Skip to content

Instantly share code, notes, and snippets.

@ptesny
Last active April 20, 2023 10:28
Show Gist options
  • Save ptesny/069678c4a9cb7a1dc2f74f6d4bfd98c5 to your computer and use it in GitHub Desktop.
Save ptesny/069678c4a9cb7a1dc2f74f6d4bfd98c5 to your computer and use it in GitHub Desktop.
SAP Kyma Runtime cluster APIs with API Management

kubelogin

https://dashboard.kyma.cloud.sap/clusters

 

$ kubectl get nodes --kubeconfig ~/.kube/kubeconfig--shoot--kyma--<cluster ID>.yaml
NAME                                                 STATUS   ROLES    AGE   VERSION
shoot--kyma--<cluster ID>-cpu-worker-0-z1-767c5-8wpqs   Ready    <none>   49d   v1.21.10
shoot--kyma--<cluster ID>-cpu-worker-0-z1-767c5-bq5zj   Ready    <none>   49d   v1.21.10
shoot--kyma--<cluster ID>-cpu-worker-0-z1-767c5-v4hfg   Ready    <none>   49d   v1.21.10

OR
$ kubectl get jobs --kubeconfig ~/.kube/kubeconfig--shoot--kyma--<cluster ID>.yaml

 

 

apiVersion: v1
kind: Config
current-context: shoot--kyma-stage--1234567
clusters:
- name: shoot--kyma-stage--1234567
  cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5ekNDQWQrZ0F3SUJBZ0lSQUpOUG5vYTRGYzB0TlhuaFd6VXczSEV3RhEUFNxL3J4czRxMHljZ0NDMjR0K1FhUXA1bGtCdVd3dHhjMmsxUGdYaUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
    server: https://api.1234567.stage.kyma.ondemand.com
contexts:
- name: shoot--kyma-stage--1234567
  context:
    cluster: shoot--kyma-stage--1234567
    user: shoot--kyma-stage--1234567
users:
- name: shoot--kyma-stage--1234567
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      args:
      - get-token
      - "--oidc-issuer-url=<IDP host url>"
      - "--oidc-client-id=<clientID>"
      - "--oidc-extra-scope=email"
      - "--oidc-extra-scope=openid"
      command: kubectl-oidc_login
      installHint: |
        kubelogin plugin is required to proceed with authentication
        # Homebrew (macOS and Linux)
        brew install int128/kubelogin/kubelogin

        # Krew (macOS, Linux, Windows and ARM)
        kubectl krew install oidc-login

        # Chocolatey (Windows)
        choco install kubelogin

 

kubectl krew install oidc-login

$ kubectl krew install oidc-login
Updated the local copy of plugin index.
...................................
  Upgrades available for installed plugins:
    * krew v0.3.4 -> v0.4.3
Installing plugin: oidc-login
Installed plugin: oidc-login
\
 | Use this plugin:
 | 	kubectl oidc-login
 | Documentation:
 | 	https://github.com/int128/kubelogin
 | Caveats:
 | \
 |  | You need to setup the OIDC provider, Kubernetes API server, role binding and kubeconfig.
 | /
/
WARNING: You installed plugin "oidc-login" from the krew-index plugin repository.
   These plugins are not audited for security by the Krew maintainers.
   Run them at your own risk.
A newer version of krew is available (v0.3.4 -> v0.4.3).
Run "kubectl krew upgrade" to get the newest version!

 

$ kubectl oidc-login get-token --oidc-issuer-url <issuer URL> --oidc-client-id <clientID>
{"kind":"ExecCredential","apiVersion":"client.authentication.k8s.io/v1beta1","spec":{"interactive":false},"status":{"expirationTimestamp":"2022-02-26T13:28:10Z","token":"eyJraWQiOiJGYWhqbG14M3hYS3R2V253VVpQanpYb2FtUkkiLCJhbGciOiJSUzI1NiJ9.eyJzdH08nfwhzx3Kn6EKVw"}}

 

