Welcome to the new Linux Foundation Forum!

Lab 5.1 unable to finish - kubernetes-admin no longer access to api ?

curl --cert client.pem --key client-key.pem --cacert ca.pem https://10.142.0.2:6443/api/v1/pods
work well.

But:

curl --cert client.pem --key client-key.pem --cacert ca.pem -XPOST -H 'Content-Type: application/json' [email protected] https://10.142.0.2:6443/api/v1/pods
give this output:

{
"kind": "Status",
"apiVersion": "v1",
"metadata": {

},
"status": "Failure",
"message": "the server does not allow this method on the requested resource",
"reason": "MethodNotAllowed",
"details": {

},
"code": 405

https://github.com/coredns/deployment/issues/3

Comments

  • tgeltertgelter Posts: 4
    edited December 2018

    I was able to finish lab 5.1 just now, mostly as written. In my case, the one exception was that since I'm using minikube on Linux, I just directly used the cert/key files as shown below:

    $ curl --cert .minikube/client.crt --key .minikube/client.key  --cacert .minikube/ca.crt https://192.168.99.100:8443/api/v1/namespaces/default/pods -XPOST -H'Content-Type: application/json' [email protected]
    {
      "kind": "Pod",
      "apiVersion": "v1",
      "metadata": {
        "name": "curlpod",
        "namespace": "default",
        "selfLink": "/api/v1/namespaces/default/pods/curlpod",
        "uid": "56353669-0c7e-11e9-8a4e-080027d81532",
        "resourceVersion": "19159",
        "creationTimestamp": "2018-12-30T22:00:36Z",
        "labels": {
          "name": "examplepod"
        }
      },
      "spec": {
        "volumes": [
          {
            "name": "default-token-wc2fg",
            "secret": {
              "secretName": "default-token-wc2fg",
              "defaultMode": 420
            }
          }
        ],
        "containers": [
          {
            "name": "nginx",
            "image": "nginx",
            "ports": [
              {
                "containerPort": 80,
                "protocol": "TCP"
              }
            ],
            "resources": {
    
            },
            "volumeMounts": [
              {
                "name": "default-token-wc2fg",
                "readOnly": true,
                "mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
              }
            ],
            "terminationMessagePath": "/dev/termination-log",
            "terminationMessagePolicy": "File",
            "imagePullPolicy": "Always"
          }
        ],
        "restartPolicy": "Always",
        "terminationGracePeriodSeconds": 30,
        "dnsPolicy": "ClusterFirst",
        "serviceAccountName": "default",
        "serviceAccount": "default",
        "securityContext": {
    
        },
        "schedulerName": "default-scheduler",
        "tolerations": [
          {
            "key": "node.kubernetes.io/not-ready",
            "operator": "Exists",
            "effect": "NoExecute",
            "tolerationSeconds": 300
          },
          {
            "key": "node.kubernetes.io/unreachable",
            "operator": "Exists",
            "effect": "NoExecute",
            "tolerationSeconds": 300
          }
        ],
        "priority": 0
      },
      "status": {
        "phase": "Pending",
        "qosClass": "BestEffort"
      }
    }
    

    Here you can see that the pod was created:

    $ kubectl get pods
    NAME      READY   STATUS    RESTARTS   AGE
    curlpod   1/1     Running   0          2m51s
    
  • Hi @traq ,
    If step 7 worked ok for you, on step 9 did you attempt to curl to "https://10.142.0.2:6443/api/v1/namespaces/default/pods"?
    That's the URL used in step 9 in the Lab manual, and it is different than the URL from step 7.
    In step 7 you are just making an inquiry to the API server, to verify that you can connect via the ca, cert and key files.
    In step 9 you are creating a pod, and that resource will be created and saved under ".../api/v1/namespaces/default/pods" directory.
    Regards,
    -Chris

  • traqtraq Posts: 2

    This:
    url --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem -XPOST -H 'Content-Type: application/json' [email protected] https://10.142.0.2:6443/api/v1/namespaces/default/pods
    work well, and
    kubectl get pod
    NAME READY STATUS RESTARTS AGE
    busybox 0/1 Completed 0 3d22h
    curlpod 1/1 Running 0 3s

    So it's good be update Lab 5.1, because:
    curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem -XPOST -H 'Content-Type: application/json' [email protected] https://10.142.0.2:6443/api/v1/pods
    not working any more

  • chrispokornichrispokorni Posts: 252

    @traq
    That is the URL in Lab 5.1 step 9.
    If the URL from step 7 (.../api/v1/pods) is used with the curl command in step 9, it will not work. So in order to get a successful output in step 9, the URL has to be used as it is provided in the Lab 5.1 in step 9 (.../api/v1/namespaces/default/pods).
    -Chris

Sign In or Register to comment.