Welcome to the Linux Foundation Forum!

Lab 5.1. Configuring TLS Access

Hello,
in the step 8 of this lab, I created a json file to create a new pod and in the step 9 I used this file curlpod.json to build an XPOST API call to the host using the following command:
student@cp: ̃$ curl --cert ./client.pem --key ./client-key.pem --cacert ./ca.pem \https://k8scp:6443/api/v1/namespaces/default/pods -XPOST -H'Content-Type: application/json'-d@curlpod.json

Attached my CLI : i receive an error 415...I don't understand the reason beause the json file format shall be supported
thx
Alberto.

Comments

  • serewicz
    serewicz Posts: 1,000

    Hello,

    First off if you type a command on a single line you do not need to include the backslashes. That character has special meaning to the shell and could be causing some of your issues. Second make sure you have proper spaces in your command line, it's difficult to tell from the picture, so they could be fine. The third thing I would check is the syntax of the curlpod.json file. Are you using the file from the tarball, or did you type it by hand? If by hand use diff to compare against the tarball and see if there are any differences.

    Regards,

  • albtau81
    albtau81 Posts: 11

    Thanks Serewicz, I solved this issue...but I have another in Exercise 6.1: RESTful API Access:
    When I try to see if I can get basic API information from my cluster, using curl command
    "student@master:~$ curl https://master:6443/apis --header "Authorization: Bearer $token" -k ",
    I receive the protocol error:

    "curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)"

    Any idea of error cause?

    thanks again,
    Alberto.

  • chrispokorni
    chrispokorni Posts: 2,155

    Hi @albtau81,

    Are you able to confirm that the exported token has a value after step 4?

    Regards,
    -Chris

  • albtau81
    albtau81 Posts: 11

    Hi @chrispokorni,
    yes after step 4, I verified the presence of the token in the variable with the echo command.
    It seems something related to the protocol used when there is an header in the request..

    Thanks for help!

  • serewicz
    serewicz Posts: 1,000

    Hello,

    Are you running the curl command from a mac? There is a known curl bug I have encountered that only seems to affect mac users.

    If not using a mac, are there any errors or indications in the log of the kube-apiserver?

    Regards,

  • albtau81
    albtau81 Posts: 11

    hello,
    I am running the command using windows.
    Attached snaphots of directory where I am looking for logs and the log file.
    Hope it is helpful...
    Regards

  • albtau81
    albtau81 Posts: 11

    Hi @serewicz, just to mention you in the prevoius post :)
    Thanks,
    Alberto.

  • chrispokorni
    chrispokorni Posts: 2,155
    edited July 2021

    Hi @albtau81,

    curl may be run using the control-plane node's hostname, its private/internal IP address, and the k8scp alias. Any success when swapping them?

    Also, a solution on GitHub for HTTP/2 stream errors suggests to add the --http1.1 flag to the curl command. Can you try this as well?

    Regards,
    -Chris

  • albtau81
    albtau81 Posts: 11

    Hi @chrispokorni ,
    using the command : student@master:~$ curl https://k8scp:6443/api/v1 --header "Authorization: Bearer $token" --http1.1 -k,
    I receive the 403 error:
    {
    "kind": "Status",
    "apiVersion": "v1",
    "metadata": {

    },
    "status": "Failure",
    "message": "forbidden: User \"system:anonymous\" cannot get path \"/api/v1\"",
    "reason": "Forbidden",
    "details": {

    },
    "code": 403

    There isn' t any success even if I swap control-plane node's hostname (master), its InternalIP ( 10.2.0.4 ), and the k8scp alias.

    Regards,
    A.

  • chrispokorni
    chrispokorni Posts: 2,155

    Hi @albtau81,

    This error indicates that the token did not include the expected identifying string. This is often caused by the caret "^" sign being mishandled by the terminal. I would recommend typing in the caret "^" manually, especially if copy/pasting the entire command from the PDF lab guide.

    Regards,
    -Chris

Categories

Upcoming Training