Tag Archives: Kubernetes

Kubernetes Metric Server – cannot validate certificate because it doesn’t contain any IP SANs

July 27, 2023KubernetesAPI, cert-manager, Certificate, Kubernetes, metric server, SANs, tlsDean

The Issue

Whilst trying to install the Metric’s server:

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

so I could use kubectl top node for it’s metrics on Node resource useage, I found the pods were not loading, and upon inspection found the following:

> kubectl logs -n kube-system metrics-server-6f6cdbf67d-v6sbf 

I0717 12:19:32.132722 1 server.go:187] "Failed probe" probe="metric-storage-ready" err="no metrics to serve"
E0717 12:19:39.159422 1 scraper.go:140] "Failed to scrape node" err="Get \"https://192.168.49.2:10250/metrics/resource\": x509: cannot validate certificate for 192.168.49.2 because it doesn't contain any IP SANs" node="minikube"

The Cause

The issue here was due to the installation of Cert-Manager and setting up some TLS configurations within the CNI and Self-Signed certificates, the metric’s server wasn’t able to validate the authority of the Kubernetes API

The Fix

As this is communication within the cluster, I could simply fix this by telling Metric Server container to trust the insecure certificates from the API using the below
kubectl patch command:

kubectl patch deployment metrics-server -n kube-system --type='json' -p='[{"op": "add", "path": "/spec/template/spec/containers/0/args/-", "value": "--kubelet-insecure-tls"}]'

Regards

Follow @Saintdle

Dean Lewis

Quick Tip: Supercharge Kubernetes Resource Retrieval with ‘kubectl get -f’

June 14, 2023KubernetesCommand-line Interface, Container Orchestration, Deployment, DevOps, kubectl, Kubernetes, Kubernetes Commands, Kubernetes Resources, Resource Management, YAMLDean

Did you know you can use the -f argument with kubectl get? Yep me either.

It’s pretty handy actually, as it will provide the status for all your Kubernetes resources deployed using that file or even file from hyperlink!

Below is a screenshot example using a file.

You can also specify multiple files by adding -f {file}for each file you want to check (this also works when deploying resources too!).

And another example, using a hyperlink as the file location.

Hope this little tip helps someone!

Just for fun, here’s the ChatGPT write-up!

The command “kubectl get -f” is used in Kubernetes to retrieve information about Kubernetes resources defined in a file or multiple files. Let’s break down the command and its components:

“kubectl”: It is the command-line interface (CLI) tool for interacting with Kubernetes clusters. It allows you to manage and control Kubernetes resources.
“get”: It is the action or subcommand used to retrieve information about Kubernetes resources.
“-f”: It is a flag that specifies that the input will be provided from a file or multiple files rather than directly on the command line. It is followed by the path to the file(s) containing the Kubernetes resource definitions.

When you use “kubectl get -f <file>”, Kubernetes reads the file(s) provided and retrieves the information about the resources defined within those files. The information can include the names, statuses, and other details of the resources.

For example, if you have a file named “deployment.yaml” that defines a Kubernetes Deployment resource, you can use the command “kubectl get -f deployment.yaml” to retrieve information about that specific Deployment resource.

You can also provide multiple files by separating them with commas or specifying a directory containing multiple resource files. For instance, “kubectl get -f file1.yaml,file2.yaml” or “kubectl get -f /path/to/files” (where /path/to/files is the directory path).

By using this command, you can quickly retrieve information about Kubernetes resources defined in files without needing to manually create or modify resources using the command line.

Regards

Follow @Saintdle

Dean Lewis

How to delete Kubernetes namespaces or pods with a specific pattern or name

March 16, 2023Kubernetesawk, delete, Kubernetes, Namespace, podDean

I had a need to delete a number of Namespaces all at once that were created as part of some automated platform testing.

Each namespace had a common naming convention starting with “e2e”, the below command will get all namespaces without the initial returned header line from Kubectl, look for anything with the pattern “e2e” using the awk command, and print them to a variable $1, xargs then uses each object in the variable array into the “kubectl delete ns”

kubectl get ns --no-headers=true | awk '/e2e/{print $1}'| xargs  kubectl delete ns

You can also do the same for deleting pods. The below command, would delete any pods with “veducate” in their name, you would need to input the necessary namespace.

kubectl get pods -n {namespace} --no-headers=true | awk '/veducate/{print $1}'| xargs  kubectl delete -n {namespace} pod

Quick link to this Stackoverflow post which pointed me in the right direction, I just had to modify it from pods to namespaces as the use case.

Regards

Follow @Saintdle

Dean Lewis

Tanzu Kubernetes Grid 1.6 – Management Cluster deployment failure – unable to patch the cluster object

December 23, 2022VMware, Kubernetes1.6, Deployment, Error, Kubernetes, Tanzu, TKGDean

The Issue

When deploying a brand new Tanzu Kubernete Grid Management Cluster to a vSphere environment we kept hitting failures like the below. The deployment was very vanilla with the default settings, no extra metadata inputted into the build.

!! [1223 15:26:17.84239]: init.go:732] Failure while deploying management cluster, Here are some steps to investigate the cause:
!! [1223 15:26:17.84256]: init.go:733] Debug:
!! [1223 15:26:17.84262]: init.go:734] kubectl get po,deploy,cluster,kubeadmcontrolplane,machine,machinedeployment -A --kubeconfig /home/michael/.kube-tkg/tmp/config_Qd01VhPd
!! [1223 15:26:17.84272]: init.go:735] kubectl logs deployment.apps/ -n  manager --kubeconfig /home/michael/.kube-tkg/tmp/config_Qd01VhPd
!! [1223 15:26:17.84278]: init.go:738] To clean up the resources created by the management cluster:
!! [1223 15:26:17.84283]: init.go:739] tanzu management-cluster delete
✘ [1223 15:26:17.84291]: init.go:91] unable to set up management cluster, : unable to patch cluster object: unable to patch optional metadata under labels: unable to patch the management cluster object with optional metadata: unable to patch the cluster object: error while applying patch for "&TypeMeta{Kind:,APIVersion:,}" tkg-system/tkg-mgmt-vsphere-20221223151757: Cluster.cluster.x-k8s.io "tkg-mgmt-vsphere-20221223151757" is invalid: [metadata.labels: Invalid value: "": name part must be non-empty, metadata.labels: Invalid value: "": name part must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')]

The Cause

The tooling creates an erronous value in the cluster config file, which causes the build error.

The Fix

Search for the latest yaml file created in:

~/.config/tanzu/tkg/clusterconfigs/

and comment out the following line:

CLUSTER_LABELS: :,

# The line will now look like this:

#CLUSTER_LABELS: :,

Now re-run the creation of your cluster using the CLI

tanzu mc create --file {file_name.yaml}

Regards

Follow @Saintdle

Dean Lewis

Creating a kubeconfig file for a Kubernetes Service Account

September 1, 2022KubernetesCreate, Kubeconfig, Kubernetes, Service AccountDean

Recently I was working with a software integration that required a Kubernetes Kubeconfig file. I didn’t want to provide my own kubeconfig file, and I also wanted to set the right permissions via a service account.

Below is the code I put together for this, partially inspired by this stackoverflow post I came across. If you scroll further, I’ve included creating a service account and giving it cluster-admin access, in case you need it.

######################
#  Set the variables #
#                    #
######################

clusterName=veducate-eks
## the Namespace and ServiceAccount name that is used for the config
namespace=kube-system
serviceAccount=veducate-ca
## New Kubeconfig file name
newfile=something.kubeconfig

######################
#  Main Script       #
#                    #
######################

server=${kubectl config view --minify --raw -o jsonpath='{.clusters[].cluster.server}' | sed 's/"//'}
secretName=$(kubectl --namespace $namespace get serviceAccount $serviceAccount -o jsonpath='{.secrets[0].name}')
ca=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.ca\.crt}')
token=$(kubectl --namespace $namespace get secret/$secretName -o jsonpath='{.data.token}' | base64 --decode)

echo "
---
apiVersion: v1
kind: Config
clusters:
  - name: ${clusterName}
    cluster:
      certificate-authority-data: ${ca}
      server: ${server}
contexts:
  - name: ${serviceAccount}@${clusterName}
    context:
      cluster: ${clusterName}
      namespace: ${namespace}
      user: ${serviceAccount}
users:
  - name: ${serviceAccount}
    user:
      token: ${token}
current-context: ${serviceAccount}@${clusterName}
" >> ${newfile}.yaml

Below is the code I used to create a Service Account that has cluster admin access, then if I use the above code, I can get a kubeconfig file for that. Continue reading Creating a kubeconfig file for a Kubernetes Service Account →

vEducate.co.uk

Fixing issues and blogging

Tag Archives: Kubernetes

Kubernetes Metric Server – cannot validate certificate because it doesn’t contain any IP SANs

Quick Tip: Supercharge Kubernetes Resource Retrieval with ‘kubectl get -f’

Just for fun, here’s the ChatGPT write-up!

How to delete Kubernetes namespaces or pods with a specific pattern or name

Tanzu Kubernetes Grid 1.6 – Management Cluster deployment failure – unable to patch the cluster object

Creating a kubeconfig file for a Kubernetes Service Account