We Keep Coding

kong admin api giving 404 to /services path - kubernetes

I am trying to set up Kong API gateway inside the rancher Kubernetes in db mode(PostgreSQL PV) installed through helm with latest version. The admin API that Kong exposes doesn't have the services or routes path available. So calling the API with "/services" path is giving 404 error. The root path is giving 200 OK status
Calling the http://localhost:8001 is giving 200 OK status with the following response body:
curl localhost:8001
response:
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/acme.cert-manager.io",
"/apis/acme.cert-manager.io/v1",
"/apis/admissionregistration.k8s.io",
"/apis/admissionregistration.k8s.io/v1",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1",
"/apis/apiregistration.k8s.io",
"/apis/apiregistration.k8s.io/v1",
"/apis/apps",
"/apis/apps/v1",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2",
"/apis/autoscaling/v2beta1",
"/apis/autoscaling/v2beta2",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v1beta1",
"/apis/catalog.cattle.io",
"/apis/catalog.cattle.io/v1",
"/apis/cert-manager.io",
"/apis/cert-manager.io/v1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1",
"/apis/cluster.cattle.io",
"/apis/cluster.cattle.io/v3",
"/apis/configuration.konghq.com",
"/apis/configuration.konghq.com/v1",
"/apis/configuration.konghq.com/v1alpha1",
"/apis/configuration.konghq.com/v1beta1",
"/apis/coordination.k8s.io",
"/apis/coordination.k8s.io/v1",
"/apis/crd.projectcalico.org",
"/apis/crd.projectcalico.org/v1",
"/apis/discovery.k8s.io",
"/apis/discovery.k8s.io/v1",
"/apis/discovery.k8s.io/v1beta1",
"/apis/events.k8s.io",
"/apis/events.k8s.io/v1",
"/apis/events.k8s.io/v1beta1",
"/apis/flowcontrol.apiserver.k8s.io",
"/apis/flowcontrol.apiserver.k8s.io/v1beta1",
"/apis/flowcontrol.apiserver.k8s.io/v1beta2",
"/apis/management.cattle.io",
"/apis/management.cattle.io/v3",
"/apis/metallb.io",
"/apis/metrics.k8s.io",
"/apis/metrics.k8s.io/v1beta1",
"/apis/networking.k8s.io",
"/apis/networking.k8s.io/v1",
"/apis/node.k8s.io",
"/apis/node.k8s.io/v1",
"/apis/node.k8s.io/v1beta1",
"/apis/policy",
"/apis/policy/v1",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1",
"/apis/scheduling.k8s.io",
"/apis/scheduling.k8s.io/v1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1",
"/apis/storage.k8s.io/v1beta1",
"/apis/ui.cattle.io",
"/apis/ui.cattle.io/v1",
"/healthz",
"/healthz/autoregister-completion",
"/healthz/etcd",
"/healthz/log",
"/healthz/ping",
"/healthz/poststarthook/aggregator-reload-proxy-client-cert",
"/healthz/poststarthook/apiservice-openapi-controller",
"/healthz/poststarthook/apiservice-openapiv3-controller",
"/healthz/poststarthook/apiservice-registration-controller",
"/healthz/poststarthook/apiservice-status-available-controller",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/crd-informer-synced",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/kube-apiserver-autoregistration",
"/healthz/poststarthook/priority-and-fairness-config-consumer",
"/healthz/poststarthook/priority-and-fairness-config-producer",
"/healthz/poststarthook/priority-and-fairness-filter",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/healthz/poststarthook/start-cluster-authentication-info-controller",
"/healthz/poststarthook/start-kube-aggregator-informers",
"/healthz/poststarthook/start-kube-apiserver-admission-initializer",
"/livez",
"/livez/autoregister-completion",
"/livez/etcd",
"/livez/log",
"/livez/ping",
"/livez/poststarthook/aggregator-reload-proxy-client-cert",
"/livez/poststarthook/apiservice-openapi-controller",
"/livez/poststarthook/apiservice-openapiv3-controller",
"/livez/poststarthook/apiservice-registration-controller",
"/livez/poststarthook/apiservice-status-available-controller",
"/livez/poststarthook/bootstrap-controller",
"/livez/poststarthook/crd-informer-synced",
"/livez/poststarthook/generic-apiserver-start-informers",
"/livez/poststarthook/kube-apiserver-autoregistration",
"/livez/poststarthook/priority-and-fairness-config-consumer",
"/livez/poststarthook/priority-and-fairness-config-producer",
"/livez/poststarthook/priority-and-fairness-filter",
"/livez/poststarthook/rbac/bootstrap-roles",
"/livez/poststarthook/scheduling/bootstrap-system-priority-classes",
"/livez/poststarthook/start-apiextensions-controllers",
"/livez/poststarthook/start-apiextensions-informers",
"/livez/poststarthook/start-cluster-authentication-info-controller",
"/livez/poststarthook/start-kube-aggregator-informers",
"/livez/poststarthook/start-kube-apiserver-admission-initializer",
"/logs",
"/metrics",
"/openapi/v2",
"/openapi/v3",
"/openapi/v3/",
"/readyz",
"/readyz/autoregister-completion",
"/readyz/etcd",
"/readyz/informer-sync",
"/readyz/log",
"/readyz/ping",
"/readyz/poststarthook/aggregator-reload-proxy-client-cert",
"/readyz/poststarthook/apiservice-openapi-controller",
"/readyz/poststarthook/apiservice-openapiv3-controller",
"/readyz/poststarthook/apiservice-registration-controller",
"/readyz/poststarthook/apiservice-status-available-controller",
"/readyz/poststarthook/bootstrap-controller",
"/readyz/poststarthook/crd-informer-synced",
"/readyz/poststarthook/generic-apiserver-start-informers",
"/readyz/poststarthook/kube-apiserver-autoregistration",
"/readyz/poststarthook/priority-and-fairness-config-consumer",
"/readyz/poststarthook/priority-and-fairness-config-producer",
"/readyz/poststarthook/priority-and-fairness-filter",
"/readyz/poststarthook/rbac/bootstrap-roles",
"/readyz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/readyz/poststarthook/start-apiextensions-controllers",
"/readyz/poststarthook/start-apiextensions-informers",
"/readyz/poststarthook/start-cluster-authentication-info-controller",
"/readyz/poststarthook/start-kube-aggregator-informers",
"/readyz/poststarthook/start-kube-apiserver-admission-initializer",
"/readyz/shutdown",
"/version"
]
Calling the admin API root path with --head flag:
curl --head localhost:8001
response:
HTTP/1.1 200 OK Audit-Id: 68823bl0-9675-413a-8ef6-7th7df4d33z3
Cache-Control: no-cache, private Content-Type: application/json Date:
Mon, 20 Feb 2023 06:21:20 GMT X-Kubernetes-Pf-Flowschema-Uid:
bdb1c5f5-5e70-49b0-ba33-cb7420e90d89
X-Kubernetes-Pf-Prioritylevel-Uid:
29u9a7m6-b50j-404d-brg7-7f98b77c1ghb
**3. Calling the admin API with /services path to list all the services:
curl localhost:8001/services
response: 404 page not found**

