Invoke Kubernetes APIs via simple HTTP client, Invoke k8s API programmatically.

In this post i would like to explain how we can invoke k8s API and receive k8s cluster information. When we develop applications, programs sometimes we will need to invoke k8s APIs to perform some complex deployment tasks and in this post we will see how we can do that step by step. 

In my setup i have used Rancher desktop and k8s 1.24.3 version. Below instructions can slightly change in other versions.

First we need to create k8s user account. So for the creation of our user account, we will create service account, cluster role and cluster role binding. Please create below .yaml files for each of these resources and apply them into k8s cluster using 


apiVersion: v1

kind: ServiceAccount


 name: apk-platform

 namespace: default




kind: ClusterRole


 # "namespace" omitted since ClusterRoles are not namespaced

 name: apk-role


 - apiGroups: ["*"]

   resources: ["*"]

   verbs: ["*"]




# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.

kind: ClusterRoleBinding


 name: role-binding


 kind: ClusterRole

 name: apk-role



 # You can specify more than one "subject"

 - kind: ServiceAccount

   name: apk-platform # "name" is case sensitive

   namespace: default

Apply below 3 commands

kubectl apply -f ServiceAccount.yaml
kubectl apply -f ClusterRole.yml
kubectl apply -f ClusterRoleBinding.yaml

Set below varaible as we are going to use them in next steps

>>APISERVER=https://$(kubectl -n default get endpoints kubernetes --no-headers | awk '{ print $2 }')

Now we have successfullycreate service account and cluster role binding. Next we will need to get token and certificate to invoke API

To get token execute following command with provided yaml file.


apiVersion: v1

kind: Secret


  name: apk-platform-token

  annotations: apk-platform


Execute following
kubectl apply -f ClusterRoleBinding.yaml

Now you can see generated token , cert etc using below command

>>kubectl get secret "apk-platform-token" -o json


    "apiVersion": "v1",

    "data": {

        "ca.crt": "XXX",

        "namespace": "ZGVmYXVsdA==",

        "token": "XXXX"


    "kind": "Secret",

    "metadata": {

        "annotations": {

            "": "{\"apiVersion\":\"v1\",\"kind\":\"Secret\",\"metadata\":{\"annotations\":{\"\":\"apk-platform\"},\"name\":\"apk-platform-token\",\"namespace\":\"default\"},\"type\":\"\"}\n",

            "": "apk-platform",

            "": "e546dfae-7420-425f-881e-fcdcbe7ace9f"


        "creationTimestamp": "2022-11-09T08:07:51Z",

        "name": "apk-platform-token",

        "namespace": "default",

        "resourceVersion": "43505",

        "uid": "d2d4f3ae-aee6-4784-8a5f-fa7d1e874bfb"


    "type": ""


Now lets extract token and certificate using below commands

Extract token data into varaible
>>TOKEN=$(kubectl get secrets apk-platform-token -o json | jq -Mr '.data.token' | base64 -d)

Extract certificate information to file

>>kubectl get secret "apk-platform-token" -o json | jq -Mr '.data["ca.crt"]' | base64 -d > /tmp/ca.crt

Now we have all required information to invoke k8s API. Lets execute curl command using token and certificate we obtained as follows.

curl -s $APISERVER/openapi/v2 --header "Authorization: Bearer $TOKEN" --cacert /tmp/ca.crt | less

