Orka Cluster 3.2 API User Guide
Getting started with the Orka3 API. Learn the basic operations and how to get help.
Quick navigation
Time to read: 8 minutes, 2 seconds
Jump to: 1. Before you begin | 2. Some Orka3 API basics | 3. Get a token from the Orka3 CLI | 4. Deploy your first VM instance | 5. Experience your VM instance | 6. Preserve the image changes | 7. Time to say goodbye
See also: API Reference
The ultimate quick start
If you want to skip the detailed explanations, just run through these steps on your own:
- Get an authentication token from the Orka3 CLI.
- List your nodes and check their state in the response.
- List the available VMs with the API.
- Deploy your first VM instance.
- Run Apple Screen Sharing to connect to the VM instance. Use
vnc://<VM-IP>:<Screenshare-port>
with the IP and port from the deploy response from Step 4. Use theadmin/admin
credentials.- Once you login be sure to change the login credentials, apply the latest OS updates, and install (or upgrade) the Orka VM Tools for added security and functionality.
- Commit or save the changes to a new base image (use the VM name from Step 4).
- Deploy another VM instance.
- Run Apple Screen Sharing and connect to the newly deployed VM. Use the connection information returned in Step 8.
- Delete your VM instances.
- List your VMs.
The Orka3 API requires you to configure and execute the requests on your own. In addition to completing everyday tasks, the Orka3 API lets you create your in-house integration and automation.
The Orka3 API will be most useful to:
- Advanced users
- Users with workflows that require automation
1. Before you begin
- Make sure you can access the account for your cluster in the MacStadium Customer Portal. See Cluster Access Management: Overview.
- Get your VPN connection information from your IP Plan. You can download it from the MacStadium portal.
- Connect to your Orka cluster via VPN.
- Download and install a VPN client. Note that if you're using a custom Orka domain, you might need to make some additional configuration changes.
- Use the server address and credentials from the VPN section at the top of your IP Plan.
2. Some Orka3 API basics
- You need to target your Orka API URL in your API calls.
- You need to provide the
Authorization: Bearer <TOKEN>
header in your API calls.
What's your Orka API URL?
You can get your Orka API URL from your IP Plan:
- For clusters deployed before Orka 2.1, it's the
.100
address for yourPrivate-1
network (usually,10.221.188.100
), prefixed withhttp
. For example:http://10.221.188.100
.- For clusters deployed with Orka 2.1 or later, it's the
.20
address for yourPrivate-1
network (usually10.221.188.20
). prefixed withhttp
. For example:http://10.221.188.20
.- You can also use
https://<orka-domain>
andhttps://<custom-domain>
(if configured). To get the Orka domain for your Orka cluster, contact MacStadium. To use an external custom domain, see here.Note that you can use
http://<orka-IP>
,https://<orka-domain>
, andhttps://<custom-domain>
interchangeably in your workflows.
- The Orka3 API is a RESTful API and conforms to enterprise industry standards.
- The complete API reference is available here.
IMPORTANT
All sample API calls from this point use generic placeholder values.
Change the Orka API URL (http://10.221.188.100
,http://10.221.188.20
, your Orka domain, or your external custom domain), the token, the license key, and any other placeholders as needed to reflect your environment.All sample responses are piped through a JSON formatting service. Your responses may look different.
3. Get a token from the Orka3 CLI
For all API calls, you need to provide the Authorization: Bearer <TOKEN>
header. The Orka3 API currently does not let you log in from it directly and obtain a token. You will need to obtain your token from the Orka3 CLI.
Orka lets you log in with your MacStadium Customer Portal credentials. Based on the role configured in the Customer Portal, you will have administrative or regular user privileges. By default, you will have access to the orka-default
namespace. If you have been added to additional role bindings, you might be able to access additional namespaces.
orka3 login
Orka will launch a new browser tab (or window) and let you log in via the provided form. After you log in, you can return to the command line and run more orka3
commands. Your token is stored locally in the ~/.kube/config
file. Note that your token has a validity duration of one hour. Afterward, you must obtain and pass a new token in your CLI or API calls.
You now need to get your Orka authentication token from your ~/.kube/config
:
orka3 user get-token
4. Deploy your first VM instance
Did you know?
Starting with Orka 3.0.0, you can use the built-in Swagger UI to execute API calls directly against your cluster.
In your browser, navigate to
<ORKA_API_URL>/api/v1/swagger
, click AUthorize, and typeBearer <TOKEN>
. For every call that you want to run, just click Try it out and fill the required details.
- Check the available resources in your cluster:
curl -X 'GET' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/nodes' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
{
"items": [
{
"name": "macpro-4",
"namespace": "orka-default",
"nodeIP": "10.221.189.11",
"availableCpu": 12,
"availableMemory": "31.23G",
"availableGpu": 0,
"allocatableCpu": 12,
"allocatableMemory": "31.23G",
"allocatableGpu": 0,
"nodeType": "WORKER",
"phase": "READY",
"orkaTags": []
},
{
"name": "mini-arm-13",
"namespace": "orka-default",
"nodeIP": "10.221.189.13",
"availableCpu": 5,
"availableMemory": "11.20G",
"availableGpu": 0,
"allocatableCpu": 8,
"allocatableMemory": "16.00G",
"allocatableGpu": 0,
"nodeType": "WORKER",
"phase": "READY",
"orkaTags": []
}
]
}
This API call provides an overview of your nodes. It shows the actual IP, the state, and the available resources on each node.
Glossary: Node
A genuine Apple physical host that provides computational resources (RAM and CPU) for your workloads.
A host OS runs on top, and you have no direct access (via VNC, SSH, or Screen Sharing).
Glossary: Namespace
A way to isolate and dedicate resources to users and teams within the cluster.
The resources within a namespace are completely isolated from one another and cannot be shared between namespaces. By default, users and service accounts limited to a specific namespace cannot access the resources in other namespaces, unless added to the respective role bindings.
- Check if there are any VMs on your environment.
curl -X 'GET' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
{
"items": []
}
This API call lists all VM instances in the orka-default
namespace. If nothing prints, no one has created any VM instances yet.
- List the available base images that you can use to deploy a VM.
curl -X 'GET' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/images' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
You will likely see a sonoma-90gb-orka3-arm
item in the response. It is a fully installed and configured macOS Sonoma image with a 90GB disk size. It also has an admin user configured and SSH and Apple Screen Sharing access enabled.
Glossary: Image
A disk image that represents VM storage. Base images are bootable disk images that provide the OS, file system, and storage for your VM configs and VMs.
(Intel-only) Empty images provide added storage or serve as the base image during manual OS installs from ISO.
- Deploying a VM is as simple as just specifying a base image. Run:
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"image": "sonoma-90gb-orka3-arm"
}'
{
"name": "vm-cznfv",
"node": "mini-arm-13",
"memory": "4.80Gi",
"ip": "10.221.189.13",
"ssh": 8822,
"vnc": 5999,
"screenshare": 5901,
"status": "Running"
}
The bare minimum required argument is image
.
Orka creates a simple VM with the specified image and 3 CPU, and assigns a randomly generated name to it.
Did you know?
Starting with Orka 3.0.0, you can deploy VMs using images from OCI-compatible registries.
So, instead of using the
sonoma-90gb-orka3-arm
image, you can use our latest Sonoma image from GitHub packages.curl -X 'POST' \ '<ORKA_API_URL>/api/v1/namespaces/orka-default/vms' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <TOKEN>' \ -H 'Content-Type: application/json' \ -d '{ "image": "ghcr.io/macstadium/orka-images/sonoma:latest" }'
{ "name": "vm-cznfv", "node": "mini-arm-13", "memory": "4.80Gi", "ip": "10.221.189.13", "ssh": 8822, "vnc": 5999, "screenshare": 5901, "status": "Running" }
- What happens if you list your VMs again now?
curl -X 'GET' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
{
"items": [
{
"name": "vm-l4qgb",
"ip": "10.221.189.13",
"cpu": 3,
"deployDate": "2023-10-10T19:56:21Z",
"image": "sonoma-90gb-orka3-arm",
"gpuPassthrough": false,
"memory": "4.80Gi",
"node": "mini-arm-13",
"screenshare": 5901,
"ssh": 8822,
"status": "Running",
"vnc": 5999
}
]
}
The API now returns information about your running VM.
The GET /resources/vm/list
call is powerful. It shows a lot of system information for the VM, along with its IP, and several connection ports. Note that even though Screenshare
and SSH
are always listed and configured for every VM, you won't be able to use them unless the respective connection type is enabled in the macOS as well. This behavior is a security limitation of the OS.
In a pool of many VMs, are you looking for that special one?
When you have a lot of VMs, the response of
GET /resources/vm/list
might become too crowded to use efficiently. RunGET /namespaces/orka-default/vms/<VM_NAME>
instead and get the system information for a single VM.