Your response is not Kong API Gateway response, please ensure your kong is exposed to public.

Related

I have a Groovy script which is run in the Jenkins script console. The script uses the JFrog Rest API to run some queries. One of which returns: status code: 404, reason phrase: Not Found
CURL:
$ curl -X GET -H "X-JFrog-Art-Api:APIKey" https://OU.jfrog.io/OU/api/storage/test-repository/docker-log-gen/1.12/manifest.json?properties
{
"properties" : { ... },
"uri" : "https://OU.jfrog.io/artifactory/api/storage/test-repository/docker-log-gen/1.12/manifest.json"
}
WGET
$ wget --header="X-JFrog-Art-Api:APIKey" https://OU.jfrog.io/OU/api/storage/test-repository/docker-log-gen/1.12/manifest.json?properties
--2020-01-14 13:12:16-- https://OU.jfrog.io/OU/api/storage/test-repository/docker-log-gen/1.12/manifest.json?properties
HTTP request sent, awaiting response... 200 OK
Jenkins Groovy
def restClient = new RESTClient('https://OU.jfrog.io')
restClient.headers['X-JFrog-Art-Api'] = 'APIKey'
println(restClient.get(path: '/OU/api/storage/test-repository/docker-log-gen/1.12/manifest.json?properties', requestContentType: 'text/plain') )
groovyx.net.http.HttpResponseException: status code: 404, reason phrase: Not Found
Other rest calls (api/docker) are made prior to this one in the script and return successfully. I am unable to identify a cause for this response, as shown the command-line calls return the expected JSON.
Please help.

