Kubernetes/OpenShift: Can I patch a node condition status? - kubernetes

I am trying to patch the node condition type status, for example can I turn/replace the Whatever Node Condition type status from false to true and vice versa?
Edit: When I try to patch I am not getting any errors by yet not being updated.
Using Curl - I was able to update:
curl -k -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json-patch+json" -X PATCH APIserver:6443/api/v1/nodes/<node-name>/status --data '[{ "op": "replace", "path": "/status/conditions/-","value": { "type": "WhateverName", "status": "False" }}]'
Patch Example (not working):
oc patch node/<Node-Name> --type='json' -p '[{ "op": "replace", "path": "/status/conditions/0","value": { "type": "QuayState", "status": "True" }}]'
It's not giving errors but it's not changing anything, I am getting this output:
node/<nodeName> patched (no change)

Related

How to fetch Github workflows yaml files using Github Actions API

I am following this documentation:
https://docs.github.com/en/rest/reference/actions#list-repository-workflows
/repos/{owner}/{repo}/actions/workflows
My sample output looks like this:
{
"total_count": 1,
"workflows": [
{
"id": 161335,
"node_id": "MDg6V29ya2Zsb3cxNjEzMzU=",
"name": "CI",
"path": ".github/workflows/blank.yaml",
"state": "active",
"created_at": "2020-01-08T23:48:37.000-08:00",
"updated_at": "2020-01-08T23:50:21.000-08:00",
"url": "https://api.github.com/repos/octo-org/octo-repo/actions/workflows/161335",
"html_url": "https://github.com/octo-org/octo-repo/blob/master/.github/workflows/161335",
"badge_url": "https://github.com/octo-org/octo-repo/workflows/CI/badge.svg"
}
]
}
How do I fetch the workflow yaml file from this output
Given the filename, use the Get repository content API to fetch the file.
For your file, that'd be:
curl \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/octo-org/octo-repo/contents/.github/workflows/blank.yaml
The response JSON will contain a field content, which contains the encoded contents of that workflow.
Workflow yaml file in plain text:
curl \
-H "Accept: application/vnd.github.v3+json" \
https://raw.githubusercontent.com/octo-org/octo-repo/master/.github/workflows/blank.yaml

IBM Cloud Secrets Manager: Unable to create an arbitrary secret

I am trying the following API request for IBM Cloud Secrets Manager, but it fails:
curl -X POST "https://{instance_ID}.{region}.secrets-manager.appdomain.cloud/api/v1/secrets/arbitrary" -H "Authorization: Bearer $IAM_TOKEN" -H "Accept: application/json" -H "Content-Type: application/json" -d '{
"metadata": {
"collection_type": "application/vnd.ibm.secrets-manager.secret+json",
"collection_total": 1
},
"resources": [
{
"name": "example-arbitrary-secret",
"description": "Extended description for my secret.",
"secret_group_id": "432b91f1-ff6d-4b47-9f06-82debc236d90",
"payload: "secret-data",
"expiration_date": "2030-12-31T00:00:00Z",
"labels": [
"dev",
"us-south"
]
}
]
}'
There was a missing double-quote after payload...
curl -X POST "https://{instance_ID}.{region}.secrets-manager.appdomain.cloud/api/v1/secrets/arbitrary" -H "Authorization: Bearer $IAM_TOKEN" -H "Accept: application/json" -H "Content-Type: application/json" -d '{
"metadata": {
"collection_type": "application/vnd.ibm.secrets-manager.secret+json",
"collection_total": 1
},
"resources": [
{
"name": "example-arbitrary-secret",
"description": "Extended description for my secret.",
"secret_group_id": "432b91f1-ff6d-4b47-9f06-82debc236d90",
"payload": "secret-data",
"expiration_date": "2030-12-31T00:00:00Z",
"labels": [
"dev",
"us-south"
]
}
]
}'

error while importing curl request in Postman

I am trying to test rest api as mentioned here from Postman. I followed this thread here and tried importing the curl request in Postman but it's failing with the following error:
Here is the complete curl command:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Content-Type: application/json" \
--request PATCH \
--data '[
{
"operation": "add",
"field": "/members/-",
"value": {"_ref" : "managed/user/scarter"}
}
]' \
"http://localhost:8080/openidm/managed/role/cedadaed-5774-4d65-b4a2-41d455ed524a"
{
"_id": "cedadaed-5774-4d65-b4a2-41d455ed524a",
"_rev": "2",
"name": "employee",
"description": "Role granted to workers on the company payroll"
}

Add pod annotation through Kubernetes REST API

I can add labels to a pod as described here
But no luck to create annotations likewise
$ KUBE_TOKEN=$(</var/run/secrets/kubernetes.io/serviceaccount/token)
$ cat > patch.json <<EOF
]
{
"op": "add", "path": "/metadata/annotations/test", "value": "world"
}
]
EOF
$ curl -sSk -H "Authorization: Bearer $KUBE_TOKEN" --request PATCH --data "$(cat patch.json)" -H "Content-Type:application/json-patch+json" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/$POD_NAMESPACE/pods/$POD_NAME
the response is:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "jsonpatch add operation does not apply: doc is missing path: /metadata/annotations/test",
"code": 500
}
The error is related to non-existing path.
[
{
"op": "add", "path": "/metadata/annotations/", "value": { "test" : "world" }
}
]
Check out https://www.rfc-editor.org/rfc/rfc6902#section-4.1
AFAIR, you cannot add new annotations on existing resources. You can only update existing ones.

Kubernetes API : add label to pod

With command, I can add label as below
kubectl label pod POD_NAME KEY1=VALUE1
How could I do that from kubernetes API?
I guess it can be done by PATCH /api/v1/namespaces/{namespace}/pods/{name}
Here is pod.json
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"labels": {
"key1": "value1"
}
}
}
I tried with following command
KUBE_TOKEN=$(</var/run/secrets/kubernetes.io/serviceaccount/token)
curl --request PATCH --insecure \
--header "Authorization: Bearer $KUBE_TOKEN" \
--data "$(cat pod.json)" \
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/$POD_NAMESPACE/pods/$POD_NAME
And it returns
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "the server responded with the status code 415 but did not return more information",
"details": {},
"code": 415
}
Set content-type to application/json-patch+json and specify the patch in http://jsonpatch.org format.
$ cat > patch.json <<EOF
[
{
"op": "add", "path": "/metadata/labels/hello", "value": "world"
}
]
EOF
$ curl --request PATCH --data "$(cat patch.json)" -H "Content-Type:application/json-patch+json" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/$POD_NAMESPACE/pods/$POD_NAME
In order to use JSON Patch properly, you have to set content type to application/json-patch+json as defined in RFC6902. Works for me.