Kubernetes API Extensions – Kubernetes Tutorial

Kubernetes API Extensions – Kubernetes Tutorial. Here Coding compiler sharing a tutorial on Kubernetes API extensions. Let’s start learning about Kubernetes. Happy learning.

Kubernetes API Extensions

There are many types of Kubernetes API Extensions are there. They are:

User-Defined Types

Consider adding a Custom Resource to Kubernetes if you want to define new controllers, application configuration objects or other declarative APIs, and to manage them using Kubernetes tools, such as kubectl.

Do not use a Custom Resource as data storage for application, user, or monitoring data.

Read Related Article: What is Kubernetes?

Combining New APIs with Automation

Often, when you add a new API, you also add a control loop that reads and/or writes the new APIs. When the combination of a Custom API and a control loop is used to manage a specific, usually stateful, application, this is called the Operator pattern. Custom APIs and control loops can also be used to control other resources, such as storage, policies, and so on.

Related Article: Kubernetes Architecture

Changing Built-in Resources

When you extend the Kubernetes API by adding custom resources, the added resources always fall into a new API Groups. You cannot replace or change existing API groups. Adding an API does not directly let you affect the behavior of existing APIs (e.g. Pods), but API Access Extensions do.

Related Article For You: Kubernetes Components

API Access Extensions

When a request reaches the Kubernetes API Server, it is first Authenticated, then Authorized, then subject to various types of Admission Control. See [Accessing the API] for more on this flow.

Each of these steps offers extension points.

Kubernetes has several built-in authentication methods that it supports. It can also sit behind an authenticating proxy, and it can send a token from an Authorization header to a remote service for verification (a webhook). All of these methods are covered in the Authentication documentation.

Related Article: Kubernetes Objects


Authentication maps headers or certificates in all requests to a username for the client making the request.

Kubernetes provides several built-in authentication methods, and an Authentication webhook method if those don’t meet your needs.

Related Article: Kubernetes Names And Namespaces


Authorization determines whether specific users can read, write, and do other operations on API resources. It just works at the level of whole resources – it doesn’t discriminate based on arbitrary object fields. If the built-in authorization options don’t meet your needs, and Authorization webhook allows calling out to user-provided code to make an authorization decision.

Related Article: Kubernetes API Tutorial

Dynamic Admission Control

After a request is authorized, if it is a write operation, it also goes through Admission Control steps. In addition to the built-in steps, there are several extensions:

  • The Image Policy webhook restricts what images can be run in containers.
  • To make arbitrary admission control decisions, a general Admission webhook can be used. Admission Webhooks can reject creations or updates.
  • Initializers are controllers that can modify objects before they are created. Initializers can modify initial object creations but cannot affect updates to objects. Initializers can also reject objects.

Infrastructure Extensions

There are several infrastructure extensions are there in Kubernetes. They are:

Related Article: Kubernetes Cluster Tutorial

Storage Plugins

Flex Volumes allow users to mount volume types without built-in support by having the Kubelet call a Binary Plugin to mount the volume.

Device Plugins

Device plugins allow a node to discover new Node resources (in addition to the builtin ones like cpu and memory) via a Device Plugin.

Network Plugins

Different networking fabrics can be supported via node-level Network Plugins.

Scheduler Extensions

The scheduler is a special type of controller that watches pods and assigns pods to nodes. The default scheduler can be replaced entirely while continuing to use other Kubernetes components, or multiple schedulers can run at the same time.

This is a significant undertaking, and almost all Kubernetes users find they do not need to modify the scheduler.

The scheduler also supports a webhook that permits a webhook backend (scheduler extension) to filter and prioritize the nodes chosen for a pod.


What is Kubernetes?

Kubernetes Components

Kubernetes Objects

Kubernetes Names And Namespaces

Kubernetes API

Kubernetes Architecture

Kubernetes Cluster

Kubernetes Interview Questions

Want to learn Kubernetes from industry experts?

Get register for a FREE demo on Kubernetes Training @ Contact us.

Leave a Comment