Which API Group in k8s

9/6/2019

How do I determine which apiGroup any given resource belongs in?

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: default
  name: thing
rules:
- apiGroups: ["<wtf goes here>"]
  resources: ["deployments"]
  verbs: ["get", "list"]
  resourceNames: []
-- Cole Bittel
kubernetes
kubernetes-apiserver

5 Answers

9/7/2019

You can run below command to get apiVersion and other details.

 kubectl explain <Resource Name>
 kubectl explain deployment
-- Subramanian Manickam
Source: StackOverflow

9/9/2019

To get API resources - supported by your Kubernetes cluster:

 kubectl api-resources -o wide

example:
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND                             VERBS
deployments                       deploy       apps                           true         Deployment                   [create delete deletecollection get list patch update watch]
deployments                       deploy       extensions                     true         Deployment                   [create delete deletecollection get list patch update watch]

To get API versions - supported by your Kubernetes cluster:

kubectl api-versions

You can verify f.e. deployment:

kubectl explain deploy 

KIND:     Deployment
VERSION:  extensions/v1beta1

DESCRIPTION:
     DEPRECATED - This group version of Deployment is deprecated by
     apps/v1beta2/Deployment.

Furthermore you can investigate with api-version:

kubectl explain deploy --api-version apps/v1

Shortly you an specify in you apiGroups like:

apiGroups: ["extensions", "apps"]

You can also configure those settings for your cluster using (for example to test it will work with next 1.16 release) by passing options into --runtime-config in kube-apiserver.

Additional resources:

-- Hanx
Source: StackOverflow

9/6/2019

This is a little tricky, because both groups apps and extensions are in use in recent kubernetes versions, for example
kubectl get deployments # It is still requested via extensions api group by default.
kubectl get deployments.apps # request via apps group

so until deployments are removed from the extensions apigroup you have to use both apigroups in your role.

  • apiGroups: ["apps","extensions"]

https://github.com/kubernetes/kubernetes/issues/67439

-- EAT
Source: StackOverflow

9/6/2019

kubectl api-resources -o wide provide the supported API resources on the system.

[suresh.vishnoi@xxx1309 ~]$ kubectl api-resources -o wide
NAME                                  SHORTNAMES      APIGROUP                       NAMESPACED   KIND                                 VERBS
bindings                                                                             true         Binding                              [create]
componentstatuses                     cs                                             false        ComponentStatus                      [get list]
configmaps                            cm                                             true         ConfigMap                            [create delete deletecollection get list patch update watch]
endpoints                             ep                                             true         Endpoints                            [create delete deletecollection get list patch update watch]
events                                ev                                             true         Event                                [create delete deletecollection get list patch update watch]
controllerrevisions                                   apps                           true         ControllerRevision                   [create delete deletecollection get list patch update watch]
daemonsets                            ds              apps                           true         DaemonSet                            [create delete deletecollection get list patch update watch]
deployments                           deploy          apps                           true         Deployment                           [create delete deletecollection get list patch update watch]
replicasets                           rs              apps                           true         ReplicaSet                           [create delete deletecollection get list patch update watch]

kubectl api-resources -o wide | grep -i deployment will provide the relevant information

apps is the apiGroup for the deployment resource

DaemonSet, Deployment, StatefulSet, and ReplicaSet: will no longer be served from extensions/v1beta1, apps/v1beta1, or apps/v1beta2 in v1.16. Migrate to the apps/v1 API, available since v1.9. Existing persisted data can be retrieved/updated via the apps/v1 API./api-deprecations-in-1-16

-- Suresh Vishnoi
Source: StackOverflow

9/6/2019

It is included in the online API documentation.

In your example, if you click through and find the documentation for Role, it lists the group and version in both the sidebar ("Role v1 rbac.authorization.k8s.io") and as the first line in the actual API documentation. Similarly, Deployment is in group "apps" with version "v1".

In the Role specification you only put the group, and it applies to all versions. So to control access to Deployments, you'd specify apiGroups: [apps], resources: [deployments]. (This is actually one of the examples in the RBAC documentation.)

-- David Maze
Source: StackOverflow