Observing Kubernetes kubectl API calls

Recently I spent some time digging into the Kubernetes API. This was an incredible experience, and it really helped me understand the various calls, how they are structured, and what they do. To observe the API calls made by kubectl, you can run it with the “-v10” option:

$ kubectl get po -v10

This will print a TON of information to your screen. To see the API calls generated by $(kubectl get po), you can grep the results for GET:

$ kubectl get po -v10 2>&1 | grep GET

I0126 12:43:18.308163   28626 round_trippers.go:443] GET https://FQDN/api/v1/namespaces/default/pods?limit=500 200 OK in 1077 milliseconds

The API call to retrieve the list of pods contains the API version, the namespace to retrieve pods from, and the the results are paginated to 500 by default. What I personally found super useful was studying the JSON objects returned by the API server. The following command will pretty print the JSON responses:

$ kubectl get po -v10 2>&1 | grep 'Response Body:' out | sed 's/I0126.*Body://' | jq '.' | more

  "kind": "Table",
  "apiVersion": "meta.k8s.io/v1beta1",
  "metadata": {
    "selfLink": "/api/v1/namespaces/cert-manager/pods/cert-manager-7f46f4ffdd-bkz5f",
    "resourceVersion": "1127"
  "columnDefinitions": [
      "name": "Name",
      "type": "string",
      "format": "name",
      "description": "Name must be unique within a namespace ...
      "priority": 0

Studying the responses to specific API calls and looking up the various fields has really helped me understand what is going on under the covers. If you want to learn more you should check out Making the Most Out of Kubernetes Audit Logs, as well as Duffie Cooley’s Grokking the Kubernetes API server series. When you need to debug weird issues, you will be glad you did!

This article was posted by on 2020-01-26 00:00:00 -0500 -0500