- Check your nodes to see how many resources are now in use.
curl -X 'GET' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/nodes' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
5. Experience your VM instance
- Look at the last output of
GET /namespaces/orka-default/vms
again. Get that IP andscreenshare
port. - Launch Apple Screen Sharing on your local machine. In Connect To:, type
vnc://<VM-IP>:<Screenshare-port>
.
Are you not working on macOS?
This step works only on macOS. If you're working on a Linux or Windows machine instead, launch your preferred VNC client and connect to
<VM-IP>:<VNC-port>
.
One more thing to remember is that Screen Sharing needs to be already enabled on the macOS. Most of the time, this is not the case (especially on clean OS installs or after an ISO install (Intel Workloads Only)), and you will need to enable the setting yourself.
The good news is that sonoma-90gb-orka3-arm
is already preconfigured for you, and you can enjoy out-of-the-box Screen Sharing and SSH connectivity.
Are you not using the official Sonoma images?
If you're using another image as your starting point or if you are installing your OS from ISO, you will likely not have SSH or Screen Sharing enabled by default (even though the respective ports will be mapped by default). In this case, you need to connect to the VM via VNC. You can then enable SSH and Screen Sharing connectivity in the OS.
-
When prompted by Apple Screen Sharing, provide the credentials for the VM (
admin/admin
). You will be prompted for the password one more time - when Apple connects to the VM. -
On the VM, launch System Preferences > Users & Groups. Select the Admin user and click Change password. Set the
Admin
user password to whatever works for you. -
(Optional) Inside the VM, launch the Terminal application and run the following command.
brew install orka-vm-tools
OR
brew upgrade orka-vm-tools
This action ensures that your VM is running the latest version of the Orka VM Tools. This collection of services lets Orka manage the guest operating system on Apple silicon-based VMs more efficiently and enables vital features, such as shared VM storage.
If your cluster is not running the latest Orka version, download and install an Orka VM Tools that matches the version of your cluster.
- Always apply the latest OS updates and restart the VM.
6. Preserve the image changes
Changing a running VM's configuration or file system does not affect its base image. As soon as you delete the VM, your changes will be lost, and you will need to recreate them manually on other VMs.
To create changes that stick and appear on future deployments, you can commit your changes to the base image, save the changes as a new image, or push your changes to an OCI-compatible registry.
Glossary: Commit changes
Commit
modifies the original base image of the respective VM instance. With this operation, you apply the current state of a VM instance over the base image of its VM config. This way, newly deployed instances will launch in the same state as your current VM.This operation restarts the VM.
Glossary: Save changes
Save
creates a new base image from the current state of the respective VM instance. To use it, you need to create a new VM config that references the new base image.This operation restarts the VM.
Glossary: Push changes
Push
your changes to the specified OCI-compatible registry, image, and image tag. Registry credentials are required to push an image.
Return to the command line on your local machine and run the following command. You can get the <VM_NAME>
from the GET /namespaces/orka-default/vms
output you ran earlier.
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms/<VM_NAME>/commit' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"description": "Committed from <VM_NAME>"
}'
OR
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms/<VM_NAME>/save' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"description": "Saved from <VM_NAME>",
"imageName": "<NEW_IMAGE_NAME>"
}'
OR
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms/<VM_NAME>/push' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"imageReference": "<REGISTRY>/<IMAGE>:<TAG>"
}'
{
"statusUrl": "/api/v1/namespaces/orka-default/images/sonoma-90gb-orka3-arm"
}
OR
{
"jobName": "<PUSH_JOB_ID>"
}
- See how the changes are preserved for yourself. Deploy a new VM instance from your image:
curl -X 'POST' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"image": "<IMAGE_NAME>"
}'
- Launch Apple Screen Sharing and connect to the newly deployed VM instance. Use the updated admin credentials to log in.
7. Time to say goodbye
When your VM instances have served their purpose, you can delete
them.
- Remove the VM instances you created until now:
curl -X 'DELETE' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms/<VM_NAME>' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
- List your VMs again.
curl -X 'GET' \
'<ORKA_API_URL>/api/v1/namespaces/orka-default/vms' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <TOKEN>'
What's next
You're ready to explore the Orka3 API on your own. You might find the following resources helpful:
- Explore Orka Docs for more advanced tasks and tutorials.
- Seek help from the Orka community in the MacStadium Community Slack.
- File a support ticket in the MacStadium portal.
- Is a feature missing? Please share your feedback with us by filing a ticket in the Customer Portal.
- If you want to tap into Kubernetes, see this page.
Updated 2 months ago