The part after the first question mark is not the URI path component.
println(restClient.get(path: '/OU/api/storage/test-repository/docker-log-gen/1.12/manifest.json', query: ['properties': ''] , requestContentType: 'text/plain').data.text )
{
"properties" : { ... },
"uri" : "https://OU.jfrog.io/artifactory/api/storage/test-repository/docker-log-gen/1.12/manifest.json"
}

I'm using this tutorial TensorFlow Serving with Docker to query
curl -d '{"instances": [1.0, 2.0, 5.0]}' \
-X POST http://localhost:8501/v1/models/half_plus_two:predict
It returns
`C:\WINDOWS\system32>curl -d '{"instances": [1.0, 2.0, 5.0]}' -X POST http://localhost:8501/v1/models/half_plus_two:predict
curl: (3) [globbing] bad range in column 2
curl: (6) Could not resolve host: 2.0,
curl: (3) [globbing] unmatched close brace/bracket in column 4
{ "error": "JSON Parse error: Invalid value. at offset: 0" }`
But the docker is running fine.
PS E:\git_portable> docker run -t --rm -p 8501:8501 -v "E:\git_portable\serving\tensorflow_serving\servables\tensorflow\testdata\saved_model_half_plus_two_cpu:/models/half_plus_two" -e MODEL_NAME=half_plus_two tensorflow/serving
2019-11-10 07:11:17.037045: I tensorflow_serving/model_servers/server.cc:85] Building single TensorFlow model file config: model_name: half_plus_two model_base_path: /models/half_plus_two
2019-11-10 07:11:17.037797: I tensorflow_serving/model_servers/server_core.cc:462] Adding/updating models.
2019-11-10 07:11:17.037861: I tensorflow_serving/model_servers/server_core.cc:573] (Re-)adding model: half_plus_two
2019-11-10 07:11:17.158245: I tensorflow_serving/core/basic_manager.cc:739] Successfully reserved resources to load servable {name: half_plus_two version: 123}
2019-11-10 07:11:17.158435: I tensorflow_serving/core/loader_harness.cc:66] Approving load for servable version {name: half_plus_two version: 123}
2019-11-10 07:11:17.158496: I tensorflow_serving/core/loader_harness.cc:74] Loading servable version {name: half_plus_two version: 123}
2019-11-10 07:11:17.158573: I external/org_tensorflow/tensorflow/cc/saved_model/reader.cc:31] Reading SavedModel from: /models/half_plus_two/00000123
2019-11-10 07:11:17.170610: I external/org_tensorflow/tensorflow/cc/saved_model/reader.cc:54] Reading meta graph with tags { serve }
2019-11-10 07:11:17.172642: I external/org_tensorflow/tensorflow/core/platform/cpu_feature_guard.cc:142] Your CPU supports instructions that this TensorFlow binary was not compiled to use: AVX2 FMA
2019-11-10 07:11:17.212202: I external/org_tensorflow/tensorflow/cc/saved_model/loader.cc:202] Restoring SavedModel bundle.
2019-11-10 07:11:17.230431: I external/org_tensorflow/tensorflow/cc/saved_model/loader.cc:151] Running initialization op on SavedModel bundle at path: /models/half_plus_two/00000123
2019-11-10 07:11:17.236016: I external/org_tensorflow/tensorflow/cc/saved_model/loader.cc:311] SavedModel load for tags { serve }; Status: success. Took 77445 microseconds.
2019-11-10 07:11:17.237262: I tensorflow_serving/servables/tensorflow/saved_model_warmup.cc:105] No warmup data file found at /models/half_plus_two/00000123/assets.extra/tf_serving_warmup_requests
2019-11-10 07:11:17.247605: I tensorflow_serving/core/loader_harness.cc:87] Successfully loaded servable version {name: half_plus_two version: 123}
2019-11-10 07:11:17.250931: I tensorflow_serving/model_servers/server.cc:353] Running gRPC ModelServer at 0.0.0.0:8500 ...
[warn] getaddrinfo: address family for nodename not supported
2019-11-10 07:11:17.252948: I tensorflow_serving/model_servers/server.cc:373] Exporting HTTP/REST API at:localhost:8501 ...
When I run plain curl to localhost, it returns fine.
C:\WINDOWS\system32>curl http://localhost:8501/v1/models/half_plus_two
{
"model_version_status": [
{
"version": "123",
"state": "AVAILABLE",
"status": {
"error_code": "OK",
"error_message": ""
}
}
]
}
What am I doing wrong here?

