This topic includes commands for debugging or troubleshooting the APIDescriptor CR.
Get the details of APIDescriptor CR.
kubectl get apidescriptor <api-apidescriptor-name> -owide
Find the status of the APIDescriptor CR.
kubectl get apidescriptor <api-apidescriptor-name> -o jsonpath='{.status.conditions}'
Read logs from the api-auto-registration controller.
kubectl -n api-auo-registration logs deployment.apps/api-auto-registration-controller
Patch an APIDescriptor that is stuck in Deleting mode.
This might happen if the controller package is uninstalled before you clean up the APIDescriptor resources. You can reinstall the package and delete all the APIDescriptor resources first, or run the following command for each stuck APIDescriptor resource.
kubectl patch apidescriptor <api-apidescriptor-name> -p '{"metadata":{"finalizers":null}}' --type=merge
NoteIf you manually remove the finalizers from the APIDescriptor resources, you can have stale API entities within Tanzu Application Platform GUI that you must manually deregister.
connection refused but service is up and runningIn Tanzu Application Platform v1.4 and later, if your workloads use ClusterIssuer for the TLS configuration or your API specifications location URL is secured using a custom CA, you might encounter the following message.
Your APIDescription CRD shows a status and message similar to:
Message: Get "https://spring-petclinic.example.com/v3/api-docs": dial tcp 12.34.56.78:443: connect: connection refused
Reason: FailedToRetrieve
Status: False
Type: APISpecResolved
Last Transition Time: 2022-11-28T09:59:13Z
This might be due to your workloads using a custom Ingress issuer. To solve this issue, either:
ca_cert_data following the instructions in Configure CA Cert Data.shared.ingress_issuer: "". VMware discourages this method.Obtain the PEM Encoded crt file for your ClusterIssuer or TLS setup . You use this to update the api-auto-registration package.
If you installed the API Auto Registration package through predefined profiles, you must update the tap-values.yaml and update the Tanzu Application Platform installation. Place the PEM encoded certificate into the shared.ca_cert_data key of the values file. See Install your Tanzu Application Platform profile. Run the following command to update the package.
tanzu package installed update tap -p tap.tanzu.vmware.com -v <TAP_VERSION> --values-file tap-values.yaml -n tap-install
If you installed the API Auto Registration package as standalone, you must update the api-auto-registration-values.yaml and then update the package. Place the PEM encoded certificate into the ca_cert_data key of the values file. See Install API Auto Registration. Run the following command to update the package.
tanzu package installed update api-auto-registration --version <API_AUTO_REGISTRATION_VERSION> --namespace tap-install --values-file api-auto-registration-values.yaml
You can find the available api-auto-registration versions by running:
tanzu package available list -n tap-install | grep 'API Auto Registration'
x509: certificate signed by unknown authority but service is runningYour APIDescription CRD shows a status and message similar to:
Message: Put "https://tap-gui.tap.my-cluster.tapdemo.vmware.com/api/catalog/immediate/entities": x509: certificate signed by unknown authority
Reason: Error
Status: False
Type: Ready
Last Transition Time: 2022-11-28T09:59:13Z
This is the same issue as connection refused described earlier.
