| swagger: "2.0" |
| info: |
| title: The Giant Swarm API v4 |
| description: | |
| This is the documentation for the Giant Swarm API starting at version `v4`. |
| |
| For an introduction to Giant Swarm, refer to the [documentation site](https://docs.giantswarm.io/). |
| |
| The Giant Swarm API attempts to behave in a __restful__ way. As a developer, you access resources using the `GET` method and, for example, delete them using the same path and the `DELETE` method. |
| |
| Accessing resources via GET usually returns all information available about a resource, while collections, like for example the list of all clusters you have access to, only contain a selected few attributes of each member item. |
| |
| Some requests, like for example the request to create a new cluster, don't return the resource itself. Instead, the response delivers a standard message body, showing a `code` and a `message` part. The `message` contains information for you or a client's end user. The `code` attribute contains some string (example: `RESOURCE_CREATED`) that is supposed to give you details on the state of the operation, in addition to standard HTTP status codes. This message format is also used in the case of errors. We provide a [list of all response codes](https://github.com/giantswarm/api-spec/blob/master/details/RESPONSE_CODES.md) outside this documentation. |
| |
| Feedback on the API as well as this documentation is welcome via `support@giantswarm.io` or on IRC channel [#giantswarm](irc://irc.freenode.org:6667/#giantswarm) on freenode. |
| |
| ## Source |
| |
| The source of this documentation is available on [GitHub](https://github.com/giantswarm/api-spec). |
| |
| termsOfService: https://giantswarm.io/terms/ |
| version: 4.0.0 |
| license: |
| name: Apache 2.0 |
| url: http://www.apache.org/licenses/LICENSE-2.0.html |
| consumes: |
| - application/json |
| produces: |
| - application/json |
| tags: |
| - name: auth tokens |
| description: | |
| Auth Tokens are your way of authenticating against this API. You can create one by passing your email and base64 encoded password to the create auth token endpoint. The auth token never expires, in case you want to invalidate it you need to delete it (logout). |
| - name: clusters |
| description: | |
| Clusters are a central resource of the Giant Swarm API. As a user or team using Giant Swarm, you set up Kubernetes clusters to run your own workloads. |
| |
| The API currently provides operations to create and delete clusters, as well as list all available clusters and get details on specific clusters. |
| - name: info |
| description: Information about the Giant Swarm installation |
| - name: key pairs |
| description: A key pair is a unique combination of a X.509 certificate and a private key. Key pairs are used to access the Kubernetes API of a cluster, both using `kubectl` and any standard web browser. |
| externalDocs: |
| url: https://docs.giantswarm.io/guides/accessing-services-from-the-outside/ |
| description: "User guide: Accessing Pods and Services from the Outside" |
| - name: organizations |
| description: Organizations are groups of users who own resources like clusters. |
| - name: users |
| description: A user represents a person that should have access to the Giant Swarm API. Users can belong to many groups, and are identified by email address. |
| - name: releases |
| description: | |
| A release is a software bundle that constitutes a cluster. |
| |
| Releases are identified by their |
| [semantic version number](http://semver.org/) in the `MAJOR.MINOR.PATCH` |
| format. |
| |
| A release provides _components_, like for example Kubernetes. For each |
| release the contained components are listed. Changes in components are |
| detailed in the _changelog_ of a release. |
| securityDefinitions: |
| AuthorizationHeaderToken: |
| description: | |
| Clients authenticate by passing an auth token via the `Authorization` |
| header with a value of the format `giantswarm <token>`. Auth tokens can be |
| obtained using the [createAuthToken](#operation/createAuthToken) |
| operation. |
| type: apiKey |
| name: Authorization |
| in: header |
| |
| security: |
| - AuthorizationHeaderToken: [] |
| |
| paths: |
| /v4/info/: |
| get: |
| operationId: getInfo |
| tags: |
| - info |
| summary: Get information on the installation |
| description: | |
| Returns a set of details on the installation. The output varies based |
| on the provider used in the installation. |
| |
| This information is useful for example when creating new cluster, to |
| prevent creating clusters with more worker nodes than possible. |
| |
| ### Example for an AWS-based installation |
| |
| ```json |
| { |
| "general": { |
| "installation_name": "shire", |
| "provider": "aws", |
| "datacenter": "eu-central-1" |
| }, |
| "workers": { |
| "count_per_cluster": { |
| "max": 20, |
| "default": 3 |
| }, |
| "instance_type": { |
| "options": [ |
| "m3.medium", "m3.large", "m3.xlarge" |
| ], |
| "default": "m3.large" |
| } |
| } |
| } |
| ``` |
| |
| ### Example for a KVM-based installation |