We had the same issue. Here ..
Windows's cmd doesn't support strings with single quotes. Use " and
escape the inner ones with \".
in this link: Windows: curl with json data on the command line
now,
`C:\WINDOWS\system32>curl -d "{\"instances\": [1.0, 2.0, 5.0]}" \
-X POST http://127.0.0.1:8501/v1/models/half_plus_two:predict
{
"predictions": [2.5, 3.0, 4.5
]
}`

I deployed API Manager 2.1.0 and setup the api-import-export-2.1.0 war file described here. After importing my API endpoint by uploading a zip file the status=CREATED.
To actually publish the API I am calling the Publisher's change-lifecycle API but I am getting this exception:
TID: [-1234] [] [2017-07-06 11:11:57,289] ERROR
{org.wso2.carbon.apimgt.rest.api.util.exception.GlobalThrowableMapper}
- An Unknown exception has been captured by global exception mapper.
{org.wso2.carbon.apimgt.rest.api.util.exception.GlobalThrowableMapper}
java.lang.NoSuchMethodError:
org.wso2.carbon.apimgt.api.APIProvider.changeLifeCycleStatus(Lorg/wso2/carbon/apimgt/api/model/APIIdentifier;Ljava/lang/String;)Z
Any ideas on why?
I can get an access token (scope apim:api_view) and call this
:9443/api/am/publisher/v0.10/apis
to list the api's just fine.
I get a different acces_token (for scope: apim:api_publish) and then call
:9443/api/am/publisher/v0.10/apis/change-lifecycle
but get the above Exception. Here's the example:
[root#localhost] ./publish.sh
View APIs (token dc0c1497-6c27-3a10-87d7-b2abc7190da5 scope: apim:api_view)
curl -k -s -H "Authorization: Bearer dc0c1497-6c27-3a10-87d7-b2abc7190da5" https://gw-node:9443/api/am/publisher/v0.10/apis
{
"count": 1,
"next": "",
"previous": "",
"list": [
{
"id": "d214f784-ee16-4067-9588-0898a948bb17",
"name": "Health",
"description": "health check",
"context": "/api",
"version": "v1",
"provider": "admin",
"status": "CREATED"
}
] }
Publish API (token b9a31369-8ea3-3bf2-ba3c-7f2a4883de7d scope: apim:api_publish)
curl -k -H "Authorization: Bearer b9a31369-8ea3-3bf2-ba3c-7f2a4883de7d" -X POST https://gw-node:9443/api/am/publisher/v0.10/apis/change-lifecycle?apiId=d214f784-ee16-4067-9588-0898a948bb17&action=Publish
{
"code":500,
"message":"Internal server error",
"description":"The server encountered an internal error. Please contact administrator.",
"moreInfo":"",
"error":[]
}

Issue resolved. In apim 2.1 the publisher & store API versions changed.
In apim 2.0 I was using:
:9443/api/am/publisher/v0.10/apis
:9443/api/am/store/v0.10/apis
but in apim 2.1 they are:
:9443/api/am/publisher/v0.11/apis
:9443/api/am/store/v0.11/apis

I'm trying to use the REST API by Barracuda ADC and/or WAF and, while it works when I use cURL (from the documentation):
Request:
$ curl
-X POST \
-H "Content-Type:application/json" \
-d '{"username": "admin", "password": "admin"}' \ http://10.11.19.104:8000/restapi/v2/login
Response:
{"token":"eyJldCI6IjEzODAyMzE3NTciLCJwYXNzd29yZCI6ImY3NzY2ZTFmNTgwMzgyNmE1YTAzZWZlMzcy\nYzgzOTMyIiwidXNlciI6ImFkbWluIn0=\n"}
Then we should use that token to execute commands on the API, something like:
$ curl
-X GET \
-H "Content-Type:application/json" \
-u 'eyJldCI6IjEzODAyMzE3NTciLCJwYXNzd29yZCI6ImY3NzY2ZTFmNTgwMzgyNmE1YTAzZWZlMzcy\nYzgzOTMyIiwidXNlciI6ImFkbWluIn0=\n': \
http://10.11.19.104:8000/restapi/v2/virtual_service_groups
And it'll give me a response listing (in this case) my virtual service groups, and it works with cURL.
Now, when I try to use ansible to do the same things, the first step to authenticate goes successfully (I can even use the generated token with cURL and it accepts it), but the second step to run the commands with the generated token always gives me 401 error (Invalid credentials):
- name: login into the load balancer
uri:
url: "{{ barracuda_url }}/login"
method: POST
body_format: json
body:
username: "{{ barracuda_user }}"
password: "{{ barracuda_pass }}"
headers:
Content-Type: application/json
return_content: yes
force_basic_auth: yes
register: login
tags: login, debug
- debug: msg="{{ login.json.token }}"
tags: debug
- name: get
uri:
url: "{{ barracuda_url }}/virtual_service_groups"
method: GET
body_format: json
user: "{{ login.json.token }}:"
headers:
Content-Type: application/json
return_content: yes
force_basic_auth: yes
register: response
Output of my playbook:
TASK [loadbalancer : login into the load balancer] *****************************
ok: [localhost]
TASK [loadbalancer : debug] ****************************************************
ok: [localhost] => {
"msg": "eyJldCI9IjE0ODQ2MDcxNTAiXCJwYXNzd29yZCI6IjRmM2TlYWMwN2ExNmUxYWFhNGEwNTU5NTMw\nZGQ3ZmM3IiwiaXNlciI6IndpYSJ9\n"
}
TASK [loadbalancer : get] ******************************************************
fatal: [localhost]: FAILED! => {"changed": false, "connection": "close", "content": "{\"error\":{\"msg\":\"Please log in to get valid token\",\"status\":401,\"type\":\"Invalid Credentials\"}}", "content_type": "application/json; charset=utf8", "date": "Mon, 16 Jan 2017 22:32:30 GMT", "failed": true, "json": {"error": {"msg": "Please log in to get valid token", "status": 401, "type": "Invalid Credentials"}}, "msg": "Status code was not [200]: HTTP Error 401: ", "redirected": false, "server": "BarracudaHTTP 4.0", "status": 401, "transfer_encoding": "chunked", "url": "http://10.11.19.104:8000/restapi/v2/virtual_service_groups"}

Remove the colon from "{{ login.json.token }}:" in user argument. Use:
user: "{{ login.json.token }}"
The colon is not a part of a username, but a curl syntax (used in your example to avoid an interactive password prompt):
-u, --user <user:password>
[ ]
If you simply specify the user name, curl will prompt for a password.

I want to publish some data on the Orion context broker global instance and I have requested a token as referred at Quick start guide. When I continue coding (java client) next day I got:
Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: java.net.SocketException: Unexpected end of file from server
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
at com.sun.jersey.api.client.Client.handle(Client.java:652)
at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
at com.sun.jersey.api.client.WebResource$Builder.get(WebResource.java:509)
at publishers.fiware.OrionClient.getEntities(OrionClient.java:23)
at FiwareTest.main(FiwareTest.java:11)
Caused by: java.net.SocketException: Unexpected end of file from server
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:792)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647)
at sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:789)
at sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:647)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1536)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:253)
at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
... 6 more
So I requested a new token and worked again.
A token generated that way has an expiration time? How much?
Do I have a way to get a non expiring token?

According with OpenStack Keystone default configuration, tokens expires after 1 hour:
http://docs.openstack.org/juno/config-reference/content/section_keystone.conf.html
# Amount of time a token should remain valid (in seconds).
# (integer value)
#expiration=3600
You can renew it by getting another one:
http://developer.openstack.org/api-ref/identity/v3/index.html?expanded=#token-authentication-with-unscoped-authorization
POST /v3/auth/tokens HTTP/1.1
Host: test.ttcloud.net:5001
Content-Type: application/json
X-Auth-Token: {{user-token}}
{
"auth": {
"identity": {
"methods": [
"token"
],
"token": {
"id": "{{user-token}}"
}
}
}
}