Scope of API Resources_The Kubernetes Workshop-QQ阅读男生玄幻网

书名：The Kubernetes Workshop
作者名：Zachary Arnold Sahil Dua Wei Huang Faisal Masood Melony Qin Mohammed Abu Taleb
本章字数：345字
更新时间：2021-06-11 18:18:00

Scope of API Resources

All resource types can either be cluster-scoped resources or namespace-scoped resources. The scope of a resource affects the access of that resource and how that resource is managed. Let's look at the differences between namespace and cluster scope.

Namespace-Scoped Resources

As we saw in Chapter 2, An Overview of Kubernetes, Kubernetes makes use of Linux namespaces to organize most Kubernetes resources. Resources in the same namespace share the same control access policies and authorization checks. When a namespace is deleted, all resources in that namespace are also deleted.

Let's see what forms the request paths for interacting with namespace-scoped resources take:

Return the information about a specific pod in a namespace:
GET /api/v1/namespaces/{my-namespace}/pods/{pod-name}
Return the information about a collection of all Deployments in a namespace:
GET /apis/apps/v1/namespaces/{my-namespace}/deployments
Return the information about all instances of the resource type (in this case, services) across all namespaces:
GET /api/v1/services
Notice that when we are looking for information against all namespaces, it will not have namespace in the URL.

You can get a full list of namespace-scoped API resources by using the following command:

kubectl api-resources --namespaced=true

You should see a response similar to this:

Figure 4.23: Listing out all the namespace-scoped resources

Cluster-Scoped Resources

Most Kubernetes resources are namespace-scoped, but the namespace resource itself is not namespace-scoped. Resources that are not scoped within namespaces are cluster-scoped. Other examples of cluster-scoped resources are nodes. Since a node is cluster-scoped, you can deploy a pod on the desired node regardless of what namespace you want the pod to be in, and a node can host different pods from different namespaces.

Let's see how the request paths for interacting with cluster-scoped resources look:

Return the information about a specific node in the cluster:
GET /api/v1/nodes/{node-name}
Return the information of all instances of the resource type (in this case, nodes) in the cluster:
GET /api/v1/nodes
You can get a full list of cluster-scoped API resources by using the following command:
kubectl api-resources --namespaced=false
You should see an output similar to this:

Figure 4.24: Listing out all cluster-scoped resources