[Archived] Retrieving VM Metadata
How to retrieve the metadata for a running Orka VM. Available only with the Orka API.
Archived
This page is archived and might be outdated. See Retrieve VM Metadata instead.
For VMs deployed with Orka 1.5.0 or later, you can retrieve their default or custom metadata. You can later use this metadata to identify or manage the running VM in your workloads.
Metadata is stored in the format {"key": "my key", "value": "my value"}
. Every VM stores its metadata on a metadata server. You can query this metadata server to retrieve a VM's metadata only from within the VM.
- Connect to your cluster via VPN. For more information, see VPN Connection.
- Make sure your cluster is updated to Orka 1.5.0 or later.
- Make sure you have a VM configuration with enabled VNC, SSH, or Screen Sharing. See VNC, SSH, and Screen Sharing for Orka VMs.
- Connect to the VM via VNC, SSH or Screen Sharing.
- From within the VM, query the root URL.
curl http://169.254.169.254/metadata/
By default, all VM metadata endpoints return their response in a JSON format.
The IP address 169.254.169.254
is a link-local address and is accessible only from within the VM.
All metadata values are defined as sub-paths below this root URL. To retrieve a specific VM metadata value for a specific key, pass the following request:
curl http://169.254.169.254/metadata/<default_orka_key>
curl http://169.254.169.254/metadata/<custom_key>
Replace <default_orka_key>
with a valid default Orka key. See here
Replace <custom_key>
with your own custom key.
For example, you can get the VM's node name using the following request:
curl http://169.254.169.254/metadata/orka_node_name
Limitations
Note that some encoded characters aren'n supported in the request path, when you use the curl
command to retrieve metadata from the metadata server.
For example, the following request will not work:
curl http://169.254.169.254/metadata/my key
For this request to work, you must replace the unsupported space symbol in the request path with the equivalent accepted value (%20)
.
curl 169.254.169.254/metadata/my%20key
Is the metadata request secure?
When you request information from the metadata server, your request and the subsequent metadata response never leave the K8s Pod that is running the Orka VM.
IMPORTANT
Do not store sensitive data, such as passwords or long-lived encryption keys, as VM metadata.
Although accessible only from within the VM, the VM metadata is not protected by authentication or cryptographic methods. Anyone with direct access to the VM, and potentially any software running on the VM, can query and view the metadata.
Updated about 1 year ago