Which API Group in k8s

Question

How do I determine which apiGroup any given resource belongs in?

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: default
  name: thing
rules:
- apiGroups: ["<wtf goes here>"]
  resources: ["deployments"]
  verbs: ["get", "list"]
  resourceNames: []

score 31 · Accepted Answer · answered Sep 09 '19 at 13:23

To get API resources - supported by your Kubernetes cluster:

 kubectl api-resources -o wide

example:
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND                             VERBS
deployments                       deploy       apps                           true         Deployment                   [create delete deletecollection get list patch update watch]
deployments                       deploy       extensions                     true         Deployment                   [create delete deletecollection get list patch update watch]

To get API versions - supported by your Kubernetes cluster:

kubectl api-versions

You can verify f.e. deployment:

kubectl explain deploy 

KIND:     Deployment
VERSION:  extensions/v1beta1

DESCRIPTION:
     DEPRECATED - This group version of Deployment is deprecated by
     apps/v1beta2/Deployment.

Furthermore you can investigate with api-version:

kubectl explain deploy --api-version apps/v1

Shortly you an specify in you apiGroups like:

apiGroups: ["extensions", "apps"]

You can also configure those settings for your cluster using (for example to test it will work with next 1.16 release) by passing options into --runtime-config in kube-apiserver.

Additional resources:

api Resources:
Kubernetes Deprecation Policy
Additional Notable Feature Updates for specific release please follow like:

Continued deprecation of extensions/v1beta1, apps/v1beta1, and apps/v1beta2 APIs; these extensions will be retired in 1.16!

This shown API version now, not group – Mohammed Noureldin Oct 02 '22 at 22:10 — Mohammed Noureldin, Oct 02 '22 at 22:10

Suresh Vishnoi · Answer 2 · 2019-09-06T20:12:17.343

kubectl api-resources -o wide provide the supported API resources on the system.

[suresh.vishnoi@xxx1309 ~]$ kubectl api-resources -o wide
NAME                                  SHORTNAMES      APIGROUP                       NAMESPACED   KIND                                 VERBS
bindings                                                                             true         Binding                              [create]
componentstatuses                     cs                                             false        ComponentStatus                      [get list]
configmaps                            cm                                             true         ConfigMap                            [create delete deletecollection get list patch update watch]
endpoints                             ep                                             true         Endpoints                            [create delete deletecollection get list patch update watch]
events                                ev                                             true         Event                                [create delete deletecollection get list patch update watch]
controllerrevisions                                   apps                           true         ControllerRevision                   [create delete deletecollection get list patch update watch]
daemonsets                            ds              apps                           true         DaemonSet                            [create delete deletecollection get list patch update watch]
deployments                           deploy          apps                           true         Deployment                           [create delete deletecollection get list patch update watch]
replicasets                           rs              apps                           true         ReplicaSet                           [create delete deletecollection get list patch update watch]

kubectl api-resources -o wide | grep -i deployment will provide the relevant information

apps is the apiGroup for the deployment resource

DaemonSet, Deployment, StatefulSet, and ReplicaSet: will no longer be served from extensions/v1beta1, apps/v1beta1, or apps/v1beta2 in v1.16. Migrate to the apps/v1 API, available since v1.9. Existing persisted data can be retrieved/updated via the apps/v1 API./api-deprecations-in-1-16

Can you expand further about how to know which of the two outputs from your above command needs to used in the `apiGroups` field. ``` k api-resources -o wide | grep -i deployment deployments deploy apps true Deployment [create delete deletecollection get list patch update watch] deployments ``` — Cole Bittel, Sep 06 '19 at 11:34
I updated the answer with the example, as you can see the header of each column. — Suresh Vishnoi, Sep 06 '19 at 11:41
@ColeBittel, has the answered help you to solve the issue? If there is something missing let me know . thanks — Suresh Vishnoi, Sep 06 '19 at 12:12
But both `extensions` and `apps` are listed for `deployments` in the `APIGROUP`. So which one do I pick? How do I know which one to pick? — Cole Bittel, Sep 06 '19 at 12:14
it depends on the k8s version, Extension is deprecated. so apps is the present and future — Suresh Vishnoi, Sep 06 '19 at 12:19
what version of k8s are you using ? `kubectl version --short` — Suresh Vishnoi, Sep 06 '19 at 12:20

score 6 · Answer 3 · answered May 09 '22 at 21:58

6

In later k8s version, apigroup is deprecated, and the command kubectl api-resources -o wide will show apiversion instead, which is a combination of apigroup/version

answered May 09 '22 at 21:58

Aion

430
1
5
16

EnzoAT_ · Answer 4 · 2019-09-06T16:05:47.780

This is a little tricky, because both groups apps and extensions are in use in recent kubernetes versions, for example
kubectl get deployments # It is still requested via extensions api group by default.
kubectl get deployments.apps # request via apps group

so until deployments are removed from the extensions apigroup you have to use both apigroups in your role.

apiGroups: ["apps","extensions"]

https://github.com/kubernetes/kubernetes/issues/67439

David Maze · Answer 5 · 2019-09-06T13:01:10.497

2

It is included in the online API documentation.

In your example, if you click through and find the documentation for Role, it lists the group and version in both the sidebar ("Role v1 rbac.authorization.k8s.io") and as the first line in the actual API documentation. Similarly, Deployment is in group "apps" with version "v1".

In the Role specification you only put the group, and it applies to all versions. So to control access to Deployments, you'd specify apiGroups: [apps], resources: [deployments]. (This is actually one of the examples in the RBAC documentation.)

edited Sep 06 '19 at 13:01

answered Sep 06 '19 at 11:41

David Maze

130,717
29
175
215

It sounds as though you're suggesting I put `rbac.authorization.k8s.io` where the question has ``. If so, this is incorrect. – Cole Bittel Sep 06 '19 at 12:10
its import to get the group value from running cluster state, as there is possibility of different values – Suresh Vishnoi Sep 06 '19 at 12:11
@ColeBittel Sorry, I read the question a little deeper and understand better. I added a specific mention of the `apiGroups:` value for Deployments to the answer. – David Maze Sep 06 '19 at 13:01

score 1 · Answer 6 · answered Sep 07 '19 at 03:13

1

You can run below command to get apiVersion and other details.

 kubectl explain <Resource Name>
 kubectl explain deployment

answered Sep 07 '19 at 03:13

Subramanian Manickam

1,199
7
9

Which API Group in k8s

6 Answers6

Linked