Getting Started with Endpoints on Kubernetes

This tutorial shows you how to configure, deploy, and send requests to a sample API running on a Kubernetes cluster. The sample code's REST API is described using the OpenAPI Specification. The tutorial also shows you how to create an API key and use it in the request to the API.

For an overview of Cloud Endpoints, see About Cloud Endpoints and Cloud Endpoints Architecture.

Task List

Use the following high-level task list as you work through the tutorial. All tasks are required to successfully send requests to the API.

  1. Set up a Cloud Platform project. See Before you begin.
  2. Download the sample code. See Getting the sample code.
  3. Configure the openapi.yaml file, which is used to configure Endpoints. See Configuring Endpoints.
  4. Create credentials for your Cloud Endpoints service. See Creating credentials for your service.
  5. Deploy the Endpoints configuration to create a Cloud Endpoints service. See Deploying the Endpoints configuration.
  6. Create a backend to serve the API and deploy the API. See Deploying the API backend.
  7. Get the service's external IP address: (#get_external_ip).
  8. Send a request to the API via IP address. See Sending a request via IP address.
  9. Configure a DNS record for the sample API. See Configuring DNS for Endpoints.
  10. Send a request to the API via IP address. See Sending a request via FQDN.
  11. Track API activity. See Tracking API activity.
  12. Avoid incurring charges to your Google Cloud Platform account. See Clean up.

Before you begin

  1. Sign in to your Google account.

    If you don't already have one, sign up for a new account.

  2. Select or create a Cloud Platform project.

    Go to the Manage resources page

  3. Enable billing for your project.

    Enable billing

  4. Note the project ID, because you'll need it later.
  5. Install cURL for testing purposes. On Windows, this tutorial uses PowerShell's built in WebRequest support.
  6. Download the Google Cloud SDK.
  7. Update the Cloud SDK and install the Endpoints components.
    gcloud components update
  8. Make sure that Cloud SDK (gcloud) is authorized to access your data and services on Google Cloud Platform:
    gcloud auth login
    A new browser tab opens and you are prompted to choose an account.
  9. Set the default project to your project ID.
    gcloud config set project [YOUR-PROJECT-ID]

    Replace [YOUR-PROJECT-ID] with your project ID. Do not include the square brackets.

    If you have other Cloud Platform projects, and you want to use gcloud to manage them, see Managing Cloud SDK Configurations.

  10. Install kubectl:
    gcloud components install kubectl
  11. Acquire new user credentials to use for Application Default Credentials. The user credentials are needed to authorize kubectl.
    gcloud auth application-default login
    A new browser tab opens and you are prompted to choose an account.

Getting the sample code

To clone the sample API:

  1. Clone the sample app repository to your local machine:

    git clone

    Alternatively, download the sample as a zip file and extract it.

  2. Change to the directory that contains the sample code:

    cd endpoints-samples/k8s

Configuring Endpoints

The sample code includes the OpenAPI configuration file, openapi.yaml, which is based on OpenAPI Specification v2.0.

To configure Endpoints:
  1. In the sample code directory, open the openapi.yaml configuration file.

    swagger: "2.0"
      description: "A simple Google Cloud Endpoints API example."
      title: "Endpoints Example"
      version: "1.0.0"
    host: ""

    Note: The configuration sample displays the lines that need to be edited. To run Cloud Endpoints, the complete configuration file is required.

  2. In the host field, replace the text with the Cloud Endpoints service name, which should be in the following format:
    host: "echo-api.endpoints.[YOUR-PROJECT-ID]"

    Replace [YOUR-PROJECT-ID] with your project ID. Do not include the square brackets. For example:

    host: ""

Note that is the Endpoints service name. It is not the fully qualified domain name (FQDN) that you use for sending requests to the API.

After you have finished all the following configuration steps such that you can successfully send requests to the sample API using an IP address, see Configuring Endpoints DNS for information on how to configure to be the FQDN.

