* to pull an image directly from red hat offcial docker registry
```
docker pull registry.access.redhat.com/jboss-eap-6/eap64-openshift
```

* to get ther current user Barear Auth Token

```
oc whoami -t
```

* to test the OSE Master API 

```
curl -k -H "Authorization: Bearer <api_token>" https://<master_host>:8443/api/v1/namespaces/<projcet_name>/pods/https:<pod_name>:8778/proxy/jolokia/

# get pod memory via jmx
curl -k -H "Authorization: Bearer <api_token>" https://<master_host>:8443/api/v1/namespaces/<projcet_name>/pods/https:<pod_name>:8778/proxy/jolokia//read/java.lang:type\=Memory/HeapMemoryUsage | jq .
```

* to login via CLI `oc`
```
oc login --username=tuelho --insecure-skip-tls-verify --server=https://master00-${guid}.oslab.opentlc.com:8443

# to login as Cluster Admin through master host
oc login -u system:admin -n openshift
```

* to view the cluster roles and their associated rule sets in the cluster policy
```
oc describe clusterPolicy default
```

* add a role to user
```
#local binding
oadm policy add-role-to-user <role> <username>

#cluster biding
oadm policy add-cluster-role-to-user <role> <username>
```

> for more details consult: https://docs.openshift.com/enterprise/3.1/admin_guide/manage_authorization_policy.html

* to test a POD service locally
```
ip=`oc describe pod hello-openshift|grep IP:|awk '{print $2}'`
curl http://${ip}:8080
```

 * to access a POD container shell
```
oc exec -ti  `oc get pods |  awk '/registry/ { print $1; }'` /bin/bash

#new way to do the same:
oc rsh <container-name>
```

 * to edit an object/resource
```
oc edit <object_type>/<object_name>

#eg

oc edit dc/myDeploymentConfig
```

 * