I have a kubernetes cluster and i have already deployed a pod (which runs a web app with flask) in my cluster and a service for that pod.
Also i am using kubernetes python client and i am wondering how can i call a service of my cluster using kubernetes python client.
I found connect_get_namespaced_service_proxy() method from another post and i tried the following:
try:
api_response = v1.connect_get_namespaced_service_proxy("sorting", "default")
pprint(api_response)
except ApiException as e:
print("Exception when calling CoreV1Api->connect_get_namespaced_service_proxy: %s\n" % e)
When i run it i have:
Exception when calling CoreV1Api->connect_get_namespaced_service_proxy: (503)
Reason: Service Unavailable
HTTP response headers: HTTPHeaderDict({'Audit-Id': '27249d08-e579-4464-925a-089514552ca1', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'Date': 'Fri, 10 Jun 2022 14:56:31 GMT', 'Content-Length': '169'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"no endpoints available for service \"sorting\"","reason":"ServiceUnavailable","code":503}
I am not sure if this function indeed call the service that i want. Any help how can i call the specific service?
Related
Python version 3.8.10
Kubernetes version 23.3.0
I'm trying to run a command into a specific pod in kubernetes using python. I've tried to reduce the code as much as I could, so I'm running this.
from kubernetes import client, config
config.load_kube_config()
v1 = client.CoreV1Api()
response = v1.connect_get_namespaced_pod_exec(pod_name , namespace, command="df -h", stderr=True, stdin=True, stdout=True, tty=True)
print(response)
But it's not working. I'm getting this response.
kubernetes.client.exceptions.ApiException: (400)
Reason: Bad Request
HTTP response headers: HTTPHeaderDict({'Audit-Id': '511c23ce-03bb-4b52-a559-3f354fc80235', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'Date': 'Fri, 18 Mar 2022 18:06:11 GMT', 'Content-Length': '139'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Upgrade request required","reason":"BadRequest","code":400}
If I run typical example of list all pods . It's working fine. So, it should not be a configuration issue. I've read about this problem in the past here and here. But I assume it cannot be that, due to they are closed issues.
If I run k9s shell request, I can connect with pod with no problem. This is what I see in ps a when I'm doing this /usr/bin/kubectl --context gke_cloudpak_europe-west2-xxxxx exec -it -n namespace_name pod_name -c rt -- sh -c command -v bash >/dev/null && exec bash || exec sh
Another update, I've found this info. At last of page there is a paragraph with says.
Why Exec/Attach calls doesn’t work
Starting from 4.0 release, we do not support directly calling exec or attach calls. you should use stream module to call them. so instead of resp = api.connect_get_namespaced_pod_exec(name, ... you should call resp = stream(api.connect_get_namespaced_pod_exec, name, ....
Using Stream will overwrite the requests protocol in core_v1_api.CoreV1Api() This will cause a failure in non-exec/attach calls. If you reuse your api client object, you will need to recreate it between api calls that use stream and other api calls.
I've tried to do it in this way, but same result :(
Any idea about what I'm doing wrong?
Thanks a lot for your help.
Regards
Yes, this official guide says that you should use resp = **stream**(api.connect_get_namespaced_pod_exec(name, ... instead.
So you have to edit your code like this:
...
from kubernetes.stream import stream
...
v1 = client.CoreV1Api()
response = stream(v1.connect_get_namespaced_pod_exec, pod_name , namespace, command="df -h", stderr=True, stdin=True, stdout=True, tty=True)
print(response)
I'd like to call the openshift machine api (/apis/machine.openshift.io/v1beta1/machines). Is there a way to do this using the kubernetes Python module? I can create an api object like this:
>>> from kubernetes import client, config
>>> config.load_incluster_config()
>>> api = client.CoreV1API()
Of course, that's a core API client, which doesn't include native support for the machine api. But the object has all the endpoint and authentication information. There is a likely looking api.api_client.call_api method, but it doesn't seem to make use of the auth information embedded in the api_client object:
>>> api.api_client.call_api('/apis/machine.openshift.io/v1beta1/machines', 'GET')
[...]
kubernetes.client.rest.ApiException: (403)
Reason: Forbidden
I can explicitly pass in auth information, but then it doesn't seem to return any content:
>>> >>> api.api_client.call_api('/apis/machine.openshift.io/v1beta1/machines', 'GET', auth_settings=api.api_client.configuration.auth_settings())
(None, 200, HTTPHeaderDict({'Audit-Id': '6f6965b5-1ad7-4c5e-ab61-343e38718ff8', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Kubernetes-Pf-Flowschema-Uid': '9
5848e47-b51c-46eb-aa4f-e25130d61e09', 'X-Kubernetes-Pf-Prioritylevel-Uid': '39391d77-7b32-4aa2-93c3-9915a302d361', 'Date': 'Fri, 04 Sep 2020 19:43:59 GMT', 'Transfer-Encoding': 'chunked'}))
I can of course just use requests:
>>> requests.get(f'{api.api_client.configuration.host}/apis/machine.openshift.io/v1beta1/machines', verify=False, headers=api.api_client.configuration.api_key)
<Response [200]>
That works fine, but it smells like I'm going about things the wrong way. What's the correct way to make arbitrary API requests using the Python kubernetes module?
Referring from here you could use api_client.call_api as below to call arbitrary APIs by passing a valid BearerToken which could be a service account token.
api_client.call_api('/apis/machine.openshift.io/v1beta1/machines', 'GET', auth_settings = ['BearerToken'], response_type='json', _preload_content=False)
I'm using the DocuSign python sdk to send envelopes and JWT authentication. Everything works fine on my MAC. I am then trying to run same app in Docker container and it fails with exception when requesting the JWT token from DocuSign server with "no_valid_keys_or_signatures". All of the security id info seems to be correct, client Id, private key, ds_impersonated_user_id and authorization_server: account-d.docusign.com
What am I missing?
2020-07-15 16:27:51,363 - ERROR - fail to get jwt toekn
Traceback (most recent call last):
File "/usr/src/app/utils/docusign.py", line 366, in _jwt_auth
expires_in=3600
File "/usr/local/lib/python3.7/site-packages/docusign_esign/client/api_client.py", line 694, in request_jwt_user_token
{"assertion": token, "grant_type": OAuth.GRANT_TYPE_JWT}))
File "/usr/local/lib/python3.7/site-packages/docusign_esign/client/api_client.py", line 399, in request
body=body)
File "/usr/local/lib/python3.7/site-packages/docusign_esign/client/api_response.py", line 235, in POST
body=body)
File "/usr/local/lib/python3.7/site-packages/docusign_esign/client/api_response.py", line 191, in request
raise ApiException(http_resp=r)
docusign_esign.client.api_exception.ApiException: (400)
Reason: Bad Request
HTTP response headers: HTTPHeaderDict({'Cache-Control': 'no-cache', 'Pragma': 'no-cache', 'Content-Type': 'application/json; charset=utf-8', 'Expires': '-1', 'Server': 'Microsoft-IIS/8.5', 'X-AspNetMvc-Version': '5.2', 'X-DocuSign-TraceToken': '9a5577d0-1229-469e-b93d-54a20ae3e90b', 'X-Content-Type-Options': 'nosniff', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains; preload, max-age=15768000', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block; report=/client-errors/xss', 'X-DocuSign-Node': 'SE2DFE3', 'Date': 'Wed, 15 Jul 2020 16:27:50 GMT', 'Content-Length': '75'})
HTTP response body: b'{"error":"invalid_grant","error_description":"no_valid_keys_or_signatures"}'
There's nothing special you need to do to use JWT authentication for DocuSign using Docker or AWS.
We do that in some of our sample apps, like https://myhr.sampleapps.docusign.com/ when you log in using the "test account" which is hardcoded.
The things to keep in mind to get JWT working are:
Make sure you use the correct private key part of the RSA keypair exactly as it was given to you including end of lines etc.
Double check the account Id, the user ID and that all the URLs point to the developer env (account-d.docusign.com)
Make sure you got consent and that it includes the impersonation scope.
Those should all be double checked, but I also suggest you try our Python quickstart that configures it all for you automagically - https://developers.docusign.com/docs/esign-rest-api/quickstart/
I'm trying to get a simple Square credit card form to work on our Django website. I'm new to using Square, but have used similar API's such as Stripe in the past.
