I am trying to retrieve the kubernetes last-applied-configuration from a service yaml (under metadata annoations) using kubectl -o jsonpath, but the name of the field is "kubectl.kubernetes.io/last-applied-configuration". I believe the parser is getting confused due to the dots in the actual name field, since it uses dots for child object designation.
e.g. (Running on Windows)
kubectl -lapp=myapp get service -o jsonpath="{range .items[*]}{
.metadata.annotations}{\"\n\"}{end}"
shows the map of resulting values as expected
map[kubectl.kubernetes.io/last-applied-configuration:{"kind":"Service","apiVersion":"v1","metadata":{"name":"myapp","namespace":"mynamespace",
"creationTimestamp":null,"labels":{"app":"myapp","version":"1.0"}},"spec":{"ports":[{"name":"http","protocol":"TCP","port":80,"ta
rgetPort":8080}],"selector":{"app":"myapp","version":"1.0"},"type":"NodePort"},"status":{"loadBalancer":{}}}]
In this case, the kubectl.kubernetes.io/last-applied-configuration is the only thing in the annotations, but that is not always the case.
The problem comes about when I try to drill down to just the last-applied-configuration.
e.g.
kubectl -lapp=myapp get service -o jsonpath="{range .items[*]}{
.metadata.annotations.kubectl.kubernetes.io/last-applied-configuration}{\"\n\"}{end}"
Returns no information.
I have also tried
kubectl -lapp=myapp get service -o jsonpath="{range .items[*]}{
.metadata.annotations['kubectl.kubernetes.io/last-applied-configuration']}{\"\n\"}{end}"
and
kubectl -lapp=myapp get service -o jsonpath="{range .items[*]}{['metadata']['annotations']['kubectl.kubernetes.io/last-applied-configuration']}{\"\n\"}{end}"
to no avail.
I'm expecting the results to be simply the value of the kubectl.kubernetes.io/last-applied-configuration
kubectl apply view-last-applied service -lapp=myapp -o json
you need to escape the . then it will list out value from the specific annotation name.
kubectl -lapp=myapp get service -o jsonpath="{range .items[*]}{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}{\"\n\"}{end}"
Related
When i run this command. Which says "query that is not supported by the index." From this link https://hyperledger-fabric.readthedocs.io/en/release-2.2/couchdb_tutorial.html#use-best-practices-for-queries-and-indexes
peer chaincode query -C $CHANNEL_NAME -n ledger -c '{"Args":["QueryAssets", "{\"selector\":{\"$or\":[{\"docType\":\"asset\",\"owner\":\"tom\"},{\"color\":\"yellow\"}]}, \"use_index\":[\"indexOwnerDoc\", \"indexOwner\"]}"]}'
The above command return this. I thought it is supposed to return yellow
[{"docType":"asset","ID":"asset1","color":"blue","size":5,"owner":"tom","appraisedValue":35}]
Another command while running this From here:https://hyperledger-fabric.readthedocs.io/en/release-2.2/couchdb_tutorial.html#query-the-couchdb-state-database-with-pagination
peer chaincode query -C mychannel -n ledger -c '{"Args":["QueryAssetsWithPagination", "{\"selector\":{\"docType\":\"asset\",\"owner\":\"tom\"}, \"use_index\":[\"_design/indexOwnerDoc\", \"indexOwner\"]}","","3"]}'
And it returns this ERROR:
Error: endorsement failure during query. response: status:500 message:"GET_QUERY_RESULT failed: transaction ID: 31a2af88342b78042ae98d7e2300a2a5c03c957c82c5e5af49fcb92ac7af40ab: error handling CouchDB request. Error:invalid_bookmark, Status Code:400, Reason:Invalid bookmark value: \"3\""
I think the documentation needs to be updated.
I checked the function of the go chain code asset_transfer_ledger_chaincode.go
There was a code change in the August 2020 which reorder the function call arguments i.e pagsize and bookmark .
This means that one need to use value in the following order
pageSize int , bookmark string
So the correct query will be
peer chaincode query -C mychannel -n ledger -c '{"Args":["QueryAssetsWithPagination", "{"selector":{"docType":"asset","owner":"tom"}, "use_index":["_design/indexOwnerDoc", "indexOwner"]}","3",""]}'
Documentation needs to be updated
I'm trying to exec into one of the pods of my AKS instance using the following command: kubectl exec -n hermes --stdin --tty hermes-deployment-ddb88855b-dzgvt -- /bin/sh. I'm using just the regular CMD from Windows, but I'm getting the following error:
error: v1.Pod: ObjectMeta: v1.ObjectMeta: readObjectFieldAsBytes: expect : after object field, parsing 3193 ...:{},"k:{\"... at {"kind":"Pod","apiVersion":"v1","metadata"
The error is quite long with some meta data and environment variables I believe. I can't share the meta data due to corporate restrictions. I'm logged into Azure using az login, and also have the correct context in my kubeconfig.
