Which API Group in k8s

This is a little tricky, because both groups apps and extensions are in use in recent kubernetes versions, for example
kubectl get deployments # It is still requested via extensions api group by default.
kubectl get deployments.apps # request via apps group

so until deployments are removed from the extensions apigroup you have to use both apigroups in your role.

  • apiGroups: ["apps","extensions"]

https://github.com/kubernetes/kubernetes/issues/67439


It is included in the online API documentation.

In your example, if you click through and find the documentation for Role, it lists the group and version in both the sidebar ("Role v1 rbac.authorization.k8s.io") and as the first line in the actual API documentation. Similarly, Deployment is in group "apps" with version "v1".

In the Role specification you only put the group, and it applies to all versions. So to control access to Deployments, you'd specify apiGroups: [apps], resources: [deployments]. (This is actually one of the examples in the RBAC documentation.)


To get API resources - supported by your Kubernetes cluster:

 kubectl api-resources -o wide

example:
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND                             VERBS
deployments                       deploy       apps                           true         Deployment                   [create delete deletecollection get list patch update watch]
deployments                       deploy       extensions                     true         Deployment                   [create delete deletecollection get list patch update watch]

To get API versions - supported by your Kubernetes cluster:

kubectl api-versions

You can verify f.e. deployment:

kubectl explain deploy 

KIND:     Deployment
VERSION:  extensions/v1beta1

DESCRIPTION:
     DEPRECATED - This group version of Deployment is deprecated by
     apps/v1beta2/Deployment.

Furthermore you can investigate with api-version:

kubectl explain deploy --api-version apps/v1

Shortly you an specify in you apiGroups like:

apiGroups: ["extensions", "apps"]

You can also configure those settings for your cluster using (for example to test it will work with next 1.16 release) by passing options into --runtime-config in kube-apiserver.

Additional resources:

  • api Resources:
  • Kubernetes Deprecation Policy

  • Additional Notable Feature Updates for specific release please follow like:

    Continued deprecation of extensions/v1beta1, apps/v1beta1, and apps/v1beta2 APIs; these extensions will be retired in 1.16!


kubectl api-resources -o wide provide the supported API resources on the system.

[suresh.vishnoi@xxx1309 ~]$ kubectl api-resources -o wide
NAME                                  SHORTNAMES      APIGROUP                       NAMESPACED   KIND                                 VERBS
bindings                                                                             true         Binding                              [create]
componentstatuses                     cs                                             false        ComponentStatus                      [get list]
configmaps                            cm                                             true         ConfigMap                            [create delete deletecollection get list patch update watch]
endpoints                             ep                                             true         Endpoints                            [create delete deletecollection get list patch update watch]
events                                ev                                             true         Event                                [create delete deletecollection get list patch update watch]
controllerrevisions                                   apps                           true         ControllerRevision                   [create delete deletecollection get list patch update watch]
daemonsets                            ds              apps                           true         DaemonSet                            [create delete deletecollection get list patch update watch]
deployments                           deploy          apps                           true         Deployment                           [create delete deletecollection get list patch update watch]
replicasets                           rs              apps                           true         ReplicaSet                           [create delete deletecollection get list patch update watch]

kubectl api-resources -o wide | grep -i deployment will provide the relevant information

apps is the apiGroup for the deployment resource

DaemonSet, Deployment, StatefulSet, and ReplicaSet: will no longer be served from extensions/v1beta1, apps/v1beta1, or apps/v1beta2 in v1.16. Migrate to the apps/v1 API, available since v1.9. Existing persisted data can be retrieved/updated via the apps/v1 API./api-deprecations-in-1-16

Tags:

Kubernetes

Kubernetes Apiserver

Related

Electron: How to securely inject global variable into BrowserWindow / BrowserView? NSBackgroundColorAttributeName in textView doesn't respect range if highlighted word is first of a line How to disable "related videos" from an embedded youtube playlist Template default argument loses its reference type Is there is a faster alternative for Integer.toString(myInt).getBytes(US_ASCII)? What is the purpose of std::add_lvalue_reference and std::add_rvalue_reference? Installed App from TestFlight crashes due to alleged UISearchDisplayController Why does (function() { return this; }).call('string literal') return [String: 'string literal'] instead of 'string literal'? Is there optional chaining in PHP? Count strings in nested list How to replace in variable strings inside azure-pipelines.yaml? Change the casing title of the object inside an array

Recent Posts