Kubernetes API Extensions – Kubernetes Tutorial. Here Coding compiler sharing a tutorial on Kubernetes API extensions. Let’s start learning about Kubernetes. Happy learning.
Kubernetes API Extensions
There are many types of Kubernetes API Extensions are there. They are:
User-Defined Types
Consider adding a Custom Resource to Kubernetes if you want to define new controllers, application configuration objects or other declarative APIs, and to manage them using Kubernetes tools, such as kubectl.
Do not use a Custom Resource as data storage for application, user, or monitoring data.
Read Related Article: What is Kubernetes?
Combining New APIs with Automation
Often, when you add a new API, you also add a control loop that reads and/or writes the new APIs. When the combination of a Custom API and a control loop is used to manage a specific, usually stateful, application, this is called the Operator pattern. Custom APIs and control loops can also be used to control other resources, such as storage, policies, and so on.
Related Article: Kubernetes Architecture
Changing Built-in Resources
When you extend the Kubernetes API by adding custom resources, the added resources always fall into a new API Groups. You cannot replace or change existing API groups. Adding an API does not directly let you affect the behavior of existing APIs (e.g. Pods), but API Access Extensions do.
Related Article For You: Kubernetes Components
API Access Extensions
When a request reaches the Kubernetes API Server, it is first Authenticated, then Authorized, then subject to various types of Admission Control. See [Accessing the API] for more on this flow.
Each of these steps offers extension points.
Kubernetes has several built-in authentication methods that it supports. It can also sit behind an authenticating proxy, and it can send a token from an Authorization header to a remote service for verification (a webhook). All of these methods are covered in the Authentication documentation.
Related Article: Kubernetes Objects
Authentication
Authentication maps headers or certificates in all requests to a username for the client making the request.
Kubernetes provides several built-in authentication methods, and an Authentication webhook method if those don’t meet your needs.
Related Article: Kubernetes Names And Namespaces
Authorization
Authorization determines whether specific users can read, write, and do other operations on API resources. It just works at the level of whole resources – it doesn’t discriminate based on arbitrary object fields. If the built-in authorization options don’t meet your needs, and Authorization webhook allows calling out to user-provided code to make an authorization decision.
Related Article: Kubernetes API Tutorial
Dynamic Admission Control
After a request is authorized, if it is a write operation, it also goes through Admission Control steps. In addition to the built-in steps, there are several extensions:
- The Image Policy webhook restricts what images can be run in containers.
- To make arbitrary admission control decisions, a general Admission webhook can be used. Admission Webhooks can reject creations or updates.
- Initializers are controllers that can modify objects before they are created. Initializers can modify initial object creations but cannot affect updates to objects. Initializers can also reject objects.
Infrastructure Extensions
There are several infrastructure extensions are there in Kubernetes. They are:
Related Article: Kubernetes Cluster Tutorial
Storage Plugins
Flex Volumes allow users to mount volume types without built-in support by having the Kubelet call a Binary Plugin to mount the volume.
Device Plugins
Device plugins allow a node to discover new Node resources (in addition to the builtin ones like cpu and memory) via a Device Plugin.
Network Plugins
Different networking fabrics can be supported via node-level Network Plugins.
Scheduler Extensions
The scheduler is a special type of controller that watches pods and assigns pods to nodes. The default scheduler can be replaced entirely while continuing to use other Kubernetes components, or multiple schedulers can run at the same time.
This is a significant undertaking, and almost all Kubernetes users find they do not need to modify the scheduler.
The scheduler also supports a webhook that permits a webhook backend (scheduler extension) to filter and prioritize the nodes chosen for a pod.
Related KUBERNETES TUTORIALS
Kubernetes Names And Namespaces
Kubernetes Interview Questions
Want to learn Kubernetes from industry experts?
Get register for a FREE demo on Kubernetes Training @ Contact us.