DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs:update troubleshooting.md (#7224)

Browse source 
* Update troubleshooting.md

Made the troubleshooting steps a bit more fluid IMHO.

* Update troubleshooting.md

Fixed introduced troubleshooting workflow change.

* Update troubleshooting.md

Fixed token path in new proposed workflow.

* Update troubleshooting.md

Fixed terminology (pod vs. container)

* Changed verb to get CLA refresh.

* Updating PR with requested changes.

Signed-off-by: Robert Jackson <robert@aztek.io>
This commit is contained in:
Robert J 2021-07-26 19:04:45 -05:00 committed by GitHub
parent a82ea7d617
commit c4cc9a504a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
docs/troubleshooting.md
View file

@ -173,68 +173,47 @@ Verify with the following commands:
```console ```console
# start a container that contains curl # start a container that contains curl
$ kubectl run test --image=tutum/curl -- sleep 10000 $ kubectl run -it --rm test --image=curlimages/curl --restart=Never -- /bin/sh
# check that container is running
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
test-701078429-s5kca 1/1 Running 0 16s
# check if secret exists # check if secret exists
$ kubectl exec test-701078429-s5kca -- ls /var/run/secrets/kubernetes.io/serviceaccount/ / $ ls /var/run/secrets/kubernetes.io/serviceaccount/
ca.crt ca.crt namespace token
namespace / $
token
# get service IP of master
$ kubectl get services
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes 10.0.0.1 <none> 443/TCP 1d
# check base connectivity from cluster inside # check base connectivity from cluster inside
$ kubectl exec test-701078429-s5kca -- curl -k https://10.0.0.1 / $ curl -k https://kubernetes.default.svc.cluster.local
Unauthorized {
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
"reason": "Forbidden",
"details": {
},
"code": 403
}/ $
# connect using tokens # connect using tokens
$ TOKEN_VALUE=$(kubectl exec test-701078429-s5kca -- cat /var/run/secrets/kubernetes.io/serviceaccount/token) }/ $ curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default.svc.cluster.local
$ echo $TOKEN_VALUE && echo
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3Mi....9A
$ kubectl exec test-701078429-s5kca -- curl --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $TOKEN_VALUE" https://10.0.0.1
{ {
"paths": [ "paths": [
"/api", "/api",
"/api/v1", "/api/v1",
"/apis", "/apis",
"/apis/apps", "/apis/",
"/apis/apps/v1alpha1", ... TRUNCATED
"/apis/authentication.k8s.io", "/readyz/shutdown",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v2alpha1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1alpha1",
"/apis/networking",
"/apis/networking/v1beta1",
"/apis/policy",
"/apis/policy/v1alpha1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1alpha1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/ping",
"/logs",
"/metrics",
"/swaggerapi/",
"/ui/",
"/version" "/version"
] ]
} }
/ $
# when you type `exit` or `^D` the test pod will be deleted.
``` ```
If it is not working, there are two possible reasons: If it is not working, there are two possible reasons: