Welcome to the Linux Foundation Forum!

Lab 5.1. Configuring TLS Access

albtau81
albtau81 Posts: 11
in LFS258 Class Forum

Hello,
in the step 8 of this lab, I created a json file to create a new pod and in the step 9 I used this file curlpod.json to build an XPOST API call to the host using the following command:
student@cp: ̃$ curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem \https://k8scp:6443/api/v1/namespaces/default/pods -XPOST -H'Content-Type: application/json'-d@curlpod.json

Attached my CLI : i receive an error 415...I don't understand the reason beause the json file format shall be supported
thx
Alberto.

Comments

  • albtau81
    albtau81 Posts: 11

    Thanks Serewicz, I solved this issue...but I have another in Exercise 6.1: RESTful API Access:
    When I try to see if I can get basic API information from my cluster, using curl command
    "student@master:~$ curl https://master:6443/apis --header "Authorization: Bearer $token" -k ",
    I receive the protocol error:

    "curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)"

    Any idea of error cause?

    thanks again,
    Alberto.

  • chrispokorni
    chrispokorni Posts: 2,606

    Hi @albtau81,

    Are you able to confirm that the exported token has a value after step 4?

    Regards,
    -Chris

  • albtau81
    albtau81 Posts: 11

    Hi @chrispokorni,
    yes after step 4, I verified the presence of the token in the variable with the echo command.
    It seems something related to the protocol used when there is an header in the request..

    Thanks for help!

  • albtau81
    albtau81 Posts: 11

    hello,
    I am running the command using windows.
    Attached snaphots of directory where I am looking for logs and the log file.
    Hope it is helpful...
    Regards

  • albtau81
    albtau81 Posts: 11

    Hi @serewicz, just to mention you in the prevoius post :)
    Thanks,
    Alberto.

  • chrispokorni
    chrispokorni Posts: 2,606
    edited July 2021

    Hi @albtau81,

    curl may be run using the control-plane node's hostname, its private/internal IP address, and the k8scp alias. Any success when swapping them?

    Also, a solution on GitHub for HTTP/2 stream errors suggests to add the --http1.1 flag to the curl command. Can you try this as well?

    Regards,
    -Chris

  • albtau81
    albtau81 Posts: 11

    Hi @chrispokorni ,
    using the command : student@master:~$ curl https://k8scp:6443/api/v1 --header "Authorization: Bearer $token" --http1.1 -k,
    I receive the 403 error:
    {
    "kind": "Status",
    "apiVersion": "v1",
    "metadata": {

    },
    "status": "Failure",
    "message": "forbidden: User \"system:anonymous\" cannot get path \"/api/v1\"",
    "reason": "Forbidden",
    "details": {

    },
    "code": 403

    There isn' t any success even if I swap control-plane node's hostname (master), its InternalIP ( 10.2.0.4 ), and the k8scp alias.

    Regards,
    A.

  • chrispokorni
    chrispokorni Posts: 2,606

    Hi @albtau81,

    This error indicates that the token did not include the expected identifying string. This is often caused by the caret "^" sign being mishandled by the terminal. I would recommend typing in the caret "^" manually, especially if copy/pasting the entire command from the PDF lab guide.

    Regards,
    -Chris

Categories

Upcoming Training