Skip to content

Instantly share code, notes, and snippets.

@lpsantil

lpsantil/openshift-cheatsheet.md

Forked from rafaeltuelho/openshift-cheatsheet.md
Created April 2, 2018 23:49
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save lpsantil/16ff1f5672382674b81d74a830c9e727 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save lpsantil/16ff1f5672382674b81d74a830c9e727 to your computer and use it in GitHub Desktop.
Download ZIP
My Openshift Cheatsheet
Raw
osev3-common-cli.md
  • to login via CLI oc
oc login --username=tuelho --insecure-skip-tls-verify --server=https://master00-${guid}.oslab.opentlc.com:8443

# to login as Cluster Admin through master host
oc login -u system:admin -n openshift
  • to view the cluster roles and their associated rule sets in the cluster policy
oc describe clusterPolicy default
  • add a role to user
#local binding
oadm policy add-role-to-user <role> <username>

#cluster biding
oadm policy add-cluster-role-to-user <role> <username>

for more details consult: https://docs.openshift.com/enterprise/3.1/admin_guide/manage_authorization_policy.html

  • to test a POD service locally
ip=`oc describe pod hello-openshift|grep IP:|awk '{print $2}'`
curl http://${ip}:8080
  • to access a POD container shell
oc exec -ti  `oc get pods |  awk '/registry/ { print $1; }'` /bin/bash

#new way to do the same:
oc rsh <container-name>
  • to edit an object/resource
oc edit <object_type>/<object_name>

#eg

oc edit dc/myDeploymentConfig
  • Ataching a new PersistentVolumeClaim to a DeploymentConfig
oc volume dc/docker-registry \
   --add --overwrite \
   -t persistentVolumeClaim \
   --claim-name=registry-claim \
   --name=registry-storage
  • Docker builder app creation
oc new-app --docker-image=openshift/hello-openshift:v1.0.6 -l "todelete=yes"
  • STI app creation
oc new-app https://github.com/openshift/sinatra-example -l "todelete=yes"
oc new-app openshift/php~https://github.com/openshift/sti-php -l "todelete=yes"
  • To watch a build process log
oc get builds
oc logs -f builds/sti-php-1
  • To create application using Git repository at current directory:
$ oc new-app
  • To create application using remote Git repository and context subdirectory:
$ oc new-app https://github.com/openshift/sti-ruby.git \
    --context-dir=2.0/test/puma-test-app
  • To create application using remote Git repository with specific branch reference:
$ oc new-app https://github.com/openshift/ruby-hello-world.git#beta4

New App From Source Code

Build Strategy Detection

If new-app finds a Dockerfile in the repository, it uses docker build strategy Otherwise, new-app uses source strategy

To specify strategy, set --strategy flag to source or docker Example: To force new-app to use docker strategy for local source repository:

$ oc new-app /home/user/code/myapp --strategy=docker
  • to create a definition generated by oc new-app command based on S2I support
$ oc new-app https://github.com/openshift/simple-openshift-sinatra-sti.git -o json | \
   tee ~/simple-sinatra.json
  • To create application from MySQL image in Docker Hub:
$ oc new-app mysql
  • To create application from local registry:
$ oc new-app myregistry:5000/example/myimage

If the registry that the image comes from is not secured with SSL, cluster administrators must ensure that the Docker daemon on the OpenShift Enterprise nodes is run with the --insecure-registry flag pointing to that registry. You must also use the --insecure-registry=true flag to tell new-app that the image comes from an insecure registry.

