Scale Kubernetes deployments via API

Related searches

I would like to scale (up and down) deployment from PODs. In other words, how PODs in the namespace will send a Kubernetes API call in order to scale the deployment?

I have created a role and assign it to a service account with the following privileges in order to send API calls:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: "2019-05-19T18:52:09Z"
  name: {name}-sa
  namespace: {name}
  resourceVersion: "11378025"
  selfLink: /api/v1/namespaces/{name}/serviceaccounts/{name}-sa
  uid: 34606554-7a67-11e9-8e78-c6f4a9a0006a
secrets:
- name: {name}-sa-token-mgk5z



apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: Role
  metadata:
    creationTimestamp: "2019-05-17T13:21:09Z"
    name: {name}-{name}-api-role
    namespace: {name}
    resourceVersion: "10985868"
    selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/{name}/roles/{name}-{name}-api-role
    uid: a298e71a-78a6-11e9-b54a-c6f4a9a00070
  rules:
  - apiGroups:
    - extensions
    - apps
    resources:
    - deployments
    verbs:
    - get
    - list
    - watch
    - create
    - update
    - patch
    - delete
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    creationTimestamp: "2019-05-17T13:45:46Z"
    name: {name}-{name}-api-rolebind
    namespace: {name}
    resourceVersion: "11378111"
    selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/{name}/rolebindings/{name}-{name}-api-rolebind
    uid: 12812ea7-78aa-11e9-89ae-c6f4a9a00064
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: Role
    name: {name}-{name}-api-role
  subjects:
  - kind: ServiceAccount
    name: {name}-sa
    namespace: {name}
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

I can retrieve the deployment with the following command, but I cannot find how to scale it.

https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{name}/deployments/{name}

I tried the following command in order to scale it, but failed:

curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"  -X PUT  -d '[{ \
    "op":"replace", \
    "path":"/spec/replicas", \
    "value": "2" \
  }]'
 https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{name}/deployments/{name}

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "deployments.apps \"{name}\" is forbidden: User \"system:serviceaccount:{name}:default\" cannot  resource \"deployments\" in API group \"apps\" in the namespace \"{name}\"",
  "reason": "Forbidden",
  "details": {
    "name": "{name}",
    "group": "apps",
    "kind": "deployments"
  },
  "code": 403

I finally managed to find the way to scale deployments from PODs via Kubernetes API calls:

curl -X PATCH --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/extensions/v1beta1/namespaces/{NAMESPACE}/deployments/{NAME} \ -H 'Content-Type: application/strategic-merge-patch+json' \ -d '{"spec":{"replicas":1}}'

I had to create a new service account and assign the role as mentioned in the beginning.

thanks everyone for their support.

Kubernetes API Reference Docs, OLD API VERSIONS to read and write Kubernetes resource objects via a Kubernetes API endpoint. read scale of the specified Deployment� Learn How Kubernetes Helps Manage Containers Deployed Across Multiple Servers.

Try this:

API_URL="http://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale"
PAYLOAD='[{"op":"replace","path":"/spec/replicas","value":"2"}]'
curl -X PATCH -d$PAYLOAD -H 'Content-Type: application/json-patch+json' $API_URL

Scale Kubernetes deployments via API, I finally managed to find the way to scale deployments from PODs via Kubernetes API calls: curl -X PATCH --cacert� Core Kubernetes is a reference guide for those working in Kubernetes-based systems. Kubernetes in Action is a fully-updated and comprehensive guide to Kubernetes.

In kubernetes 1.14 I had to do it like this:

#!/bin/sh

set -e

NUMBER_OF_REPLICAS="$1"
CURRENT_NAMESPACE="$2"
DEPLOYMENT_NAME="$3"

KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
KUBE_CACRT_PATH="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"

PAYLOAD="{\"spec\":{\"replicas\":$NUMBER_OF_REPLICAS}}"

curl --cacert $KUBE_CACRT_PATH \
     -X PATCH \
     -H "Content-Type: application/strategic-merge-patch+json" \
     -H "Authorization: Bearer $KUBE_TOKEN" \
     --data "$PAYLOAD" \
     https://$KUBERNETES_SERVICE_HOST/apis/apps/v1/namespaces/$CURRENT_NAMESPACE/deployments/$DEPLOYMENT_NAME 

Note that the $KUBERNETES_SERVICE_HOST is automatically set by kubernetes inside the pods.

And don't forget that you need to set a ServiceAccount with permissions to patch deployments in order to be able to do the api call inside the pods. Example:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: example
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: example
rules:
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: example
subjects:
  - kind: ServiceAccount
    name: example
roleRef:
  kind: Role
  name: example
  apiGroup: rbac.authorization.k8s.io

Scaling an application, Install the Google Cloud SDK, which includes the gcloud command-line tool. Using the gcloud command line tool, install the Kubernetes command-line tool. Securing Kubernetes is different than securing other cloud-native environments. Get familiarized with the K8s attack surface. Read the K8s Threat Infographic.

Deploying a containerized web application, In this post, we discussed about how to create, delete and list deployments using kubernetes API. Related posts. 30 Oct 2019 � Auto Scaling� Search Kubernetes Consulting. Kubernetes Consulting. Visit Today & Find More Results on Simpli.com.

Understanding Kubernetes API, Scale Kubernetes deployments via API. Ask Question Asked 1 year ago. Active 25 days ago. Viewed 468 times 1. I would like to scale (up and down) deployment from PODs.

And with the kubectl command you could scale them from 11 to 3 like so: kubectl scale deployments/nginx-deployment --replicas=3. You could even scale them down to 0 if you need.

Comments
  • I appended the command that you proposed and got the below message without any scaling: # curl -X PATCH -d$PAYLOAD -H 'Content-Type: application/json-patch+json' $API_URL Warning: Binary output can mess up your terminal. Use "--output -" to tell Warning: curl to output it to your terminal anyway, or consider "--output Warning: <FILE>" to save to a file.
  • sorry, can you try https instead of http.
  • I get a 403 (reason: Forbidden) error, which says that default sa cannot patch resource \"deployments/scale\" in API group \"apps\" in the namespace do I have to create a new service account?
  • yes, default service account cannot patch deployments. Actually from description it looks like you already created SA or not?
  • No, I haven't created a new service account, but I assigned the default one to the role that I created. So, should I create the new sa and give a try?