The Kubernetes API is a RESTful, resource-based HTTP interface that supports GET, POST, PUT, PATCH, and DELETE. Use it to query and manage cluster resources programmatically — without kubectl. This topic shows how to authenticate with client certificates and call the API using cURL to manage pods and Deployments.
Prerequisites
Before you begin, ensure that you have:
-
An ACK cluster
-
Permission to access the ACK console
-
cURL installed on your local machine
Extract credentials from kubeconfig
-
Log on to the ACK console.
-
Click Go to RAM consoleResource Access Management Quick Authorization to open the Cloud Resource Access Authorization page, then click Confirm Authorization Policy. After authorization completes, refresh the ACK console.
-
In the left-side navigation pane, click Clusters.
-
On the Clusters page, click the cluster name or click Details in the Actions column.
-
On the cluster details page, click the Connection Information tab. Copy the content of the kubeconfig file and save it to your local machine as
./kubeconfig. -
Run the following commands to extract the client certificate, private key, and API server address from the kubeconfig file:
cat ./kubeconfig | grep client-certificate-data | awk -F ' ' '{print $2}' | base64 -d > ./client-cert.pem cat ./kubeconfig | grep client-key-data | awk -F ' ' '{print $2}' | base64 -d > ./client-key.pem APISERVER=`cat ./kubeconfig | grep server | awk -F ' ' '{print $2}'`These commands decode the base64-encoded certificate data and set
$APISERVERto the API server URL. All subsequent cURL commands use these files and the$APISERVERvariable.
The-kflag in the examples below skips TLS server verification. This is acceptable for testing, but for production use, replace-kwith--cacert <path-to-ca.pem>to verify the server's identity and prevent man-in-the-middle attacks.
Manage pods
All pod API calls use the path $APISERVER/api/v1/namespaces/<namespace>/pods.
| Operation | HTTP method | Path |
|---|---|---|
| List all namespaces | GET | /api/v1/namespaces |
| List all pods | GET | /api/v1/namespaces/default/pods |
| Create a pod | POST | /api/v1/namespaces/default/pods |
| Get pod status | GET | /api/v1/namespaces/default/pods/nginx |
| Get pod logs | GET | /api/v1/namespaces/default/pods/nginx/log |
| Get pod metrics | GET | /apis/metrics.k8s.io/v1beta1/namespaces/default/pods/nginx |
| Delete a pod | DELETE | /api/v1/namespaces/default/pods/nginx |
List all namespaces in the cluster:
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/api/v1/namespacesList all pods in the default namespace:
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/api/v1/namespaces/default/podsCreate a pod from a JSON manifest:
cat nginx-pod.json
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "nginx",
"namespace": "default"
},
"spec": {
"containers": [
{
"name": "nginx",
"image": "nginx:alpine",
"ports": [
{
"containerPort": 80
}
]
}
]
}
}
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/api/v1/namespaces/default/pods \
-X POST --header 'content-type: application/json' -d@nginx-pod.jsonCreate a pod from a YAML manifest:
cat nginx-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: default
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/api/v1/namespaces/default/pods \
-X POST --header 'content-type: application/yaml' --data-binary @nginx-pod.yamlGet the status of a pod:
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginxGet pod logs:
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx/logGet pod metrics via the Metrics Server API:
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/apis/metrics.k8s.io/v1beta1/namespaces/default/pods/nginxDelete a pod:
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/api/v1/namespaces/default/pods/nginx -X DELETEManage Deployments
All Deployment API calls use the path $APISERVER/apis/apps/v1/namespaces/<namespace>/deployments.
Create a Deployment:
cat nginx-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deploy
labels:
app: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:alpine
ports:
- containerPort: 80
resources:
requests:
cpu: "2"
memory: "4Gi"
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/apis/apps/v1/namespaces/default/deployments \
-X POST --header 'content-type: application/yaml' --data-binary @nginx-deploy.yamlList all Deployments in the default namespace:
curl --cert ./client-cert.pem --key ./client-key.pem -k $APISERVER/apis/apps/v1/namespaces/default/deploymentsScale a Deployment:
curl --cert ./client-cert.pem --key ./client-key.pem -k \
$APISERVER/apis/apps/v1/namespaces/default/deployments/nginx-deploy \
-X PATCH -H 'Content-Type: application/strategic-merge-patch+json' \
-d '{"spec": {"replicas": 4}}'Update the container image:
curl --cert ./client-cert.pem --key ./client-key.pem -k \
$APISERVER/apis/apps/v1/namespaces/default/deployments/nginx-deploy \
-X PATCH -H 'Content-Type: application/strategic-merge-patch+json' \
-d '{"spec": {"template": {"spec": {"containers": [{"name": "nginx","image": "nginx:1.7.9"}]}}}}'What's next
For programmatic access beyond cURL, use an open-source Kubernetes client library. Official libraries are available for the following languages:
| Language | Client library | Examples |
|---|---|---|
| Go | client-go | Browse |
| Python | client-python | Browse |
| Java | client-java | Browse |
For the full list of supported languages, see Kubernetes client libraries.
For additional ways to access the Kubernetes API, see Access clusters using the Kubernetes API.