Kubernetes APIs

https://kubernetes.io/docs/concepts/overview/kubernetes-api/

http://localhost:8080
{
  "paths": [
    "/.well-known/openid-configuration",
    "/api",
    "/api/v1",
    "/apis",
    "/apis/",
    "/apis/addons.kyma-project.io",
    "/apis/addons.kyma-project.io/v1alpha1",
    "/apis/admissionregistration.k8s.io",
    "/apis/admissionregistration.k8s.io/v1",
    "/apis/admissionregistration.k8s.io/v1beta1",
    "/apis/apiextensions.k8s.io",
    "/apis/apiextensions.k8s.io/v1",
    "/apis/apiextensions.k8s.io/v1beta1",
    "/apis/apiregistration.k8s.io",
    "/apis/apiregistration.k8s.io/v1",
    "/apis/apiregistration.k8s.io/v1beta1",
    "/apis/applicationconnector.kyma-project.io",
    "/apis/applicationconnector.kyma-project.io/v1alpha1",
    "/apis/apps",
    "/apis/apps/v1",
    "/apis/authentication.k8s.io",
    "/apis/authentication.k8s.io/v1",
    "/apis/authentication.k8s.io/v1beta1",
    "/apis/authorization.k8s.io",
    "/apis/authorization.k8s.io/v1",
    "/apis/authorization.k8s.io/v1beta1",
    "/apis/autoscaling",
    "/apis/autoscaling/v1",
    "/apis/autoscaling/v2beta1",
    "/apis/autoscaling/v2beta2",
    "/apis/batch",
    "/apis/batch/v1",
    "/apis/batch/v1beta1",
    "/apis/cert.gardener.cloud",
    "/apis/cert.gardener.cloud/v1alpha1",
    "/apis/certificates.k8s.io",
    "/apis/certificates.k8s.io/v1",
    "/apis/certificates.k8s.io/v1beta1",
    "/apis/compass.kyma-project.io",
    "/apis/compass.kyma-project.io/v1alpha1",
    "/apis/config.istio.io",
    "/apis/config.istio.io/v1alpha2",
    "/apis/coordination.k8s.io",
    "/apis/coordination.k8s.io/v1",
    "/apis/coordination.k8s.io/v1beta1",
    "/apis/crd.projectcalico.org",
    "/apis/crd.projectcalico.org/v1",
    "/apis/discovery.k8s.io",
    "/apis/discovery.k8s.io/v1",
    "/apis/discovery.k8s.io/v1beta1",
    "/apis/dns.gardener.cloud",
    "/apis/dns.gardener.cloud/v1alpha1",
    "/apis/eventing.knative.dev",
    "/apis/eventing.knative.dev/v1alpha1",
    "/apis/eventing.kyma-project.io",
    "/apis/eventing.kyma-project.io/v1alpha1",
    "/apis/events.k8s.io",
    "/apis/events.k8s.io/v1",
    "/apis/events.k8s.io/v1beta1",
    "/apis/extensions",
    "/apis/extensions.istio.io",
    "/apis/extensions.istio.io/v1alpha1",
    "/apis/extensions/v1beta1",
    "/apis/flowcontrol.apiserver.k8s.io",
    "/apis/flowcontrol.apiserver.k8s.io/v1beta1",
    "/apis/flows.knative.dev",
    "/apis/flows.knative.dev/v1alpha1",
    "/apis/gateway.kyma-project.io",
    "/apis/gateway.kyma-project.io/v1alpha1",
    "/apis/hydra.ory.sh",
    "/apis/hydra.ory.sh/v1alpha1",
    "/apis/install.istio.io",
    "/apis/install.istio.io/v1alpha1",
    "/apis/jaegertracing.io",
    "/apis/jaegertracing.io/v1",
    "/apis/kiali.io",
    "/apis/kiali.io/v1alpha1",
    "/apis/knativekafka.kyma-project.io",
    "/apis/knativekafka.kyma-project.io/v1alpha1",
    "/apis/messaging.knative.dev",
    "/apis/messaging.knative.dev/v1alpha1",
    "/apis/metrics.k8s.io",
    "/apis/metrics.k8s.io/v1beta1",
    "/apis/monitoring.coreos.com",
    "/apis/monitoring.coreos.com/v1",
    "/apis/monitoring.coreos.com/v1alpha1",
    "/apis/networking.istio.io",
    "/apis/networking.istio.io/v1alpha3",
    "/apis/networking.istio.io/v1beta1",
    "/apis/networking.k8s.io",
    "/apis/networking.k8s.io/v1",
    "/apis/networking.k8s.io/v1beta1",
    "/apis/node.k8s.io",
    "/apis/node.k8s.io/v1",
    "/apis/node.k8s.io/v1beta1",
    "/apis/oathkeeper.ory.sh",
    "/apis/oathkeeper.ory.sh/v1alpha1",
    "/apis/policy",
    "/apis/policy/v1",
    "/apis/policy/v1beta1",
    "/apis/rafter.kyma-project.io",
    "/apis/rafter.kyma-project.io/v1beta1",
    "/apis/rbac.authorization.k8s.io",
    "/apis/rbac.authorization.k8s.io/v1",
    "/apis/rbac.authorization.k8s.io/v1beta1",
    "/apis/rbac.istio.io",
    "/apis/rbac.istio.io/v1alpha1",
    "/apis/scheduling.k8s.io",
    "/apis/scheduling.k8s.io/v1",
    "/apis/scheduling.k8s.io/v1beta1",
    "/apis/security.istio.io",
    "/apis/security.istio.io/v1beta1",
    "/apis/serverless.kyma-project.io",
    "/apis/serverless.kyma-project.io/v1alpha1",
    "/apis/servicecatalog.k8s.io",
    "/apis/servicecatalog.k8s.io/v1beta1",
    "/apis/servicecatalog.kyma-project.io",
    "/apis/servicecatalog.kyma-project.io/v1alpha1",
    "/apis/settings.svcat.k8s.io",
    "/apis/settings.svcat.k8s.io/v1alpha1",
    "/apis/snapshot.storage.k8s.io",
    "/apis/snapshot.storage.k8s.io/v1beta1",
    "/apis/sources.eventing.knative.dev",
