Difference between Kubernetes Objects and Resources

A representation of a specific group+version+kind is an object. For example, a v1 Pod, or an apps/v1 Deployment. Those definitions can exist in manifest files, or be obtained from the apiserver.

A specific URL used to obtain the object is a resource. For example, a list of v1 Pod objects can be obtained from the /api/v1/pods resource. A specific v1 Pod object can be obtained from the /api/v1/namespaces/<namespace-name>/pods/<pod-name> resource.

API discovery documents (like the one published at /api/v1) can be used to determine the resources that correspond to each object type.

Often, the same object can be retrieved from and submitted to multiple resources. For example, v1 Pod objects can be submitted to the following resource URLs:

  1. /api/v1/namespaces/<namespace-name>/pods/<pod-name>
  2. /api/v1/namespaces/<namespace-name>/pods/<pod-name>/status

Distinct resources allow for different server-side behavior and access control. The first URL only allows updating parts of the pod spec and metadata. The second URL only allows updating the pod status, and access is typically only given to kubelets.

Authorization rules are based on the resources for particular requests.

Leave a Comment