cancel
Showing results for 
Search instead for 
Did you mean: 

Related Articles:

Exploring Kubernetes API using Wireshark part 2: Namespaces

Exploring Kubernetes API using Wireshark part 3: Python Client API

Quick Intro

This article answers the following question:

What happens when we create, list and delete pods under the hood? More specifically on the wire.

I used these 3 commands:

0151T000003dF59QAE.png

I'll show you on Wireshark the communication between kubectl client and master node (API) for each of the above commands.

I used a proxy so we don't have to worry about TLS layer and focus on HTTP only.

Creating NGINX pod

pcap: creating_pod.pcap (use http filter on Wireshark)

Here's our YAML file:

0151T000003dF5OQAU.png

Here's how we create this pod:

0151T000003dF5TQAU.png

Here's what we see on Wireshark:

0151T000003dF5YQAU.png

Behind the scenes, kubectl command sent an HTTP POST with our YAML file converted to JSON but notice the same thing was sent (kind, apiVersion, metadata, spec):

0151T000003dF5dQAE.png

You can even expand it if you want to but I didn't to keep it short.

Then, Kubernetes master (API) responds with HTTP 201 Created to confirm our pod has been created:

0151T000003dF5iQAE.png

Notice that master node replies with similar data with the additional status column because after pod is created it's supposed to have a status too. 

Listing Pods

pcap: listing_pods.pcap (use http filter on Wireshark)

0151T000003dF5nQAE.png

When we list pods, kubectl just sends a HTTP GET request instead of POST because we don't need to submit any data apart from headers:

0151T000003dF5sQAE.png

This is the full GET request:

0151T000003dF5xQAE.png

And here's the HTTP 200 OK with JSON file that contains all information about all pods from default's namespace:

0151T000003dF6RQAU.png

I just wanted to emphasise that when you list a pod the resource type that comes back is PodList and when we created our pod it was just Pod. Remember?

The other thing I'd like to point out is that all of your pods' information should be listed under items

All kubectl does is to display some of the API's info in a humanly readable way. 

Deleting NGINX pod

pcap: deleting_pod.pcap (use http filter on Wireshark)

0151T000003dF6WQAU.png

Behind the scenes, we're just sending an HTTP DELETE to Kubernetes master:

0151T000003dF6bQAE.png

Also notice that the pod's name is also included in the URI: /api/v1/namespaces/default/pods/nginx ← this is pods' name

HTTP DELETE just like HTTP GET is pretty straightforward:

0151T000003dF6gQAE.png

Our master node replies with HTTP 200 OK as well as some json file with all the info about the pod, including about it's termination:

0151T000003dF6lQAE.png

It's also good to emphasise here that when our pod is deleted, master node returns JSON file with all information available about the pod.

I highlighted some interesting info. For example, resource type is now just Pod (not PodList when we're just listing our pods).

Version history
Last update:
‎05-Jun-2019 08:50
Updated by:
Contributors