Troubleshoot API Auto Registration
This topic contains ways that you can troubleshoot API Auto Registration.
Debug API Auto Registration
This topic includes commands for debugging or troubleshooting the APIDescriptor CR.
-
Get the details of APIDescriptor CR.
kubectl get apidescriptor <api-apidescriptor-name> -owide -
Find the status of the APIDescriptor CR.
kubectl get apidescriptor <api-apidescriptor-name> -o jsonpath='{.status.conditions}' -
Read logs from the
api-auto-registrationcontroller.kubectl -n api-auto-registration logs deployment.apps/api-auto-registration-controller -
Patch an APIDescriptor that is stuck in Deleting mode.
This might happen if the controller package is uninstalled before you clean up the APIDescriptor resources. You can reinstall the package and delete all the APIDescriptor resources first, or run the following command for each stuck APIDescriptor resource.
kubectl patch apidescriptor <api-apidescriptor-name> -p '{"metadata":{"finalizers":null}}' --type=mergeNote
If you manually remove the finalizers from the APIDescriptor resources, you can have stale API entities within Tanzu Application Platform GUI that you must manually deregister.
APIDescriptor CRD shows message of connection refused but service is up and running
In Tanzu Application Platform v1.4 and later, if your workloads use ClusterIssuer for the TLS configuration or your API specifications location URL is secured using a custom CA, you might encounter the following message.
Your APIDescription CRD shows a status and message similar to:
Message: Get "https://spring-petclinic.example.com/v3/api-docs": dial tcp 12.34.56.78:443: connect: connection refused
Reason: FailedToRetrieve
Status: False
Type: APISpecResolved
Last Transition Time: 2022-11-28T09:59:13Z
This might be due to your workloads using a custom Ingress issuer. To solve this issue, either:
- Configure
ca_cert_datafollowing the instructions in Configure CA Cert Data. - Deactivate TLS by setting
shared.ingress_issuer: "". VMware discourages this method. Deactivating TLS reduces your ability to test plugin functionality and iterate quickly.
Configure CA Cert Data
-
Obtain the PEM Encoded crt file for your ClusterIssuer or TLS setup . You use this to update the
api-auto-registrationpackage. -
If you installed the API Auto Registration package through predefined profiles, you must update the
tap-values.yamland update the Tanzu Application Platform installation. Place the PEM encoded certificate into theshared.ca_cert_datakey of the values file. See Install your Tanzu Application Platform profile. Run the following command to update the package.tanzu package installed update tap -p tap.tanzu.vmware.com -v <TAP_VERSION> --values-file tap-values.yaml -n tap-installWhere
TAP-VERSIONis the version of Tanzu Application Platform installed. -
If you installed the API Auto Registration package as standalone, you must update the
api-auto-registration-values.yamland then update the package. Place the PEM encoded certificate into theca_cert_datakey of the values file. Run to update the package.tanzu package installed update api-auto-registration --version <API_AUTO_REGISTRATION_VERSION> --namespace tap-install --values-file api-auto-registration-values.yamlYou can find the available api-auto-registration versions by running:
tanzu package available list -n tap-install | grep 'API Auto Registration'
APIDescriptor CRD shows message of x509: certificate signed by unknown authority but service is running
Your APIDescription CRD shows a status and message similar to:
Message: Put "https://tap-gui.tap.my-cluster.tapdemo.vmware.com/api/catalog/immediate/entities": x509: certificate signed by unknown authority
Reason: Error
Status: False
Type: Ready
Last Transition Time: 2022-11-28T09:59:13Z
This is the same issue as connection refused described earlier.
