K
Q

Scale Kubernetes deployments via API

5/19/2019

I would like to scale (up and down) deployment from PODs. In other words, how PODs in the namespace will send a Kubernetes API call in order to scale the deployment?

I have created a role and assign it to a service account with the following privileges in order to send API calls:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "2019-05-19T18:52:09Z"
  name: {name}-sa
  namespace: {name}
  resourceVersion: "11378025"
  selfLink: /api/v1/namespaces/{name}/serviceaccounts/{name}-sa
  uid: 34606554-7a67-11e9-8e78-c6f4a9a0006a
secrets:
- name: {name}-sa-token-mgk5z



apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    creationTimestamp: "2019-05-17T13:21:09Z"
    name: {name}-{name}-api-role
    namespace: {name}
    resourceVersion: "10985868"
    selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/{name}/roles/{name}-{name}-api-role
    uid: a298e71a-78a6-11e9-b54a-c6f4a9a00070
  rules:
  - apiGroups:
    - extensions
    - apps
    resources:
    - deployments
    verbs:
    - get
    - list
    - watch
    - create
    - update
    - patch
    - delete
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    creationTimestamp: "2019-05-17T13:45:46Z"
    name: {name}-{name}-api-rolebind
    namespace: {name}
    resourceVersion: "11378111"
    selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/{name}/rolebindings/{name}-{name}-api-rolebind
    uid: 12812ea7-78aa-11e9-89ae-c6f4a9a00064
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: {name}-{name}-api-role
  subjects:
  - kind: ServiceAccount
    name: {name}-sa
    namespace: {name}
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

I can retrieve the deployment with the following command, but I cannot find how to scale it.

https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{name}/deployments/{name}

I tried the following command in order to scale it, but failed:

curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"  -X PUT  -d '[{ \
    "op":"replace", \
    "path":"/spec/replicas", \
    "value": "2" \
  }]'
 https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{name}/deployments/{name}

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "deployments.apps \"{name}\" is forbidden: User \"system:serviceaccount:{name}:default\" cannot  resource \"deployments\" in API group \"apps\" in the namespace \"{name}\"",
  "reason": "Forbidden",
  "details": {
    "name": "{name}",
    "group": "apps",
    "kind": "deployments"
  },
  "code": 403
-- user10573594
kubernetes

Similar Questions

Azure china kubernetes cluster monitoring
Add additional annotations to existing helm chart
Terraform taint resource naming convention (v0.11.13)
Set environment variable for a single pod in a cluster
Unable to access react js simple app with istio on k8s desktop
In terms of resource allocation in kubernetes, is Mi the same as MiB

3 Answers

5/19/2019

Try this:

API_URL="http://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale"
PAYLOAD='[{"op":"replace","path":"/spec/replicas","value":"2"}]'
curl -X PATCH -d$PAYLOAD -H 'Content-Type: application/json-patch+json' $API_URL
-- Vasily Angapov
Source: StackOverflow
4/24/2020

In kubernetes 1.14 I had to do it like this:

#!/bin/sh

set -e

NUMBER_OF_REPLICAS="$1"
CURRENT_NAMESPACE="$2"
DEPLOYMENT_NAME="$3"

KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
KUBE_CACRT_PATH="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"

PAYLOAD="{\"spec\":{\"replicas\":$NUMBER_OF_REPLICAS}}"

curl --cacert $KUBE_CACRT_PATH \
     -X PATCH \
     -H "Content-Type: application/strategic-merge-patch+json" \
     -H "Authorization: Bearer $KUBE_TOKEN" \
     --data "$PAYLOAD" \
     https://$KUBERNETES_SERVICE_HOST/apis/apps/v1/namespaces/$CURRENT_NAMESPACE/deployments/$DEPLOYMENT_NAME

Note that the $KUBERNETES_SERVICE_HOST is automatically set by kubernetes inside the pods.

And don't forget that you need to set a ServiceAccount with permissions to patch deployments in order to be able to do the api call inside the pods. Example:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: example
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: example
rules:
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: example
subjects:
  - kind: ServiceAccount
    name: example
roleRef:
  kind: Role
  name: example
  apiGroup: rbac.authorization.k8s.io
-- Bruno_Ferreira
Source: StackOverflow
5/20/2019

I finally managed to find the way to scale deployments from PODs via Kubernetes API calls:

curl -X PATCH --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/extensions/v1beta1/namespaces/{NAMESPACE}/deployments/{NAME} \ -H 'Content-Type: application/strategic-merge-patch+json' \ -d '{"spec":{"replicas":1}}'

I had to create a new service account and assign the role as mentioned in the beginning.

thanks everyone for their support.

-- user10573594
Source: StackOverflow