REST APIs for Google Kubernetes Engine (GKE)

6/11/2018

What are the RESP full APIs available for GKE and how do I call them? Currently I want to integrate GKE with my on-premise tool to deploy containers on GKE. I have all the required images already built and want to trigger an API call in GKE to deploy my docker image. Which API should I call? what and how do I provide for the authentication ?

-- Tali
api
google-api
google-kubernetes-engine

2 Answers

6/12/2018

The list of available Google Kubernetes Engines REST Resource APIs such as can be found on the Google Kubernetes Engine public doc

This is the Restful API to interact with the Cluster and not with Kubernetes. To interact with Kubernetes and container management, you use Kubectl.

And depending on your method of authentication, you can use the Google OAuth 2.0 authentication if you are authenticating via the browser, APIs if you are authenticating within your code ,or use Kubectl.

-- arp-sunny.
Source: StackOverflow

7/27/2018

As @Sunny J. mentioned, in GKE docs you can only find APIs to interact with cluster for configuration only. If you want to manage workloads, you need to interact with Kubernetes API server. This is API reference. First you need to get address and port on which API server is listening:

kubectl config view --minify | grep server | cut -f 2- -d ":" | tr -d " "

If you need root access to the cluster, you can create service account and cluster role binding to cluster-admin:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

Now reveal its token:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

When making request, set Authorization header this way, replacing token with one you received using previous command:

Authorization: "Bearer <token>"

Good luck with Kubernetes:)

-- Nikita Zernov
Source: StackOverflow