To start, I followed along with their Square Payment Form walkthrough. I added their SqPaymentForm library and our own javascript file where I initialized a new SqPaymentForm.
The front-end appears to be working and is generating a unique card nonce every time I enter fake credentials.
Next, I submitted the form to our back-end (including the card nonce, in a hidden nonce field).
On the back-end, I've installed the Square Connect Python SDK. I copied their "Charge the card nonce" example as closely as possible, substituting our sandbox access token and location ID:
import uuid
import squareconnect
from squareconnect.rest import ApiException
from squareconnect.apis.transactions_api import TransactionsApi
# create an instance of the Transactions API class
api_instance = TransactionsApi()
# setup authorization
api_instance.api_client.configuration.access_token = 'sandbox-access-token'
location_id = 'sandbox-location-id'
nonce = request.POST.get('nonce', 'empty')
if (nonce == 'empty'): print("Throw error")
# print(nonce)
try:
# Charge
idempotency_key = str(uuid.uuid1())
amount = {'amount': 100, 'currency': 'USD'}
body = {'idempotency_key': idempotency_key, 'card_nonce': nonce, 'amount_money': amount}
api_response = api_instance.charge(location_id, body)
print (api_response.transaction)
except ApiException as e:
print ('Exception when calling TransactionApi->charge: %s\n' % e)
I've also tried reformatting this code slightly to fit the example demonstrated in Square's connect-api-examples on GitHub.
But, when I test it in localhost (http), using the different demo credentials provided by Square on their test values page, I consistently get an 'Unauthorized' error from the API:
Exception when calling TransactionApi->charge: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict(
{'Content-Type': 'application/json', 'Vary': 'Origin, Accept-Encoding', 'X-Content-Type-Options': 'nosniff', 'X-Download-Options': 'noopen', 'X-Frame-Options': 'SAMEORIGIN', 'X-Permitted-Cross-Domain-Policies': 'none', 'X-Xss-Protection': '1; mode=block', 'Date': 'Wed, 31 Jul 2019 20:59:10 GMT', 'keep-alive': 'timeout=60', 'Strict-Transport-Security': 'max-age=631152000', 'content-length': '119'})
HTTP response body: {"errors":[{"category":"AUTHENTICATION_ERROR","code":"UNAUTHORIZED","detail":"This request could not be authorized."}]}
When I look through the Troubleshooting documentation, it says the likely cause for an Unauthorized error is an invalid OAuth token. Yet, none of Square's demos or examples utilize OAuth. I don't understand why OAuth would be necessary for a simple payment form that isn't behind a sign-up page?
I've tried uploading the code to our https website to see if an SSL cert was required, but I get the same error.
You need to set your access token, then your code will work. The location id is also not set, so square sends an error. I had the same problem, and I realized that it was because I forgot to add the access token. Hope that this helps.
Currently, I have a Docusign flow working on in development, but when I try to deploy it on my production server it fails.
HTTP response headers: HTTPHeaderDict({'Content-Length': '137', 'Vary': 'Accept-Encoding', 'X-DocuSign-TraceToken': '61275999-0e6f-4d16-925c-4f9f19c7800c', 'Cache-Control': 'no-cache', 'Date': 'Fri, 21 Jun 2019 17:31:10 GMT', 'Content-Type': 'application/json; charset=utf-8'})
HTTP response body: {
"errorCode": "USER_AUTHENTICATION_FAILED",
"message": "One or both of Username and Password are invalid. Invalid access token"
}
I was hoping to be able to get it live to show it off. I have tried changing the base url from https://demo.docusign.net to https://www.docusign.net or account-d.docusign.com to account.docusign.com, but nothing.
So, this leads me to believe that a demo key just won't work at all.
Is there any way to work around this before purchasing an API plan?
In order to use an integrator key in the Production environment, it will need to pass the Go Live process, which requires a paid account to link the key to. This doesn't necessarily have to be an API plan - any paid account (Web or Enterprise) account will do.
You can show off your integration by continuing to use the DocuSign demo system (developer sandbox).
The main restriction is that you can't use the demo system to create legally binding agreements. The production system does that.