| |
| ```json |
| { |
| "general": { |
| "installation_name": "isengard", |
| "provider": "kvm", |
| "datacenter": "string" |
| }, |
| "workers": { |
| "count_per_cluster": { |
| "max": 8, |
| "default": 3 |
| }, |
| } |
| } |
| ``` |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| responses: |
| "200": |
| description: Information |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4InfoResponse" |
| examples: |
| application/json: |
| { |
| "general": { |
| "installation_name": "shire", |
| "provider": "aws", |
| "datacenter": "eu-central-1" |
| }, |
| "workers": { |
| "count_per_cluster": { |
| "max": 20, |
| "default": 3 |
| }, |
| "instance_type": { |
| "options": [ |
| "m3.medium", "m3.large", "m3.xlarge" |
| ], |
| "default": "m3.large" |
| } |
| } |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/auth-tokens/: |
| post: |
| operationId: createAuthToken |
| tags: |
| - auth tokens |
| summary: Create Auth Token (Login) |
| description: | |
| Creates a Auth Token for a given user. Must authenticate with email and password. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - name: body |
| in: body |
| required: true |
| description: Create Auth Token Request |
| schema: |
| $ref: 'definitions.yaml#/definitions/V4CreateAuthTokenRequest' |
| x-examples: |
| application/json: |
| { |
| "email": "developer@example.com", |
| "password_base64": "cGFzc3dvcmQ=" |
| } |
| responses: |
| "200": |
| description: Success |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4CreateAuthTokenResponse" |
| examples: |
| application/json: |
| { |
| "auth_token": "e5239484-2299-41df-b901-d0568db7e3f9" |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| |
| delete: |
| operationId: deleteAuthToken |
| tags: |
| - auth tokens |
| summary: Delete Auth Token (Logout) |
| description: | |
| Deletes the authentication token provided in the Authorization header. This effectively logs you out. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| responses: |
| "200": |
| description: Success |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_DELETED", |
| "message": "The authentication token has been succesfully deleted." |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| |
| /v4/users/: |
| get: |
| operationId: getUsers |
| tags: |
| - users |
| summary: Get users |
| description: | |
| Returns a list of all users in the system. Currently this endpoint is only available to users with admin permissions. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| responses: |
| "200": |
| description: Success |
| schema: |
| type: array |
| items: |
| $ref: "./definitions.yaml#/definitions/V4UserListItem" |
| examples: |
| application/json: |
| [ |
| {"email": "andy@example.com", "created": "2017-01-15T12:00:00Z", "expiry": "2019-01-15T00:00:00Z"}, |
| {"email": "bob@example.com", "created": "2017-02-15T12:30:00Z", "expiry": "2020-01-15T00:00:00Z"}, |
| {"email": "charles@example.com", "created": "2017-03-15T13:00:00Z", "expiry": "2021-01-15T00:00:00Z"} |
| ] |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/user/: |
| get: |
| operationId: getCurrentUser |
| tags: |
| - users |
| summary: Get current user |
| description: | |
| Returns details about the currently authenticated user |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| responses: |
| "200": |
| description: Success |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4UserListItem" |
| examples: |
| application/json: |
| {"email": "andy@example.com", "created": "2017-01-15T12:00:00Z", "expiry": "2019-01-15T00:00:00Z"} |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/users/{email}/: |
| get: |
| operationId: getUser |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/UserEmailPathParameter" |
| tags: |
| - users |
| summary: Get user |
| description: | |
| Returns details about a specific user |
| responses: |
| "200": |
| description: Success |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4UserListItem" |
| examples: |
| application/json: |
| {"email": "andy@example.com", "created": "2017-01-15T12:00:00Z", "expiry": "2019-01-15T00:00:00Z"} |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: User not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The user could not be found. (not found: user with email 'bob@example.com' could not be found)" |
| } |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| put: |
| operationId: createUser |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/UserEmailPathParameter" |
| - name: body |
| in: body |
| required: true |
| description: User account details |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4CreateUserRequest" |
| x-examples: |
| application/json: |
| { |
| "password": "cGFzc3dvcmQ=", |
| "expiry": "2020-01-01T12:00:00.000Z" |
| } |
| tags: |
| - users |
| summary: Create user |
| description: | |
| Creates a users in the system. Currently this endpoint is only available to users with admin permissions. |
| responses: |
| "201": |
| description: User created |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_CREATED", |