    "/apis/sources.eventing.knative.dev/v1alpha1",
    "/apis/sources.knative.dev",
    "/apis/sources.knative.dev/v1alpha1",
    "/apis/sources.kyma-project.io",
    "/apis/sources.kyma-project.io/v1alpha1",
    "/apis/storage.k8s.io",
    "/apis/storage.k8s.io/v1",
    "/apis/storage.k8s.io/v1beta1",
    "/apis/telemetry.istio.io",
    "/apis/telemetry.istio.io/v1alpha1",
    "/healthz",
    "/healthz/autoregister-completion",
    "/healthz/etcd",
    "/healthz/log",
    "/healthz/ping",
    "/healthz/poststarthook/aggregator-reload-proxy-client-cert",
    "/healthz/poststarthook/apiservice-openapi-controller",
    "/healthz/poststarthook/apiservice-registration-controller",
    "/healthz/poststarthook/apiservice-status-available-controller",
    "/healthz/poststarthook/bootstrap-controller",
    "/healthz/poststarthook/crd-informer-synced",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/kube-apiserver-autoregistration",
    "/healthz/poststarthook/priority-and-fairness-config-consumer",
    "/healthz/poststarthook/priority-and-fairness-config-producer",
    "/healthz/poststarthook/priority-and-fairness-filter",
    "/healthz/poststarthook/rbac/bootstrap-roles",
    "/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/healthz/poststarthook/start-apiextensions-controllers",
    "/healthz/poststarthook/start-apiextensions-informers",
    "/healthz/poststarthook/start-cluster-authentication-info-controller",
    "/healthz/poststarthook/start-kube-aggregator-informers",
    "/healthz/poststarthook/start-kube-apiserver-admission-initializer",
    "/livez",
    "/livez/autoregister-completion",
    "/livez/etcd",
    "/livez/log",
    "/livez/ping",
    "/livez/poststarthook/aggregator-reload-proxy-client-cert",
    "/livez/poststarthook/apiservice-openapi-controller",
    "/livez/poststarthook/apiservice-registration-controller",
    "/livez/poststarthook/apiservice-status-available-controller",
    "/livez/poststarthook/bootstrap-controller",
    "/livez/poststarthook/crd-informer-synced",
    "/livez/poststarthook/generic-apiserver-start-informers",
    "/livez/poststarthook/kube-apiserver-autoregistration",
    "/livez/poststarthook/priority-and-fairness-config-consumer",
    "/livez/poststarthook/priority-and-fairness-config-producer",
    "/livez/poststarthook/priority-and-fairness-filter",
    "/livez/poststarthook/rbac/bootstrap-roles",
    "/livez/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/livez/poststarthook/start-apiextensions-controllers",
    "/livez/poststarthook/start-apiextensions-informers",
    "/livez/poststarthook/start-cluster-authentication-info-controller",
    "/livez/poststarthook/start-kube-aggregator-informers",
    "/livez/poststarthook/start-kube-apiserver-admission-initializer",
    "/logs",
    "/metrics",
    "/openapi/v2",
    "/openid/v1/jwks",
    "/readyz",
    "/readyz/autoregister-completion",
    "/readyz/etcd",
    "/readyz/informer-sync",
    "/readyz/log",
    "/readyz/ping",
    "/readyz/poststarthook/aggregator-reload-proxy-client-cert",
    "/readyz/poststarthook/apiservice-openapi-controller",
    "/readyz/poststarthook/apiservice-registration-controller",
    "/readyz/poststarthook/apiservice-status-available-controller",
    "/readyz/poststarthook/bootstrap-controller",
    "/readyz/poststarthook/crd-informer-synced",
    "/readyz/poststarthook/generic-apiserver-start-informers",
    "/readyz/poststarthook/kube-apiserver-autoregistration",
    "/readyz/poststarthook/priority-and-fairness-config-consumer",
    "/readyz/poststarthook/priority-and-fairness-config-producer",
    "/readyz/poststarthook/priority-and-fairness-filter",
    "/readyz/poststarthook/rbac/bootstrap-roles",
    "/readyz/poststarthook/scheduling/bootstrap-system-priority-classes",
    "/readyz/poststarthook/start-apiextensions-controllers",
    "/readyz/poststarthook/start-apiextensions-informers",
    "/readyz/poststarthook/start-cluster-authentication-info-controller",
    "/readyz/poststarthook/start-kube-aggregator-informers",
    "/readyz/poststarthook/start-kube-apiserver-admission-initializer",
    "/readyz/shutdown",
    "/version"
  ]
}
http://localhost:8080/version
{
  "major": "1",
  "minor": "21",
  "gitVersion": "v1.21.10",
  "gitCommit": "a7a32748b5c60445c4c7ee904caf01b91f2dbb71",
  "gitTreeState": "clean",
  "buildDate": "2022-02-16T11:18:16Z",
  "goVersion": "go1.16.14",
  "compiler": "gc",
  "platform": "linux/amd64"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment