How to access nsxcli from the Kubernetes master and worker VMs in PKS
search cancel

How to access nsxcli from the Kubernetes master and worker VMs in PKS

book

Article ID: 298548

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

Various components responsible for communication between PKS and NSX-T, on both the master and worker VMs, provides a potent CLI to check component status and gather information.

Note: nsxcli should not be confused with NSX-T CLI which is the command line interface present on the NSX-T virtual appliances.


Using the nsxcli shipped with various components as part of their respective BOSH releases can prove to be a useful tool when gathering information or troubleshooting a failure.

This article explains how nsxcli can be invoked on the VMs and some useful nsxcli commands.

Environment


Resolution

There are three different nsxcli binaries present, one on the Kubernetes master VM and two on the Kubernetes worker VMs. To access these binaries, ssh to the respective VM and switch to the root user.


Accessing nsxcli on the Kubernetes master VM


On the master VM, nsxcli is present under the NSX Container Plug-in (NCP) job binaries and can be invoked as follows:

master/########-####-438c-99a0-a64d7d4ccf60:~# /var/vcap/jobs/ncp/bin/nsxcli
NSX CLI (NCP). Press ? for command list or enter: help 
########-####-4a75-8b17-ff4960e806cd>
  check     check
  copy      Copy from one file to another
  del       Delete configuration
  exit      Exit from current mode
  get       Retrieve the current configuration
  help      Display help
  list      List all available commands
  set       Change the current configuration  

########-####-4a75-8b17-ff4960e806cd> list
check project <project-name>
check projects
copy file <filename> url <url>
copy url <url> [file <filename>]
del file <filename>
exit
get file <filename>
get files
get ingress-cache <ingress-name>
get ingress-caches
get ingress-controller <ingress-controller-name>
get ingress-controllers
get namespace-cache <namespace-name>
get namespace-caches
get ncp-k8s-api-server status
get ncp-log file <filename>
get ncp-log-level
get ncp-master status
get ncp-nsx status
get ncp-watcher <watcher-name>
get ncp-watchers
get network-policy-cache <network-policy-name>
get network-policy-caches
get node-agent-log file <filename>
get node-agent-log file <filename> <node-name>
get pod-cache <pod-name>
get pod-caches
get project-cache <project-name>
get project-caches
get support-bundle file <filename>
get version
help


Example checks on the master vm

Check if the instance is the current NCP master:

########-####-4a75-8b17-ff4960e806cd> get ncp-master status

Note: The following instance is not the NCP master:

Current NCP Master id is ########-####-48c0-bf45-cc5a497673a3
Current NCP Instance id is ########-####-4959-94ac-c1636ba9ef23
Last master update at Sat Mar 30 20:51:30 2019

Check the NSX-T manager connection status:

########-####-4a75-8b17-ff4960e806cd> get ncp-nsx status
NSX Manager status: Healthy


Accessing nsxcli on Kubernetes worker VMs


There are two instances of nsxcli present on worker VMs:

  • nsxcli is shipped under nsx-node-agent job binaries: 
    worker/########-####-4a76-b744-b7131d687ab6:~# /var/vcap/jobs/nsx-node-agent/bin/nsxcli

NSX CLI (Node Agent). Press ? for command list or enter: help  

    ########-####-4d43-841d-b36f44e07bc5>
  exit      Exit from current mode
  get       Retrieve the current configuration
  help      Display help
  list      List all available commands  

    ########-####-4d43-841d-b36f44e07bc5> list
exit
get container-cache <string>
get container-caches
get node-agent-hyperbus status
get version
help
list
  • nsxcli is shipped under nsx-kube-proxy binaries: 
    worker/########-####-4a76-b744-b7131d687ab6:~# /var/vcap/jobs/nsx-kube-proxy/bin/nsxcli

NSX CLI (Kube Proxy). Press ? for command list or enter: help 
    ########-####-4d43-841d-b36f44e07bc5>
  dump      Write config data to file
  exit      Exit from current mode
  get       Retrieve the current configuration
  help      Display help
  list      List all available commands  

    ########-####-4d43-841d-b36f44e07bc5> list
dump ovs-flows
exit
get kube-proxy-k8s-api-server status
get kube-proxy-watcher <watcher-name>
get kube-proxy-watchers
get version
help
list

 

Some useful info that can be gathered from the worker VMs

  • nsx-node-agent CLI:

worker/########-####-4a76-b744-b7131d687ab6:~# /var/vcap/jobs/nsx-node-agent/bin/nsxcli
  • Check the status of hyperbus connectivity:
########-####-4d43-841d-b36f44e07bc5> get node-agent-hyperbus status HyperBus status: Healthy

  • nsx-node-agent CLI:

worker/########-####-4a76-b744-b7131d687ab6:~#  /var/vcap/jobs/nsx-node-agent/bin/nsxcli

  • Check Kubernetes server connection status:

########-####-4d43-841d-b36f44e07bc5> get kube-proxy-k8s-api-server status
Kubernetes ApiServer status: Healthy

  • Dump ovs flows for rules configured for routing packets by nsx-kube-proxy:

########-####-4d43-841d-b36f44e07bc5> dump ovs-flows



Powered by Wolken Software