Creating credentials for your service

To create credentials for your service:

  1. In the Google Cloud Platform, go to Google Service Control API page and click Enable.
  2. In the left-navigation bar, click Credentials.
  3. Under APIs Credentials, click Create credentials, and select Service account key. The Create service account key page displays.
  4. From the Service account drop-down, click New service account.
  5. In the Service account name field, enter: echo-api.endpoints.[YOUR-PROJECT-ID]

    Replace [YOUR-PROJECT-ID] with your project ID. Do not include the square brackets. For example:
  6. Click the Role drop-down.

    You can either select the following roles:

    • Cloud Trace > Cloud Trace Agent
    • Service Management > Service Controller
    • Project > Viewer

    Or, you can select Project > Editor.

  7. For Key type, use the default JSON.
  8. Click Create. The file automatically downloads to your computer.

    If the Create button is not enabled, click the refresh arrow to the right of the Service account ID field. The service account ID automatically updates to ensure that it is unique.

  9. Move the .json file you just downloaded to the endpoints-samples/k8s directory.
  10. Rename the .json file to: service-account-creds.json

Deploying the Endpoints configuration

To deploy the Endpoints configuration, you use Google Service Management, an infrastructure service of Google Cloud Platform that manages other APIs and services, including services created using Cloud Endpoints.

To deploy the Endpoints configuration:

  1. Deploy the service account credentials to the cluster:

    kubectl create secret generic service-account-creds \

    On success, you see the message: secret "service-account-creds" created

  2. Invoke the following command:

    gcloud service-management deploy openapi.yaml

Service Management uses the text that you specified in the host field in the openapi.yaml file to create a new Cloud Endpoints service with the name echo-api.endpoints.[YOUR-PROJECT-ID] (if it does not exist), and then configures the service according to your OpenAPI configuration file.

As it is creating and configuring the service, Service Management outputs a great deal of information to the terminal. You can safely ignore the warnings about the paths in openapi.yaml not requiring an API key. On successful completion, you will see a line like the following that displays the service configuration ID and the service name:

Service Configuration [2017-02-13-r2] uploaded for service []

Deploying the API backend

So far you have deployed the OpenAPI configuration to Service Management, but you have not yet deployed the code that will serve the API backend. This section walks you through deploying the API on Kubernetes.

  1. Display the service configuration ID by invoking the command:

    gcloud service-management configs list --service=echo-api.endpoints.[PROJECT-ID]

    Replace [PROJECT-ID] with your project ID. Do not include the square brackets.

  2. Edit the Kubernetes configuration file replacing SERVICE_NAME and SERVICE_CONFIG_ID shown in the snippet below with your service name and the service configuration ID returned in the previous step.

      - name: esp
        args: [
          "-p", "8080",
          "-a", "",
          "-s", "SERVICE_NAME",
          "-v", "SERVICE_CONFIG_ID",
          "-k", "/etc/nginx/creds/service-account-creds.json",

    For example:

      - name: esp
      args: [
        "-p", "8080",
        "-a", "",
        "-s", "",
        "-v", "2016-12-14r1",
        "-k", "/etc/nginx/creds/service-account-creds.json",
  3. Mount the Kubernetes secrets created above as Volumes.

      - name: service-account-creds
          secretName: service-account-creds

      - mountPath: /etc/nginx/creds
        name: service-account-creds
        readOnly: true

  4. Start the service:

    kubectl create -f esp_echo_http.yaml

You have deployed the Cloud Endpoints Service on Kubernetes.

Get the service's external IP address

If you are using Minikube, skip to Sending a request via IP address.

It can take a few minutes after you start your service in the container before the external IP address is ready.

To view the service's external IP address:

  1. Invoke the command:

    kubectl get service
  2. Note the value for EXTERNAL-IP; you'll need it to send requests to the API.

Sending a request via IP address

After the sample API is running in the container cluster, you can send requests to the API.

