kubeconfig endpoint inconsistencies in Gardener REST API

[senare]

Summary

Subject: Kubeconfig endpoint paths inconsistent — docs reference three different URLs, only one works

---

Hi Cleura support,

While building automation around the Gardener REST API I ran into inconsistencies in the kubeconfig endpoint paths. The documentation appears to reference at least two different paths for the same operation, and a third path is what actually works. This makes it difficult to know what is authoritative.

What the docs show

The documentation (and various examples) reference two paths:

GET — fetch the existing kubeconfig in a single call:

GET /gardener/v1/public/shoot/{region}/{projectId}/{clusterName}/kubeconfig

POST — generate a short-lived certificate-based kubeconfig with a configurable expiry:

POST /gardener/v1/public/shoot/{region}/{projectId}/{clusterName}/Kubeconfig

Note the casing difference: kubeconfig (GET) vs Kubeconfig (POST, capital K). This looks like a typo but both paths appear in documentation and examples, so it is unclear whether they are intentionally different endpoints.

What actually works

In practice, the POST endpoint that successfully returns a kubeconfig is:

POST /gardener/v1/public/shoot/{region}/{projectId}/{clusterName}/adminkubeconfig

with body:

{"config": {"expirationSeconds": 3600}}

I tried the GET /kubeconfig path — it either returns an error or an unexpected response. I was unable to get a working kubeconfig from either of the two documented paths.

Summary of what I found

Path	Method	Documented	Works
/kubeconfig	GET	yes	unclear / no
/Kubeconfig	POST	yes	unclear / no
/adminkubeconfig	POST	no	yes

Request

Could you clarify:

1. Are /kubeconfig (GET) and /Kubeconfig (POST) intentionally different endpoints, or is the casing difference a documentation typo?
2. Is /adminkubeconfig the canonical path for generating a kubeconfig? If so, is this documented anywhere?
3. What is the difference between a kubeconfig from GET /kubeconfig (if it works) and one from POST /adminkubeconfig?

Documentation category

Reference information

URL path

https://apidoc.cleura.cloud/#api-Gardener-GetKubeConfig

My suggestion

I suspect you need to update documentation to reflect the fact that the cfg is returned in the POST request ...

Additional context

My notes from trying this out ... (WIP)

https://backend-engineering-strategy-tools.github.io/site/public-notes/kubernetes/gardener/

[fghaas]

We've looked into this, and it appears that your assessment is correct on all counts:

• The POST endpoint at /adminkubeconfig is the correct one to use.
• There is no GET endpoint for generating a kubeconfig.
• The API docs contain outdated and thus incorrect information.

Thanks for the report. This will be fixed in the API documentation.

[fghaas]

Please see https://apidoc.cleura.cloud/#api-Gardener-GenerateAdminKubeConfig for the updated API docs. Thanks again for the detailed report, it is much appreciated!