace details:

kubectl
curl
kubectl get namespace test
curl -k \
    -H "Authorization: Bearer iximiuz" \
    https://127.0.0.1:6443/api/v1/namespaces/test

Check details of the authenticated user

kubectl
curl
kubectl auth whoami
curl -k \
    -X POST \
    -H "Authorization: Bearer iximiuz" \
    -H "Content-Type: application/json" \
    https://127.0.0.1:6443/apis/authentication.k8s.io/v1/selfsubjectreviews \
    -d '{"apiVersion":"authentication.k8s.io/v1","kind":"SelfSubjectReview"}'

Watch resources

kubectl
curl
kubectl get pods --watch
curl -k \
    -H "Authorization: Bearer iximiuz" \
    https://127.0.0.1:6443/api/v1/namespaces/default/pods?watch=true

List resources with label selectors

kubectl
curl
kubectl get pods -l app=nginx
curl -k \
    -H "Authorization: Bearer iximiuz" \
    "https://127.0.0.1:6443/api/v1/namespaces/default/pods?labelSelector=app%3Dnginx"

⚠️ Limitations

Pod Creation Issues

Creating pods will fail by default because they attempt to automount the default service account token:

# This will fail
kubectl run test-pod --image=nginx

Mitigations:

  1. Disable token automounting:
kubectl
curl
kubectl run test-pod --image=nginx --overrides='{"spec":{"automountServiceAccountToken":false}}'
curl -k \
    -X POST \
    -H "Authorization: Bearer iximiuz" \
    -H "Content-Type: application/json" \
    https://127.0.0.1:6443/api/v1/namespaces/default/pods \
    -d '{"metadata":{"name":"test-pod"},"spec":{"containers":[{"name":"test-pod","image":"nginx"}],"automountServiceAccountToken":false}}'
  1. Create the default service account first:
kubectl
curl
kubectl create serviceaccount default
curl -k \
    -X POST \
    -H "Authorization: Bearer iximiuz" \
    -H "Content-Type: application/json" \
    https://127.0.0.1:6443/api/v1/namespaces/default/serviceaccounts \
    -d '{"metadata":{"name":"default"}}'

Controller Manager Resources

Resources that depend on the controller manager won't function properly:

# These will create API objects but won't result in actual pods
kubectl create deployment podinfo --image=ghcr.io/stefanprodan/podinfo
kubectl create job test-job --image=busybox -- echo "hello"

The API server will accept these resources, but without the controller manager:

  • Deployments won't create ReplicaSets or Pods
  • Jobs won't create Pods
  • Services won't get endpoints

🔧 Customizing API Server

Customize API server flags:

echo "KUBE_APISERVER_OPTS=\"--feature-gates=Foo=true\"" | sudo tee /etc/default/kube-apiserver

sudo systemctl restart kube-apiserver

Check API server status:

sudo systemctl status kube-apiserver

View API server logs:

sudo journalctl -xeu kube-apiserver

📚 Learn More

🧪 Playgrounds

Happy learning! 🚀

Start
Settings