| "message": "The user with email 'bob@example.com' has been created." |
| } |
| "400": |
| description: User already exists |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_ALREADY_EXISTS", |
| "message": "The user could not be created. (invalid input: email 'bob@example.com' already exists)" |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| delete: |
| operationId: deleteUser |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/UserEmailPathParameter" |
| tags: |
| - users |
| summary: Delete user |
| description: | |
| Deletes a users in the system. Currently this endpoint is only available |
| to users with admin permissions. |
| responses: |
| "200": |
| description: User deleted |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_DELETED", |
| "message": "The user with email 'bob@example.com' has been deleted." |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: User not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The user could not be deleted. (not found: user with email 'bob@example.com' could not be found)" |
| } |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/clusters/: |
| get: |
| operationId: getClusters |
| tags: |
| - clusters |
| summary: Get clusters |
| description: | |
| This operation fetches a list of clusters. |
| |
| The result depends on the permissions of the user. |
| A normal user will get all the clusters the user has access |
| to, via organization membership. |
| A user with admin permission will receive a list of all existing |
| clusters. |
| |
| The result array items are sparse representations of the cluster objects. |
| To fetch more details on a cluster, use the [getCluster](#operation/getCluster) |
| operation. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| responses: |
| "200": |
| description: Success |
| schema: |
| type: array |
| items: |
| $ref: "./definitions.yaml#/definitions/V4ClusterListItem" |
| examples: |
| application/json: |
| [ |
| { |
| "id": "g8s3o", |
| "create_date": "2017-06-08T12:31:47.215Z", |
| "name": "Staging Cluster", |
| "owner": "acme" |
| }, |
| { |
| "id": "3dkr6", |
| "create_date": "2017-05-22T13:58:02.024Z", |
| "name": "Test Cluster", |
| "owner": "testorg" |
| } |
| ] |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| post: |
| operationId: addCluster |
| tags: |
| - clusters |
| summary: Create cluster |
| description: | |
| This operation is used to create a new Kubernetes cluster for an |
| organization. The desired configuration can be specified using the |
| __cluster definition format__ (see |
| [external documentation](https://github.com/giantswarm/api-spec/blob/master/details/CLUSTER_DEFINITION.md) |
| for details). |
| |
| The cluster definition format allows to set a number of optional |
| configuration details, like memory size and number of CPU cores. |
| However, one attribute is __mandatory__ upon creation: The `owner` |
| attribute must carry the name of the organization the cluster will |
| belong to. Note that the acting user must be a member of that |
| organization in order to create a cluster. |
| |
| It is *recommended* to also specify the `name` attribute to give the |
| cluster a friendly name, like e. g. "Development Cluster". |
| |
| Additional definition attributes can be used. Where attributes are |
| omitted, default configuration values will be applied. For example, if |
| no `release_version` is specified, the most recent version is used. |
| |
| The `workers` attribute, if present, must contain an array of node |
| definition objects. The number of objects given determines the number |
| of workers created. |
| |
| For example, requesting three worker nodes with default configuration |
| can be achieved by submitting an array of three empty objects: |
| |
| ```"workers": [{}, {}, {}]``` |
| |
| For clusters on AWS, note that all worker nodes must use the same instance type. |
| |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - name: body |
| in: body |
| required: true |
| description: New cluster definition |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4AddClusterRequest" |
| x-examples: |
| application/json: |
| { |
| "owner": "myteam", |
| "release_version": "1.4.2", |
| "name": "Example cluster with 3 default worker nodes", |
| "workers": [{}, {}, {}] |
| } |
| responses: |
| "201": |
| description: Cluster created |
| headers: |
| Location: |
| type: string |
| description: URI to obtain details on the new cluster using the [getCluster](#operation/getCluster) operation |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_CREATED", |
| "message": "A new cluster has been created with ID 'wqtlq'" |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/clusters/{cluster_id}/: |
| get: |
| operationId: getCluster |
| tags: |
| - clusters |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/ClusterIdPathParameter" |
| summary: Get cluster details |
| description: | |
| This operation allows to obtain all available details on a particular cluster. |
| responses: |
| "200": |
