kube-apiserver Playground
Play with the Kubernetes API server and discover what makes Kubernetes tick.
This environment is set up for learning how the Kubernetes API server works in isolation.
🎯 Getting Started
Even though this "cluster" isn't fully functional (no controller manager or scheduler),
kubectl can still be used to interact with the Kubernetes API server:
kubectl cluster-info
💡 Use the k alias to keep commands short.
Hint
krew also available to install plugins:
kubectl krew --help
Since the Kubernetes API is just a regular REST API, it can be accessed directly using curl:
curl -k -H "Authorization: Bearer iximiuz" https://127.0.0.1:6443/api
💡 The token iximiuz authenticates as a user part of system:masters.
Hint
Use jq to colorize or filter the output of curl requests.
🔬 Examples
Working with namespaces
Create a new namespace:
kubectl create namespace test
List namespaces:
kubectl get namespaces
Get namespace details:
kubectl get namespace test
Check details of the authenticated user
kubectl auth whoami
Watch resources
kubectl get pods --watch
List resources with label selectors
kubectl get pods -l app=nginx
⚠️ Limitations
Pod Creation Issues
Creating pods will fail by default because they attempt to automount the default service account token:
# This will fail
kubectl run test-pod --image=nginx
Mitigations:
- Disable token automounting:
kubectl run test-pod --image=nginx --overrides='{"spec":{"automountServiceAccountToken":false}}'
- Create the default service account first:
kubectl create serviceaccount default
Controller Manager Resources
Resources that depend on the controller manager won't function properly:
# These will create API objects but won't result in actual pods
kubectl create deployment podinfo --image=ghcr.io/stefanprodan/podinfo
kubectl create job test-job --image=busybox -- echo "hello"
The API server will accept these resources, but without the controller manager:
- Deployments won't create ReplicaSets or Pods
- Jobs won't create Pods
- Services won't get endpoints
🔧 Customizing API Server
Customize API server flags:
echo "KUBE_APISERVER_OPTS=\"--feature-gates=Foo=true\"" | sudo tee /etc/default/kube-apiserver
sudo systemctl restart kube-apiserver
Check API server status:
sudo systemctl status kube-apiserver
View API server logs:
sudo journalctl -xeu kube-apiserver
📚 Learn More
🧩 Related Content
🧪 Playgrounds
Happy learning! 🚀
Actions
kube-apiserver Playground
Play with the Kubernetes API server and discover what makes Kubernetes tick.
This environment is set up for learning how the Kubernetes API server works in isolation.
🎯 Getting Started
Even though this "cluster" isn't fully functional (no controller manager or scheduler),
kubectl can still be used to interact with the Kubernetes API server:
kubectl cluster-info
💡 Use the k alias to keep commands short.
Hint
krew also available to install plugins:
kubectl krew --help
Since the Kubernetes API is just a regular REST API, it can be accessed directly using curl:
curl -k -H "Authorization: Bearer iximiuz" https://127.0.0.1:6443/api
💡 The token iximiuz authenticates as a user part of system:masters.
Hint
Use jq to colorize or filter the output of curl requests.
🔬 Examples
Working with namespaces
Create a new namespace:
kubectl create namespace test
List namespaces:
kubectl get namespaces
Get namespace details:
kubectl get namespace test
Check details of the authenticated user
kubectl auth whoami
Watch resources
kubectl get pods --watch
List resources with label selectors
kubectl get pods -l app=nginx
⚠️ Limitations
Pod Creation Issues
Creating pods will fail by default because they attempt to automount the default service account token:
# This will fail
kubectl run test-pod --image=nginx
Mitigations:
- Disable token automounting:
kubectl run test-pod --image=nginx --overrides='{"spec":{"automountServiceAccountToken":false}}'
- Create the default service account first:
kubectl create serviceaccount default
Controller Manager Resources
Resources that depend on the controller manager won't function properly:
# These will create API objects but won't result in actual pods
kubectl create deployment podinfo --image=ghcr.io/stefanprodan/podinfo
kubectl create job test-job --image=busybox -- echo "hello"
The API server will accept these resources, but without the controller manager:
- Deployments won't create ReplicaSets or Pods
- Jobs won't create Pods
- Services won't get endpoints
🔧 Customizing API Server
Customize API server flags:
echo "KUBE_APISERVER_OPTS=\"--feature-gates=Foo=true\"" | sudo tee /etc/default/kube-apiserver
sudo systemctl restart kube-apiserver
Check API server status:
sudo systemctl status kube-apiserver
View API server logs:
sudo journalctl -xeu kube-apiserver
📚 Learn More
🧩 Related Content
🧪 Playgrounds
Happy learning! 🚀