Pages

Thursday, December 24, 2020

How to use kubectl CLI from Master and Worker VMs in PKS

When cluster operations fails, you need access to the cluster through kubectl CLI. However, in some instances, pks get-credentials errors out while fetching kubeconfig for the cluster.


An alternate way to resume troubleshooting is to SSH into the Master or Worker VMs of the cluster, see the kubectl binary, and see the kubeconfigs present on the VMs. This article details the procedure to setup the kubectl CLI

Execute the following to get access to kubectl CLI from the Kubernetes Master VM. 

bosh ssh -d service-instance_50a78f35-df99-4cf3-8815-7b680577ef59 master/0

master/01850df7-daaa-4b9c-a61f-e921074546ad:~$ sudo su -
master/01850df7-daaa-4b9c-a61f-e921074546ad:~# alias kubectl=/var/vcap/packages/kubernetes/bin/kubectl

master/01850df7-daaa-4b9c-a61f-e921074546ad:~# kubectl get pods -n pks-system

NAME                               READY     STATUS    RESTARTS   AGE
fluent-bit-mwbxd                   1/1       Running   0          1d
fluent-bit-vp66b                   1/1       Running   0          1d
sink-controller-57df674b84-wjp4k   1/1       Running   0          1d
Execute the following to get access to kubectl CLI from the Kubernetes Worker VM. 
bosh ssh -d service-instance_50a78f35-df99-4cf3-8815-7b680577ef59 worker/0

worker/a3b4ccb6-1d14-4ee4-a1f1-6d5211dfe4b9:~$ sudo su -
worker/a3b4ccb6-1d14-4ee4-a1f1-6d5211dfe4b9:~# alias kubectl="/var/vcap/packages/kubernetes/bin/kubectl --kubeconfig=/var/vcap/jobs/kubelet/config/kubeconfig"

worker/a3b4ccb6-1d14-4ee4-a1f1-6d5211dfe4b9:~# kubectl get pods -n pks-system
NAME                               READY     STATUS    RESTARTS   AGE
fluent-bit-mwbxd                   1/1       Running   0          1d
fluent-bit-vp66b                   1/1       Running   0          1d
sink-controller-57df674b84-wjp4k   1/1       Running   0          1d
Done

Wednesday, December 23, 2020

Changing the Auth Mode in Harbor from Internal Database to OIDC - options greyed out


Customer is using TKGi 1.9.2 with embbeded Harbor 2.1. Harbor has database auth mode by default.

Now customer wants to integrate the same harbor with OIDC. I was not able to change the auth mode in harbor URL. The drop-down button is disabled. 





Solution:


SSH into Harbor VM and Access PostgreSQL Database
~$ bosh -e pks vms
 Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
 Task 186. Done
 :
 Deployment 'harbor-container-registry-74b44adfd44a90f27cb3'
 Instance                                         Process State AZ IPs VM CID                           VM Type
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842  running AZ1 10.193.121.13 vm-c5eb38a5-acd7-4769-a731-617b0de04dd5  large.disk
 :
  
 ~$ bosh -e pks -d harbor-container-registry-74b44adfd44a90f27cb3 ssh harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~$ sudo -i
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# alias docker='/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/dockerd.sock'
 
Clear out all users except admin/anonymous. If there is any foreign key association, it is also necessary to remove the association
harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:/# docker exec -it harbor-db bash
root [ / ]# psql -U postgres
\c registry
select * from harbor_user;
delete from harbor_user where user_id > 2;

Refresh the Harbor web console-> Configurations, then you can change the auth_mode to OIDC.






Done.

Friday, December 18, 2020

VMware Influencer 100 Club

I am so happy as well for this recognition and gladly accept the invitation to join the VMware Influencer 100 Club. Thanks to Noell Grier and VMware for this amazing award!

Monday, June 1, 2020

vExpert 2020 Second Half are now open

I am very happy to be part of the vExpert Program, I'm vExpert for fourth year in a row. Proud to be part of this great group also for this year and the chance to be in touch with top experts of the field will be helpful for sharing and improving the experience. 

Also, I had the great pleasure that I was accepted to be part the vExpert PRO program first time. Another thing to be proud.

The vExpert program is designed to aid success and help amplify your external brands and channels, focused on a specific VMware technology.  They also focusing on improving your relationship with the VMware Business Unit, so I can make a direct impact on the technology. The program is not focused on certifications or how much you know about the technology. 


If you wish to apply for vExpert, the applications are open:




https://blogs.vmware.com/vexpert/2020/05/31/vexpert-applications-are-open-dont-miss-out/

I recommend you enter the plan for many reasons such as motivation, pride, knowledge and an enormous desire to continue learning but above all to continue growing as a community.

vExpert Program Benefits

    Here’s is list of some of the benefits for receiving the award.
    • Networking with 2,000 vExperts / Information Sharing
    • Knowledge Expansion on VMware & Partner Technology
    • Opportunity to apply for vExpert BU Lead Subprograms (see below)
    • Possible Job Opportunities
    • Direct Access to VMware Business Units via Subprograms
    • Blog Traffic Boost through Advocacy, @vExpert, @VMware, VMware Launch & Announcement Campaigns
    • 1 Year VMware Licenses for Home Labs for almost all Products & Some Partner Products
    • Private VMware & VMware Partner Sessions
    • Gifts from VMware and VMware Partners
    • vExpert Celebration Parties at both VMworld US and VMworld Europe with VMware CEO, Pat Gelsinger
    • VMware Advocacy Platform Invite (share your content to thousands of vExperts & VMware employees who amplify your content via their social channels)
    • Private Slack Channels for vExpert and the BU Lead Subprograms
    The process to apply is easy, twice per calendar year we open applications for a period of 30 days. Once the 30 days are over we close the applications and start voting which takes 30 to 45 days. Applications open for each calendar year in November / December and results are announced in February. We open applications again which we refer to 2nd half applications in June with an August announcement. Every vExpert, VCDX as well as any new applicants must apply at least once per year. 

    Regards

    Friday, May 29, 2020

    Issue installing PKS Enterprise 1.6.2


    I'm installing PKS Enterprise 1.6.2, this is the last release for PKS Enterprise 1.6 version. After I configured using EPMC (Enterprise PKS Management Console) and I applied all changes using the wizard, I was getting the error:

    May 27 17:32:04 Automator (Deploy ops-manager 2.8.5) failed: error validating Ops Manager ntp: Command error output: ntp servers provided invalid\n, error: exit status 1\n”
    May 27 17:32:06 pks-mgmt-server[919]: time=“2020-05-27T17:32:06Z” level=info msg=“Update for deployment 78c21e04-4416-484f-ba1a-83d310e181c2 - Deploy ops-manager 2.8.5: state( failed) error validating Ops Manager ntp: Command error output: ntp servers provided invalid\n, error: exit status 1\n”


    I found the NTP server was not reachable from OpsMan appliance. I suspect the NTP server has some type of Firewall blocking the communication.  I made some test to port 123 (NTP) from OpsMan appliance and effectively there was a communication problem.

    After the security team opened the port 123 to NTP from/to PKS Floading Range the installation continue good so far. 


    Regards