| description: Cluster details |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4ClusterDetailsResponse" |
| examples: |
| application/json: |
| { |
| "id": "wqtlq", |
| "create_date": "2017-03-03T10:50:45.949270905Z", |
| "api_endpoint": "https://api.wqtlq.example.com", |
| "name": "Just a Standard Cluster", |
| "release_version": "2.5.16", |
| "kubernetes_version": "", |
| "owner": "acme", |
| "workers": [ |
| { |
| "memory": {"size_gb": 2.0}, |
| "storage": {"size_gb": 20.0}, |
| "cpu": {"cores": 4}, |
| "labels": { |
| "beta.kubernetes.io/arch": "amd64", |
| "beta.kubernetes.io/os": "linux", |
| "ip": "10.3.11.2", |
| "kubernetes.io/hostname": "worker-1.x882ofna.k8s.gigantic.io", |
| "nodetype": "hicpu" |
| } |
| }, |
| { |
| "memory": {"size_gb": 8.0}, |
| "storage": {"size_gb": 20.0}, |
| "cpu": {"cores": 2}, |
| "labels": { |
| "beta.kubernetes.io/arch": "amd64", |
| "beta.kubernetes.io/os": "linux", |
| "ip": "10.3.62.2", |
| "kubernetes.io/hostname": "worker-2.x882ofna.k8s.gigantic.io", |
| "nodetype": "hiram" |
| } |
| } |
| ], |
| "kvm": { |
| "port_mappings": [ |
| { |
| "port": 30020, |
| "protocol": "http" |
| }, |
| { |
| "port": 30021, |
| "protocol": "https" |
| }, |
| ] |
| } |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: Cluster not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The cluster with ID 'wqtlq' could not be found, or perhaps you do not have access to it. Please make sure the cluster ID is correct, and that you are a member of the organization that it belongs to." |
| } |
| default: |
| description: error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| patch: |
| operationId: modifyCluster |
| tags: |
| - clusters |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - name: body |
| in: body |
| required: true |
| description: Merge-patch body |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4ModifyClusterRequest" |
| x-examples: |
| application/merge-patch+json: |
| { |
| "name": "New cluster name" |
| } |
| - $ref: "./parameters.yaml#/parameters/ClusterIdPathParameter" |
| summary: Modify cluster |
| description: | |
| This operation allows to modify an existing cluster. |
| |
| A cluster modification is performed by submitting a `PATCH` request |
| to the cluster resource (as described in the |
| [addCluster](#operation/addCluster) and [getCluster](#operation/getCluster)) |
| in form of a [JSON Patch Merge |
| (RFC 7386)](https://tools.ietf.org/html/rfc7386). This means, only the |
| attributes to be modified have to be contained in the request body. |
| |
| The following attributes can be modified: |
| |
| - `name`: Rename the cluster to something more fitting. |
| |
| - `owner`: Changing the owner organization name means to change cluster |
| ownership from one organization to another. The user performing the |
| request has to be a member of both organizations. |
| |
| - `release_version`: By changing this attribute you can upgrade a |
| cluster to a newer |
| [release](https://docs.giantswarm.io/api/#tag/releases). |
| |
| - `workers`: By modifying the array of workers, nodes can be added to |
| increase the cluster's capacity. See details below. |
| |
| ### Adding and Removing Worker Nodes (Scaling) |
| |
| Adding worker nodes to a cluster or removing worker nodes from a cluster |
| works by submitting the `workers` attribute, which contains a (sparse) |
| array of worker node defintions. |
| |
| _Sparse_ here means that all configuration details are optional. In the |
| case that worker nodes are added to a cluster, wherever a configuration |
| detail is missing, defaults will be applied. See |
| [Creating a cluster](#operation/addCluster) for details. |
| |
| When modifying the cluster resource, you describe the desired state. |
| For scaling, this means that the worker node array submitted must |
| contain as many elements as the cluster should have worker nodes. |
| If your cluster currently has five nodes and you submit a workers |
| array with four elements, this means that one worker node will be removed. |
| If your submitted workers array has six elements, this means one will |
| be added. |
| |
| As an example, this request body could be used to scale a cluster to |
| three worker nodes: |
| |
| ```json |
| { |
| "workers": [{}, {}, {}] |
| } |
| ``` |
| |
| If the scaled cluster had four worker nodes before, one would be removed. |
| If it had two worker nodes before, one with default settings would be |
| added. |
| |
| ### Limitations |
| |
| - As of now, existing worker nodes cannot be modified. |
| - When removing nodes (scaling down), it is not possible to determine |
| which nodes will be removed. |
| - On AWS based clusters, all worker nodes must use the same EC2 instance |
| type (`instance_type` node attribute). By not setting an `instance_type` |
| when submitting a PATCH request, you ensure that the right instance type |
| is used automatically. |
| |
| responses: |
| "200": |
| description: Cluster modified |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4ClusterDetailsResponse" |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: Cluster not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The cluster with ID 'wqtlq' could not be found, or perhaps you do not have access to it. Please make sure the cluster ID is correct, and that you are a member of the organization that it belongs to." |
| } |
| default: |
| description: error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| delete: |
| operationId: deleteCluster |
| tags: |
| - clusters |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/ClusterIdPathParameter" |
| summary: Delete cluster |
| description: | |
| This operation allows to delete a cluster. |
| |
| __Caution:__ Deleting a cluster causes the termination of all workloads running on the cluster. Data stored on the worker nodes will be lost. There is no way to undo this operation. |
| |
| The response is sent as soon as the request is validated. |
| At that point, workloads might still be running on the cluster and may be accessible for a little wile, until the cluster is actually deleted. |
| responses: |
| "202": |
| description: Deleting cluster |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_DELETION_STARTED", |
| "message": "The cluster with ID 'wqtlq' is being deleted." |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: Cluster not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The cluster with ID 'wqtlq' could not be found, or perhaps you do not have access to it. Please make sure the cluster ID is correct, and that you are a member of the organization that it belongs to." |
| } |
| default: |
| description: error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/clusters/{cluster_id}/key-pairs/: |
| get: |
| operationId: getKeyPairs |
| tags: |
| - key pairs |
| summary: Get key pairs |
| description: | |
| Returns a list of information on all key pairs of a cluster as an array. |
| |
| The individual array items contain metadata on the key pairs, but neither the key nor the certificate. These can only be obtained upon creation, using the [addKeypair](#operation/addKeyPair) operation. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/ClusterIdPathParameter" |
| responses: |
| "200": |
| description: Key pairs |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GetKeyPairsResponse" |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| post: |
| operationId: addKeyPair |
| tags: |
| - key pairs |
| summary: Create key pair |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/ClusterIdPathParameter" |
| - name: body |
| in: body |
| required: true |
| description: | |
| While the `ttl_hours` attribute is optional and will be set to a default value when omitted, the `description` is mandatory. |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4AddKeyPairRequest" |
| x-examples: |
| application/json: |
| { |
| "description": "Admin key pair lasting twelve hours", |
| "ttl_hours": 12, |
| "certificate_organizations": "system:masters" |
| } |
| description: | |
| This operation allows to create a new key pair for accessing a specific cluster. |
| |
| A key pair consists of an unencrypted private RSA key and an X.509 certificate. In addition, when obtaining a key pair for a cluster, the cluster's certificate authority file (CA certificate) is delivered, which is required by TLS clients to establish trust to the cluster. |
| |
| In addition to the credentials itself, a key pair has some metadata like a unique ID, a creation timestamp and a free text `description` that you can use at will, for example to note for whom a key pair has been issued. |
| |
| ### Customizing the certificate's subject for K8s RBAC |
| |
| It is possible to set the Common Name and Organization fields of the generated certificate's subject. |
| |
| - `cn_prefix`: The certificate's common name uses this format: `<cn_prefix>.user.<clusterdomain>`. |
| |
| `clusterdomain` is specific to your cluster and is not editable. |
| |
| The `cn_prefix` however is editable. When left blank it will default |
| to the email address of the Giant Swarm user that is performing the |
| create key pair request. |
| |
| The common name is used as the username for requests to the Kubernetes API. This allows you |
| to set up role-based access controls. |
| |
| |
| - `certificate_organizations`: This will set the certificate's `organization` fields. Use a comma separated list of values. |
| The Kubernetes API will use these values as group memberships. |
| |
| __Note:__ The actual credentials coming with the key pair (key, certificate) can only be accessed once, as the result of the `POST` request that triggers their creation. This restriction exists to minimize the risk of credentials being leaked. If you fail to capture the credentials upon creation, you'll have to repeat the creation request. |
| responses: |
| "200": |
| description: Success |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4AddKeyPairResponse" |
| examples: |
| application/json: |
| { |
| "certificate_authority_data": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----", |
