Every Kubernetes cluster publishes its API in OpenAPI form — the same description that kubectl and every official language client consumes. Point sgcOpenAPI at the spec and emit a typed Delphi unit that lets a Pascal application list pods, scale deployments, watch events and apply manifests over the regular HTTPS API.
The Kubernetes API server exposes its own OpenAPI 2.0 document at /openapi/v2 and an OpenAPI 3 document at /openapi/v3. sgcOpenAPI accepts both and converts them to a common internal model.
GET https://<cluster>/openapi/v3
Bearer token / client certificate / kubeconfig
sgcOpenAPI_Kubernetes
Windows, macOS, Linux, iOS, Android
Every cluster serves its own spec, which means the generated client is exactly in sync with the API versions, CRDs and aggregated APIs installed on that cluster. Re-generate against a different cluster to support a different version.
uses sgcOpenAPI_Parser, sgcOpenAPI_Generator; var vParser: TsgcOpenAPIParser; vGen: TsgcOpenAPIGenerator; begin vParser := TsgcOpenAPIParser.Create(nil); try // Load directly from the cluster (mTLS or bearer) vParser.LoadFromURL('https://10.0.0.1:6443/openapi/v3', ['Authorization: Bearer ' + vToken]); Memo1.Lines.Add(Format('k8s spec: %d paths, %d schemas', [vParser.Paths.Count, vParser.Schemas.Count])); vGen := TsgcOpenAPIGenerator.Create(nil); try vGen.Parser := vParser; vGen.OutputUnit := 'sgcOpenAPI_Kubernetes'; vGen.OutputFolder := 'C:\Generated\k8s'; vGen.GroupBy := gbTag; vGen.Generate; finally vGen.Free; end; finally vParser.Free; end; end;
The generator emits one class per Kubernetes API group/version — TsgcK8s_CoreV1, TsgcK8s_AppsV1, TsgcK8s_BatchV1, TsgcK8s_NetworkingV1, TsgcK8s_StorageV1, TsgcK8s_RbacV1 and so on — plus a top-level TsgcKubernetes facade.
Three lines once authentication is set up. The result is a typed TsgcK8sPodList whose items expose every container, condition and status field from the official API reference.
uses sgcOpenAPI_Kubernetes; var vK8s: TsgcKubernetes; vPods: TsgcK8sPodList; vPod: TsgcK8sPod; begin vK8s := TsgcKubernetes.Create(nil); try vK8s.Server := 'https://10.0.0.1:6443'; vK8s.Token := vToken; vK8s.ClientCertFile := 'C:\kube\client.crt'; vK8s.ClientKeyFile := 'C:\kube\client.key'; vK8s.CACertFile := 'C:\kube\ca.crt'; vPods := vK8s.CoreV1.ListNamespacedPod( Namespace := 'production', LabelSelector := 'app=api,tier=backend'); try for vPod in vPods.Items do Memo1.Lines.Add(Format('%-30s %s node=%s', [vPod.Metadata.Name, vPod.Status.Phase, vPod.Spec.NodeName])); finally vPods.Free; end; finally vK8s.Free; end; end;
Scaling a Deployment is a PATCH against the /scale sub-resource. Watching events is a long-lived HTTP/1.1 chunked GET that the generated client exposes as a typed enumerable.
// Scale "api" Deployment in "production" to 5 replicas var vScale: TsgcK8sScale; begin vScale := vK8s.AppsV1.ReadNamespacedDeploymentScale( Name := 'api', Namespace := 'production'); try vScale.Spec.Replicas := 5; vK8s.AppsV1.ReplaceNamespacedDeploymentScale( Name := 'api', Namespace := 'production', Body := vScale); finally vScale.Free; end; // Watch events on Pods in the same namespace for vEvent in vK8s.CoreV1.WatchNamespacedPodList( Namespace := 'production', ResourceVersion := vPods.Metadata.ResourceVersion, TimeoutSeconds := 600) do begin Memo1.Lines.Add(Format('[%s] %s — %s', [vEvent.EventType, vEvent.&Object.Metadata.Name, vEvent.&Object.Status.Phase])); end; end;
Because the spec is fetched from the cluster, every API group, version and CRD installed in that cluster ends up in the Delphi unit.
AppsV1 — Deployments, StatefulSets, DaemonSets, ReplicaSets. BatchV1 — Jobs, CronJobs. CoreV1 — Pods, ReplicationControllers.
CoreV1 — Services, Endpoints, ConfigMaps, Secrets. NetworkingV1 — Ingress, IngressClass, NetworkPolicy. DiscoveryV1 — EndpointSlices.
StorageV1 — StorageClasses, VolumeAttachments, CSIDrivers, CSINodes. CoreV1 — PersistentVolumes, PersistentVolumeClaims.
RbacV1 — Roles, RoleBindings, ClusterRoles, ClusterRoleBindings. PolicyV1 — PodDisruptionBudgets. AdmissionRegistrationV1 — ValidatingWebhookConfigurations.
CRDs installed in your cluster appear automatically. Argo Rollouts, Cert Manager Certificates, Istio VirtualServices — if the operator registered an OpenAPI schema, sgcOpenAPI generates a typed class for it.
Long-running endpoints (watch=true, container log follow=true) are exposed as enumerables that yield typed events as soon as the server flushes them.
Most clusters use a self-signed cluster CA. Provide the CA bundle from ~/.kube/config via CACertFile or disable verification entirely with InsecureSkipTLSVerify := True — useful for development clusters but never for production.
Bound ServiceAccount tokens (the default since Kubernetes 1.21) expire after one hour. Refresh the token by re-reading /var/run/secrets/kubernetes.io/serviceaccount/token from inside the cluster, or by calling the TokenRequest API from outside.
Modern controllers prefer Server-Side Apply with Content-Type: application/apply-patch+yaml. The generator emits both helpers — use PatchNamespacedDeployment for traditional strategic-merge patches and the explicit Apply method for SSA.
How the parser handles real-world OpenAPI specifications — including the Kubernetes-style aggregated APIs.
Read post →Companion post that introduces both the client wrapper and the parser internals.
Read post →Latest release notes for sgcOpenAPI — new generator options and parser improvements.
Read post →