Building commands for automation with Tanzu Mission Control REST APIs

February 09, 2023

Intro

This brief tutorial will outline some examples and ways to build your own API calls that can be used to interact with the Tanzu Mission Control API. 

Pre-Reqs

To continue, you will need:

  • VMware Cloud API token available (Instructions for how to create an API token can be found here.)
  • Bash / Zsh terminal
  • JQ utility

 

Example Commands to get access and interact with the Tanzu Mission Control API

  • Once you have your CSP API token, set the refresh_token variable:
refresh_token="replace me with VMware Cloud CSP API Token"
  • Generate Access token from the above Refresh Token
access_token=$(curl -d "refresh_token=$refresh_token" "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize" | jq -r '.access_token')
  • Read the Access Token
echo $access_token
  • Get the organization ID and account details to test the API token
curl -s --request POST --url "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/details" --header 'content-type: application/json' --data '{"tokenValue":"'"$refresh_token"'"}' | jq '.'Copy
  • This example will retrieve the workload objects for a cluster; notice the pagination.size for results returned, and specific mentions of the managementClusterName, provisionerName, and cluster name (in the URL) as these scope the query to a single cluster:
curl -s 'searchScope.name=*' 'https://tmcorgname.tmc.cloud.vmware.com/v1alpha1/clusters/corey-cluster/objects?sort_by=fullName.name%3Aascending&includeTotalCount=true&query=data.kind%3A%5B%27Deployment%27%2C+%27ReplicaSet%27%2C+%27StatefulSet%27%2C+%27DaemonSet%27%5D&search_scope.managementClusterName=corey-mgmt-tanzutmm&search_scope.provisionerName=corey-ns-tanzutmm&pagination.size=200&pagination.offset=0' -H "Authorization: Bearer $access_token" | jq '.objects[].fullName
.name'

The output using JQ to select just the workload names is:

"agent-updater" "agent-updater-655586976b" "agent-updater-7f99664988" "agent-updater-dc4869b99" "antrea-agent" "antrea-controller" "antrea-controller-7fdf5d6b46" "antrea-resource-init" "antrea-resource-init-54b68499d" "certman-helm-cert-manager-cainjector" "certman-helm-cert-manager-cainjector-d6f7c76b8" "certman-helm-cert-manager-controller" "certman-helm-cert-manager-controller-5b4f47dbfd" "certman-helm-cert-manager-webhook" "certman-helm-cert-manager-webhook-55f5d6b8c8"

....... snipped due to length

  • This example can be used to retrieve the same objects you see on the 'Workloads' page:
curl -s 'searchScope.name=*' 'https://tmcorgname.tmc.cloud.vmware.com/v1alpha1/clusters/*/objects?sort_by=fullName.name%3Aascending&includeTotalCount=true&query=data.kind%3A%5B%27Deployment%27%2C+%27ReplicaSet%27%2C+%27StatefulSet%27%2C+%27DaemonSet%27%5D&pagination.size=25&pagination.offset=0' -H "Authorization: Bearer $access_token" | jq .

Without filtering to the object name a full JSON object is returned with all the properties. Here is the output formatted with JQ:

{

  "objects": [

    {

      "type": {

        "kind": "Object",

        "version": "v1alpha1",

        "package": "vmware.tanzu.manage.v1alpha1.cluster.object"

      },

      "fullName": {

        "orgId": "snip",

        "managementClusterName": "corey-tkg-mgmt",

        "provisionerName": "aws-tanzutmm-ns",

        "clusterName": "corey-tkg-aws-uswest2",

        "name": "agent-updater"

      },

      "meta": {

        "uid": "snip",

        "resourceVersion": "74455159",

        "creationTime": "2022-09-13T21:41:03Z",

        "labels": {

          "app": "agent-updater",

          "component": "agent-updater",

          "tmc-extension": "true",

          "tmc-extension-name": "agent-updater",

          "tmc-extension-version": "20230109052147362-847edadfd732d359381b6767dff4ccdfa60324e1",

          "tmc.cloud.vmware.com/managed": "true"

        }

      },

      "data": {

        "kind": "Deployment",

        "aggregatedResources": {

          "totalPods": 1,

          "requestedCpu": 100,

          "requestedMemory": 0.09765625,

          "cpuLimits": 100,

          "memoryLimits": 0.14648438

        },

        "namespaceName": "vmware-system-tmc",

        "objectDeployment": {

          "resourceDeployment": {

            "metadata": {

              "name": "agent-updater",

              "namespace": "vmware-system-tmc",

              "uid": "snip",

              "resourceVersion": "74455159",

              "generation": "6",

              "creationTimestamp": {

                "seconds": "1663105263"

              },

              "labels": {

                "app": "agent-updater",

                "component": "agent-updater",

                "tmc-extension": "true",

                "tmc-extension-name": "agent-updater",

                "tmc-extension-version": "20230109052147362-847edadfd732d359381b6767dff4ccdfa60324e1",

                "tmc.cloud.vmware.com/managed": "true"

              },

              "annotations": {

                "deployment.kubernetes.io/revision": "5",

... snipped due to length

You can use the Chrome/Edge network inspector to do the hard work for you to see the request and headers generated from the UI and use them to build your queries.

Here are the steps to get a specific API request (or to figure out which API is being used):

  1. Browse to the view you want the data from, F12 or open Dev tools,
  2. Select the 'Network' tab and make sure the red record button is on,
  3. Click the link for the desired view or refresh the current and look for the corresponding API call under the 'Request Headers' section.

As you can see below under the request headers, you have the full query string that you can start using in scripts:

Chrome Network Inspection panel - view request headers

image-20230207133753-2

  • Here we have a slightly more complex example that uses JQ to filter and customize the output: 
curl -s 'searchScope.name=*' 'https://tmcorgname.tmc.cloud.vmware.com/v1alpha1/clusters/*/objects?sort_by=fullName.clusterName%3Aascending%2CfullName.name%3Aascending&includeTotalCount=true&query=data.kind%3A%5B%27Deployment%27%2C+%27ReplicaSet%27%2C+%27StatefulSet%27%2C+%27DaemonSet%27%5D+AND+%28meta.namespace%3A%27*migration*%27%29+AND+%28fullName.clusterName%3A%27*aws*%27%29&pagination.size=25&pagination.offset=0' -H "Authorization: Bearer $access_token" | jq '.objects[] | {clusterName: .fullName.clusterName, name: .fullName.name, object: .data.kind, totalPods: .data.aggregatedResources.totalPods}'

{

"clusterName": "sg-tkg-vsp-demo05",

"name": "k8s-counter-deployment",

"object": "Deployment",

"totalPods": 3

}

{

"clusterName": "sg-tkg-vsp-demo05",

"name": "k8s-counter-deployment-5d48bb8988",

"object": "ReplicaSet",

"totalPods": 3

}

{

"clusterName": "sg-tkg-vsp-demo05",

"name": "postgres",

"object": "Deployment",

"totalPods": 1

}

{

"clusterName": "sg-tkg-vsp-demo05",

"name": "postgres-5c6d847dd",

"object": "ReplicaSet",

"totalPods": 1

}

I hope you find this information useful for building automation with Tanzu Mission Control.

Filter Tags

Tanzu Tanzu Mission Control Blog Operational Tutorial Technical Overview Tool Advanced Design Deploy Manage Optimize Identity / Access Management Cloud deployment Customization Day 2 Operations K8s Kubernetes and Containers Multi-cloud PaaS Public Cloud RBAC SaaS Security Workload Automation

Corey Dinkens

Read More from the Author

Corey Dinkens is a Technical Marketing Architect on the VMware Tanzu team. Prior to this role, he spent over 15 years as a VMware customer, HelpDesk Manager, and Platform Engineer responsible for the server infrastructures, data centers, and IT operations of national and international companies.