| "client_key_data": "-----BEGIN RSA PRIVATE KEY-----...-----END RSA PRIVATE KEY-----", |
| "client_certificate_data": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----", |
| "create_date": "2016-06-01T12:00:00.000Z", |
| "description": "Key pair description", |
| "id": "02:cc:da:f9:fb:ce:c3:e5:e1:f6:27:d8:43:48:0d:37:4a:ee:b9:67", |
| "ttl_hours": 8640 |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| |
| /v4/organizations/: |
| get: |
| operationId: getOrganizations |
| tags: |
| - organizations |
| summary: Get organizations |
| description: | |
| This operation allows to fetch a list of organizations the user is a |
| member of. In the case of an admin user, the result includes all |
| existing organizations. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| responses: |
| "200": |
| description: Success |
| schema: |
| type: array |
| items: |
| $ref: "./definitions.yaml#/definitions/V4OrganizationListItem" |
| examples: |
| application/json: |
| [ |
| {"id": "acme"}, |
| {"id": "giantswarm"}, |
| {"id": "testorg"} |
| ] |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/organizations/{organization_id}/: |
| get: |
| operationId: getOrganization |
| tags: |
| - organizations |
| summary: Get organization details |
| description: | |
| This operation fetches organization details. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/OrganizationIdPathParameter" |
| responses: |
| "200": |
| description: Organization details |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4Organization" |
| examples: |
| application/json: |
| { |
| "id": "acme", |
| "members": [ |
| {"email": "user1@example.com"}, |
| {"email": "user2@example.com"} |
| ] |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: Organization not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The organization could not be found. (not found: the organization with id 'acme' could not be found)" |
| } |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| put: |
| operationId: addOrganization |
| tags: |
| - organizations |
| summary: Create an organization |
| description: | |
| This operation allows a user to create an organization. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/OrganizationIdPathParameter" |
| - name: body |
| in: body |
| required: true |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4Organization" |
| x-examples: |
| application/json: |
| { |
| "id": "string", |
| "members": [ |
| {"email": "myself@example.com"}, |
| {"email": "colleague@example.com"} |
| ] |
| } |
| responses: |
| "201": |
| description: Organization created |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4Organization" |
| examples: |
| application/json: |
| { |
| "id": "acme", |
| "members": [ |
| {"email": "user1@example.com"}, |
| {"email": "user2@example.com"} |
| ] |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "409": |
| description: Organization already exists |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_ALREADY_EXISTS", |
| "message": "The organization could not be created. (org already exists)" |
| } |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| patch: |
| operationId: modifyOrganization |
| tags: |
| - organizations |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/OrganizationIdPathParameter" |
| - name: body |
| in: body |
| required: true |
| schema: |
| type: object |
| properties: |
| members: |
| type: array |
| description: List of members that belong to this organization |
| items: |
| $ref: "./definitions.yaml#/definitions/V4OrganizationMember" |
| x-examples: |
| application/merge-patch+json: |
| { |
| "members": [{"email": "myself@example.com"}] |
| } |
| |
| summary: Modify organization |
| description: | |
| This operation allows you to modify an existing organization. You must be |
| a member of the organization or an admin in order to use this endpoint. |
| |
| The following attributes can be modified: |
| |
| - `members`: By modifying the array of members, members can be added to or removed from the organization |
| |
| The request body must conform with the [JSON Patch Merge (RFC 7386)](https://tools.ietf.org/html/rfc7386) standard. |
| Requests have to be sent with the `Content-Type: application/merge-patch+json` header. |
| |
| The full request must be valid before it will be executed, currently this |
| means every member you attempt to add to the organization must actually |
| exist in the system. If any member you attempt to add is invalid, the entire |
| patch operation will fail, no members will be added or removed, and an error message |
| will explain which members in your request are invalid. |
| responses: |
| "200": |
| description: Organization modified |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4Organization" |
| "400": |
| description: Invalid input |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "INVALID_INPUT", |
| "message": "The organization could not be modified. (invalid input: user 'invalid-email' does not exist or is invalid)" |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: Organization not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The organization could not be modified. (not found: the organization with id 'acme' could not be found)" |
| } |
| default: |
| description: error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| delete: |
| operationId: deleteOrganization |
| tags: |
| - organizations |
| summary: Delete an organization |
| description: | |
| This operation allows a user to delete an organization that they are a member of. |
| Admin users can delete any organization. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/OrganizationIdPathParameter" |
| responses: |
| "200": |
| description: Organization deleted |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_DELETED", |
| "message": "The organization with ID 'acme' has been deleted." |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "404": |
| description: Organization not found |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_NOT_FOUND", |
| "message": "The organization could not be deleted. (not found: the organization with id 'acme' could not be found)" |
| } |
| default: |
| description: Error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/organizations/{organization_id}/credentials/: |
| post: |
| operationId: addCredentials |
| tags: |
| - organizations |
| summary: Set credentials |
| description: | |
| Add a set of credentials to the organization allowing the creation and |
| operation of clusters within a cloud provider account/subscription. |
| |
| The actual type of these credentials depends on the cloud provider the |
| installation is running on. Currently, only AWS is supported, with |
| support for Azure being planned for the near future. |
| |
| Credentials in an organization are immutable. Each organization can only |
| have one set of credentials. |
| |
| Once credentials have been set for an organization, they are used for |
| every new cluster that will be created for the organization. |
| |
| ### Example request body for AWS |
| |
| ```json |
| { |
| "provider": "aws", |
| "aws": { |
| "roles": { |
| "admin": "arn:aws:iam::123456789012:role/GiantSwarmAdmin", |
| "awsoperator": "arn:aws:iam::123456789012:role/GiantSwarmAWSOperator" |
| } |
| } |
| } |
| ``` |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| - $ref: "./parameters.yaml#/parameters/OrganizationIdPathParameter" |
| - name: body |
| in: body |
| required: true |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4AddCredentialsRequest" |
| x-examples: |
| application/json: |
| { |
| "provider": "aws", |
| "aws": { |
| "roles": { |
| "admin": "arn:aws:iam::123456789012:role/GiantSwarmAdmin", |
| "awsoperator": "arn:aws:iam::123456789012:role/GiantSwarmAWSOperator" |
| } |
| } |
| } |
| responses: |
| "201": |
| description: Credentials created |
| headers: |
| Location: |
| type: string |
| description: URI of the new credentials resource |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_CREATED", |
| "message": "A new set of credentials has been created with ID '5d9h4'" |
| } |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| "409": |
| description: Conflict |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| examples: |
| application/json: |
| { |
| "code": "RESOURCE_ALREADY_EXISTS", |
| "message": "The organisation already has a set of credentials" |
| } |
| default: |
| description: error |
| schema: |
| $ref: "./definitions.yaml#/definitions/V4GenericResponse" |
| |
| /v4/releases/: |
| get: |
| operationId: getReleases |
| tags: |
| - releases |
| summary: Get releases |
| description: | |
| Lists all releases available for new clusters or for upgrading existing |
| clusters. Might also serve as an archive to obtain details on older |
| releases. |
| parameters: |
| - $ref: './parameters.yaml#/parameters/RequiredGiantSwarmAuthorizationHeader' |
| - $ref: './parameters.yaml#/parameters/XRequestIDHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmActivityHeader' |
| - $ref: './parameters.yaml#/parameters/XGiantSwarmCmdLineHeader' |
| responses: |
| "200": |
| description: Releases list |
| schema: |
| type: array |
| items: |
| $ref: "./definitions.yaml#/definitions/V4ReleaseListItem" |
| examples: |
| application/json: |
| [ |
| { |
| "version": "1.14.9", |
| "timestamp": "2017-09-21T08:14:03.37759Z", |
| "changelog": [ |
| { |
| "component": "kubernetes", |
| "description": "Security fixes" |
| }, |
| { |
| "component": "calico", |
| "description": "Security fixes" |
| } |
| ], |
| "components": [ |
| { |
| "name": "kubernetes", |
| "version": "1.5.8" |
| }, |
| { |
| "name": "calico", |
| "version": "0.9.1" |
| } |
| ], |
| "active": false |
| }, |
| { |
| "version": "2.8.4", |
| "timestamp": "2017-11-11T12:24:56.59969Z", |
| "changelog": [ |
| { |
| "component": "calico", |
| "description": "Bugfix" |
| } |
| ], |
| "components": [ |
| { |
| "name": "kubernetes", |
| "version": "1.7.3" |
| }, |
| { |
| "name": "calico", |
| "version": "1.1.1" |
| } |
| ], |
| "active": true |
| } |
| ] |
| "401": |
| $ref: "./responses.yaml#/responses/V4Generic401Response" |
| |