To send a request to the API:

  1. Create an API key in the API credentials page.

    Create an API key

    1. Click Create credentials, then select API key.

    2. Copy the key, then paste it into the following environment variable statement:

      • In Linux or Mac OS: export ENDPOINTS_KEY=AIza...
      • In Windows PowerShell: $Env:ENDPOINTS_KEY="AIza..."
    3. Send an HTTP request:

      • If you are using minikube:

        • In Linux or Mac OS:

          NODE_PORT=`kubectl get service esp-echo --output='jsonpath={.spec.ports[0].nodePort}'`
          MINIKUBE_IP=`minikube ip`
          curl -d '{"message":"hello world"}' -H "content-type:application/json" ${MINIKUBE_IP}:${NODE_PORT}/echo?key=${ENDPOINTS_KEY}
        • In Windows Powershell:

          $Env:NODE_PORT=$(kubectl get service esp-echo --output='jsonpath={.spec.ports[0].nodePort}')
          $Env:MINIKUBE_IP=$(minikube ip)
          (Invoke-WebRequest -Method POST -Body '{"message": "hello world"}' -Headers @{"content-type"="application/json"} -URI "http://$Env:MINIKUBE_IP:$Env:NODE_PORT/echo?key=$Env:ENDPOINTS_KEY").Content
      • Otherwise, use the following curl or Invoke-WebRequest:

        • In Linux or Mac OS:
          curl -d '{"message":"hello world"}' -H "content-type:application/json" "http://[IP_ADDRESS]:80/echo?key=${ENDPOINTS_KEY}"
        • In Windows PowerShell:
          (Invoke-WebRequest -Method POST -Body '{"message": "hello world"}' -Headers @{"content-type"="application/json"} -URI "http://[IP_ADDRESS]:80/echo?key=$Env:ENDPOINTS_KEY").Content

      Replace [IP_ADDRESS] with the external IP address of your instance. Do not include the square brackets.

Configuring DNS for Endpoints

Because the Cloud Endpoints service name for the API is in the domain, you can use it as the fully qualified domain name (FQDN) by making a small configuration change in your openapi.yaml file. This way, you can send requests to the sample API using instead of the IP address.

To configure Endpoints DNS:

  1. Open your OpenAPI configuration file, openapi.yaml, and add the x-google-endpoints property at the top level of the file (not indented or nested) as shown in the following snippet:
        host: "echo-api.endpoints.[PROJECT_ID]"
        - name: "echo-api.endpoints.[PROJECT_ID]"
          target: "[IP_ADDRESS]"
  2. In the name property, replace [PROJECT_ID] with your project ID. Do not include the square brackets.
  3. In the target property, replace [IP_ADDRESS] with the IP address that you used when you sent a request to the sample API. Do not include the square brackets.
  4. Deploy your updated OpenAPI configuration file to Service Management using the following command:
        gcloud service-management deploy openapi.yaml

For example, assume openapi.yaml has the following configured:

    host: ""
    - name: ""
      target: ""

When you deploy the openapi.yaml using the above gcloud command, Service Management creates a DNS A-record,, which resolves to the target IP address, Note that it could take a few minutes for the new DNS configuration to propagate.

Sending a request via FQDN

Now that you've got the DNS record configured for the sample API, send a request to it using the FQDN (replace [PROJECT_ID] with your project ID):
  • In Linux or Mac OS:
    curl -d '{"message":"hello world"}' -H "content-type:application/json" "http://echo-api.endpoints.[PROJECT_ID]${ENDPOINTS_KEY}"
  • In Windows PowerShell:
    (Invoke-WebRequest -Method POST -Body '{"message": "hello world"}' -Headers @{"content-type"="application/json"} -URI "http://echo-api.endpoints.[PROJECT_ID]:80/echo?key=$Env:ENDPOINTS_KEY").Content

You just deployed and tested an API in Cloud Endpoints!

Tracking API activity

To track API activity:

  1. Look at the activity graphs for your API in the Endpoints page.
    View Endpoints activity graphs
    It may take a few moments for the request to be reflected in the graphs.

  2. Look at the request logs for your API in the Logs Viewer page.
    View Endpoints request logs

Clean up

To avoid incurring charges to your Google Cloud Platform account for the resources used in this quickstart:

  • Delete the Kubernetes service and deployment:

    kubectl delete -f esp_echo_http.yaml

See Deleting an API and API Instances for information on stopping the services used by this tutorial.

What's next

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Endpoints with OpenAPI