  • To create application from stored template:
$ oc create -f examples/sample-app/application-template-stibuild.json
$ oc new-app ruby-helloworld-sample
  • To set environment variables when creating application for database image:
$ oc new-app openshift/postgresql-92-centos7 \
    -e POSTGRESQL_USER=user \
    -e POSTGRESQL_DATABASE=db \
    -e POSTGRESQL_PASSWORD=password
  • To output new-app artifacts to file, edit them, then create them using oc create:
$ oc new-app https://github.com/openshift/ruby-hello-world -o json > myapp.json
$ vi myapp.json
$ oc create -f myapp.json
  • To deploy two images in single pod:
$ oc new-app nginx+mysql
  • To deploy together image built from source and external image:
$ oc new-app \
    ruby~https://github.com/openshift/ruby-hello-world \
    mysql \
    --group=ruby+mysql
  • to export all the project's objects/resources as a single template:
$ oc export all --as-template=<template_name>

You can also substitute a particular resource type or multiple resources instead of all. Run $ oc export -h for more examples

  • to create a new project using oadm and defining an admin user
$ oadm new-project instant-app --display-name="instant app example project" \
    --description='A demonstration of an instant-app/template' \
    --node-selector='region=primary' --admin=andrew
  • to create an app using oc CLI based on a template
$ oc new-app --template=mysql-ephemeral --param=MYSQL_USER=mysqluser,MYSQL_PASSWORD=redhat,MYSQL_DATABASE=mydb,DATABASE_SERVICE_NAME=database
  • to see a list of env vars defined in a DeploymentConfig object
$ oc env dc database --list
# deploymentconfigs database, container mysql
MYSQL_USER=***
MYSQL_PASSWORD=***
MYSQL_DATABASE=***
  • to manage enviorenmet variables in different ose objects types.

The first adds, with value /data. The second updates, with value /opt.

$ oc env dc/registry STORAGE=/data
$ oc env dc/registry --overwrite STORAGE=/opt

To unset environment variables in the pod templates:

$ oc env <object-selection> KEY_1- ... KEY_N- [<common-options>]

The trailing hyphen (-, U+2D) is required.

This example removes environment variables ENV1 and ENV2 from deployment config d1:

$ oc env dc/d1 ENV1- ENV2-

This removes environment variable ENV from all replication controllers:

$ oc env rc --all ENV-

This removes environment variable ENV from container c1 for replication controller r1:

To list environment variables in pods or pod templates:

$ oc env rc r1 --containers='c1' ENV-

This example lists all environment variables for pod p1:

$ oc env <object-selection> --list [<common-options>]

$ oc env pod/p1 --list
  • to apply some change (patch)
oc patch dc/<dc_name> \
   -p '{"spec":{"template":{"spec":{"nodeSelector":{"nodeLabel":"logging-es-node-1"}}}}}'
  • to apply a vlome storage
oc volume dc/<dc_name> \
          --add --overwrite --name=<volume_name> \
          --type=persistentVolumeClaim --claim-name=<claim_name>
  • to make a node unschedulable in a cluster
oadm manage node <nome do node > --schedulable=false
  • to create a registry with storage-volume mounted on host
oadm registry --service-account=registry \
    --config=/etc/origin/master/admin.kubeconfig \
    --credentials=/etc/origin/master/openshift-registry.kubeconfig \
    --images='registry.access.redhat.com/openshift3/ose-${component}:${version}' \
    --mount-host=<path> --selector=meuselector
  • to export all resources from a project/namespace as a template
oc export all --as-template=<template_name>

Cluster nodes CleanUp

  1. Desliga todos os containers que vc não tá usando no seu ambiente do openshift
  2. Executa em todos os nodes e master o comando: docker rm $(docker ps -a -q)
  3. Remove todas as imagens de todos os nodes e master. Para isso loga em cada uma delas via ssh e remove as imagens usando docker rmi . Pega as imagens que começa com o ip do registry 172.30...
  4. configurar GC: https://docs.openshift.com/enterprise/3.1/admin_guide/garbage_collection.html

##Tips

  • internal DNS name of ose/kubernetes services
  • follows the pattern <service-name>.<project>.svc.cluster.local

Object Type | Example

Default | <pod_namespace>.cluster.local Services | .<pod_namespace>.svc.cluster.local Endpoints | ..endpoints.cluster.local

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment