Lab 5.1 unable to finish - kubernetes-admin no longer access to api ?

traq

curl --cert client.pem --key client-key.pem --cacert ca.pem https://10.142.0.2:6443/api/v1/pods
work well.

But:

curl --cert client.pem --key client-key.pem --cacert ca.pem -XPOST -H 'Content-Type: application/json' [email protected] https://10.142.0.2:6443/api/v1/pods
give this output:

{
"kind": "Status",
"apiVersion": "v1",
"metadata": {

},
"status": "Failure",
"message": "the server does not allow this method on the requested resource",
"reason": "MethodNotAllowed",
"details": {

},
"code": 405

https://github.com/coredns/deployment/issues/3

tgelter

I was able to finish lab 5.1 just now, mostly as written. In my case, the one exception was that since I'm using minikube on Linux, I just directly used the cert/key files as shown below:

$ curl --cert .minikube/client.crt --key .minikube/client.key  --cacert .minikube/ca.crt https://192.168.99.100:8443/api/v1/namespaces/default/pods -XPOST -H'Content-Type: application/json' [email protected]
{
  "kind": "Pod",
  "apiVersion": "v1",
  "metadata": {
    "name": "curlpod",
    "namespace": "default",
    "selfLink": "/api/v1/namespaces/default/pods/curlpod",
    "uid": "56353669-0c7e-11e9-8a4e-080027d81532",
    "resourceVersion": "19159",
    "creationTimestamp": "2018-12-30T22:00:36Z",
    "labels": {
      "name": "examplepod"
    }
  },
  "spec": {
    "volumes": [
      {
        "name": "default-token-wc2fg",
        "secret": {
          "secretName": "default-token-wc2fg",
          "defaultMode": 420
        }
      }
    ],
    "containers": [
      {
        "name": "nginx",
        "image": "nginx",
        "ports": [
          {
            "containerPort": 80,
            "protocol": "TCP"
          }
        ],
        "resources": {

        },
        "volumeMounts": [
          {
            "name": "default-token-wc2fg",
            "readOnly": true,
            "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
          }
        ],
        "terminationMessagePath": "/dev/termination-log",
        "terminationMessagePolicy": "File",
        "imagePullPolicy": "Always"
      }
    ],
    "restartPolicy": "Always",
    "terminationGracePeriodSeconds": 30,
    "dnsPolicy": "ClusterFirst",
    "serviceAccountName": "default",
    "serviceAccount": "default",
    "securityContext": {

    },
    "schedulerName": "default-scheduler",
    "tolerations": [
      {
        "key": "node.kubernetes.io/not-ready",
        "operator": "Exists",
        "effect": "NoExecute",
        "tolerationSeconds": 300
      },
      {
        "key": "node.kubernetes.io/unreachable",
        "operator": "Exists",
        "effect": "NoExecute",
        "tolerationSeconds": 300
      }
    ],
    "priority": 0
  },
  "status": {
    "phase": "Pending",
    "qosClass": "BestEffort"
  }
}

Here you can see that the pod was created:

$ kubectl get pods
NAME      READY   STATUS    RESTARTS   AGE
curlpod   1/1     Running   0          2m51s

chrispokorni

Hi @traq ,
If step 7 worked ok for you, on step 9 did you attempt to curl to "https://10.142.0.2:6443/api/v1/namespaces/default/pods"?
That's the URL used in step 9 in the Lab manual, and it is different than the URL from step 7.
In step 7 you are just making an inquiry to the API server, to verify that you can connect via the ca, cert and key files.
In step 9 you are creating a pod, and that resource will be created and saved under ".../api/v1/namespaces/default/pods" directory.
Regards,
-Chris

traq

This:
url --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem -XPOST -H 'Content-Type: application/json' [email protected] https://10.142.0.2:6443/api/v1/namespaces/default/pods
work well, and
kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox 0/1 Completed 0 3d22h
curlpod 1/1 Running 0 3s

So it's good be update Lab 5.1, because:
curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem -XPOST -H 'Content-Type: application/json' [email protected] https://10.142.0.2:6443/api/v1/pods
not working any more

chrispokorni

@traq
That is the URL in Lab 5.1 step 9.
If the URL from step 7 (.../api/v1/pods) is used with the curl command in step 9, it will not work. So in order to get a successful output in step 9, the URL has to be used as it is provided in the Lab 5.1 in step 9 (.../api/v1/namespaces/default/pods).
-Chris