Tag Archives: API

Kubernetes

Kubernetes Metric Server – cannot validate certificate because it doesn’t contain any IP SANs

The Issue

Whilst trying to install the Metric’s server:

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

so I could use kubectl top node for it’s metrics on Node resource useage, I found the pods were not loading, and upon inspection found the following:

> kubectl logs -n kube-system metrics-server-6f6cdbf67d-v6sbf 

I0717 12:19:32.132722 1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
E0717 12:19:39.159422 1 scraper.go:140] "Failed to scrape node" err="Get \"https://192.168.49.2:10250/metrics/resource\": x509: cannot validate certificate for 192.168.49.2 because it doesn't contain any IP SANs" node="minikube"

The Cause

The issue here was due to the installation of Cert-Manager and setting up some TLS configurations within the CNI and Self-Signed certificates, the metric’s server wasn’t able to validate the authority of the Kubernetes API

The Fix

As this is communication within the cluster, I could simply fix this by telling Metric Server container to trust the insecure certificates from the API using the below
kubectl patch command:

kubectl patch deployment metrics-server -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'

 

Regards

Dean Lewis

Tanzu Blog Logo Header

Data Management For VMware Tanzu API Postman Collection

Whilst working with the “Data Management for VMware Tanzu” product, I decided to have a stab at working with the API as well.

Using my favourite API tool, Postman, I created an easy-to-use collection.

I’ve posted this here:

The commands in this collection are built from the Swagger API, which can be accessed from the following URL:

The official documentation for the API can be found here.

So far, I’ve created the following areas/use cases:

Operations Covered in this Collection:

    Login
    Get Provider Health
    Get Organsation
    Users
        Get Users
        Create Users
        Change Password for Current User
    Databases
        Get Databases
            Specific Database
            Get Root & Admin User Passwords
            Get Database Alerts
            Get Database Version
        Create Database
        Delete Database
        Backup
            Create & Restore (inc. Point in Time Restore)
        Logs
            Create, Download, Delete
    Get Environment
    Get Templates
    Instance Plans
        Get All, Create and Delete
    Get Tasks, Events and Alarms
    Get All Backups
    Get Audit Logs
Variables inside the collection

The main variables you will need to set before use are:

  • baseUrl
  • userName
  • Password

Data Management for Tanzu - API Postman Collection - Variables

Getting Started

Under the login folder, run the “Get Access Token” request. This has a test configured, so that from the returned data, it will copy the Bearer Token and OrgId for the User Account to the Environment Variable collection that is active.

Data Management for Tanzu - API Postman Collection - Get Access Token

Some API requests are only valid for certain Authenticated role types, such as creating Databases can only be successful with a user role of Org_Admin or Org_User.

How did I create this?

Continue reading Data Management For VMware Tanzu API Postman Collection

Tanzu Mission Control Header

Postman Collection for Tanzu Mission Control REST APIs

Whilst working with vRA to deploy various Kubernetes clusters and then register them with Tanzu Mission Control (TMC), I decided to use Postman (a great API Explorer tool) to catalogue my work and build out several use cases.

I’ve posted this here:

This collection was created from the TMC API Documentation. This API is version “v1alpha1” and should be treated as such.

So far, I’ve created the following areas/use cases:

  • Login
  • Audits
  • Attach Cluster
  • List Cluster/s
  • Cluster Group/s management
  • Data Protection management
  • Cluster Inspections
Variables inside the collection

I have opted to create the variables inside the collection itself, rather than a separate environment.

Some of the API requests have tests associated, which will populate your variables for you.

You will need your TMC URL and a VMware CSP API Token as your starting point.

TMC API - Postman Collection - Collection Variables

Documentation

Where the requests require some changes in the body that is best not to have as a variable, such as naming a backup, I’ve also tried to add information on the documentation.

TMC API - Postman Collection - Collection Documentation

Getting Started

Under the Login folder, run “Get Access Token”, which will connect to your TMC URL and use the CSP Refresh Token to generate an Access Token, this access token will be committed to a variable called “accessToken” for use with the other requests.

TMC API - Postman Collection - Login

You will also probably want to run the “Get Organisation ID” as some of the requests require your Org ID, so this will commit it to a variable. This is gathered by looking at the details for your given CSP Token.

Attach Cluster

If you are running the API to attach a new cluster. Then you will want to run the second request “Get TMC Agent Installer information” which will give you the Installer Link to run in your Kubernetes environment. This data will be written to a variable.

List Clusters

For most of the request that List information, you can use the query “?searchScope.name=” with the API call to filter for necessary objects, or you can use the wildcard value *. I’ve added most of the search filters and value formatters to the requests.

To get the full details for a particular named cluster, I have written the queries for specified clusters, this requires you to provide the management cluster and provisioner of that specified cluster in the query. Essentially it returns the same information as the “Get Clusters List” combined with the SearchScope filter.

Wrap-up

So, I won’t describe every set of requests I’ve created. I’ve tried to create these with the bare minimum information you need especially for the POST methods.

If you want to explore the APIs more, you can download an import the Swagger/Open API spec from VMware yourself and import into Postman, but personally I found this hard to work with, and the example bodies give you everything including the responses you won’t need for a POST.

If you’d like to contribute, please do this via the GitHub link!

Looking for more resources around TMC? Then you can check out my other blogs!

Tanzu Mission Control 
- Getting Started Tanzu Mission Control 
- Cluster Inspections 
- Workspaces and Policies  
- Data Protection 
- Deploying TKG clusters to AWS 
- Upgrading a provisioned cluster 
- Delete a provisioned cluster 
- TKG Management support and provisioning new clusters
- TMC REST API - Postman Collection
- Using custom policies to ensure Kasten protects a deployed application

Regards