Does anyone know what this error exactly entails?
Istio question, where is pilot-discovery command?
i can found. In istio-1.8.0 directory has no command named pilot-discovery.
pilot-discovery command is command used by pilot, which is part of istiod now.
istiod unifies functionality that Pilot, Galley, Citadel and the sidecar injector previously performed, into a single binary.
You can get your istio pods with
kubectl get pods -n istio-system
Use kubectl exec to get into your istiod container with
kubectl exec -ti <istiod-pod-name> -c discovery -n istio-system -- /bin/bash
Use pilot-discovery commands as mentioned in istio documentation.
e.g.
istio-proxy#istiod-f49cbf7c7-fn5fb:/$ pilot-discovery version
version.BuildInfo{Version:"1.8.0", GitRevision:"c87a4c874df27e37a3e6c25fa3d1ef6279685d23", GolangVersion:"go1.15.5", BuildStatus:"Clean", GitTag:"1.8.0-rc.1"}
In case you are interested in the code: https://github.com/istio/istio/blob/release-1.8/pilot/cmd/pilot-discovery/main.go
I compile the binary by myself.
1 download istio project.
2 make build
3 set golang proxy
4 cd out
You will see the binary.
I followed the tutorial from the https://www.youtube.com/watch?v=DKuGU5CYV_E&t=5s, and successfully added the third organisation into the existing fabric network. Also, I tried the forth. However, When I tried to add the fifth organisation into this network following the steps(https://hyperledger-fabric.readthedocs.io/en/latest/channel_update.html), when I running the command "peer channel update -f org5_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA", it mentioned the error about 3 policies, and one policy is remaining. I checked the Order log, it shows
error log. I am using the command "peer chaincode upgrade -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -v 2.0 -c '{"Args":["init","a","90","b","210"]}' -P "OR ('Org1MSP.member','Org2MSP.member','Org3MSP.member')"
to change the endorsement policy. I think it is an issue about the "MSP policy". Anyone has met the same issue?
It looks like you need to run the channel update using the crypto from an admin for either Org3 or Org4. You have signatures for Org 1 and Org2. But you need 3 of Orgs1-4.
Follow the steps for
Export the Org2 environment variables:
except change everything to either Org3 or Org4 admin. Then run the upgrade command.
Or you could sign it as an admin from Org3 or Org4 and then any admin can upgrade it.
You have to run peer channel signconfigtx in your Previous Organizations. Then Only you can update your channel.
You have to run the following command repeatedly for each organization:
"Loop Org1,org2,org3,org4"
docker cp org5_update_in_envelope.pb peer0.org1.example-swarm.com:/opt/gopath/src/github.com/hyperledger/fabric/
docker exec -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/configtx/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp" -e "CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/configtx/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" peer0.org1.example-swarm.com peer channel signconfigtx -f org5_update_in_envelope.pb
docker cp peer0.org1.example-swarm.com:/opt/gopath/src/github.com/hyperledger/fabric/org5_update_in_envelope.pb org5_update_in_envelope.pb
"End Loop"
Finally you can run :
docker cp org5_update_in_envelope.pb peer0.org1.example-swarm.com:/opt/gopath/src/github.com/hyperledger/fabric/
docker exec -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/configtx/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp" -e "CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/configtx/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" peer0.org1.example-swarm.com peer channel update -f org5_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050
I changed the endorsement policy from "OR" to "AND" with BYFN and instantiate the Chaincode. But, the data in the ledger is not changed even after the Invoke is executed.
I confirmed "OR" condition is working.(data in the ledger is changed)
Kindly let me know how I can solve it.
peer chaincode instantiate -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "**OR** ('Org1MSP.member','Org2MSP.member')"
==>
peer chaincode instantiate -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "**AND** ('Org1MSP.member','Org2MSP.member')"
Well the good news is that it looks like the modified endorsement policy is actually working. The bad news is that it's not possible to use an endorsement policy with an AND condition in BYFN without creating your own client using one of the SDKs. The issue is that the BYFN script uses the peer CLI to run invoke (and query too) and the peer CLI does not have the ability to collect multiple endorsements. So when you change the endorsement policy to AND, the script is only collecting a single endorsement and therefore validation fails when trying to process the invoke.
Let me add to #Gari Singh answer and clarify about the change of endorsement policies for already instantiated chaincode. Once you initialized the chaincode with endorsement policy and you would like to update/change it later you can do so by upgrading chaincode and specifying new endorsement policies.