Hello Everyone,
I was working on a VMware Tanzu Grid environment and later on i need to delete this environment but unfortunately can't delete all the objects in NSX-T which were created by VMware Tanzu Grid on NSX-T during the Tanzu deployments.
VMware Tanzu/PKS and NSX-T is fully integrated with each other and PKS create lots of protected objects like logical-switches, logical-routers,firewall rules,load Balancer, NAT rules etc.. inside NSX-T to make sure that these are not mistakenly deleted by an administrator.
We can not delete these PKS created objects from NSX-T admin GUI as these are protected by a PKS super user.
If you see below screenshot, then i don't have option to delete these logical-switches from GUI. Delete option is not highlighted here.
Now, the way to delete these protected objects via NSX-T API only.
NSX admin GUI has API documentation and you can check what all API available there for NSX-T.
Also, you can refer below VMware link for NSX-T APIs as well.
https://code.vmware.com/apis/1030/nsx-t
OK, So how we will interact with NSX-T via APIs. we need a API client tool for this task.
Here, I am using API client tool POSTMAN, it is a very simple and interactive tool. you can download it and install on your local PC or server from where you can reach to NSX-T manager nodes.
This tool can be install without creating an account as well.
If you are using NSX-T manager with self-signed certificates then , you need to disable the SSL certificate verification option on this tool, otherwise it will hit back to you with SSL certificate error while running APIs.
Let's create a request on POSTMAN and set Authorization to Basic and add NSX-T admin credentials for authentication.
Now, create a header key with name Content-Type, with a value of application/json format which is expected by NSX-T API.
Alright, now we are in postion to start with API calls.
As a testing, we are going to call a GET request to NSX-T and let see what output, we will get from it.
GET https://10.100.26.25/api/v1/node
so, we got 200 OK response from our API call and also got the NSX-T information like product version, node version etc..
Now, this output shows that we have configured the POSTMAN correctly as a NSX-T REST API client.
Let's use PATCH API request to create a logical-switch on NSX-T name as WebTier01.
Here, our Segment is successfully created under NSX-T.
Now, we can go ahead and delete this segment as well via DELETE API call.
We got 200 OK response and this segment is deleted from NSX-T GUI.
So, now we are moving to delete the PKS protected objects from NSX-T via API calls.
I just run a GET API call to get the PKS logical-switch details and if you see below screenshot then it is showing Created User is not Admin and also protection: REQUIRE OVERRIDE. It means Admin user didn't create this and can't delete it as well.
Here the solution to delete this protected logical-switch, we need to add a header KEY:X-Allow-Overwrite with VLAUE of True.
Also, if Logical-Switch has any active port connected to Tier-1 router or any Guest Virtual Machine then we need to add a parameter ?detach=true&cascade=true to API command like this
Otherwise, we will get below error while deleting the logical-switch which has active ports connected.
Let's run the DELETE API call to delete this logical-switch with additional parameter as stated above. this logical-switch has 5 active logical ports connected as of now, see below screenshot.
I run the DELETE API call and it deletes the logical-switch this time, got 200 OK response now.
That's all about this NSX-T API section. You can do anything via API calls which we normally do with GUI portal.
Thanks and Cheers !!!
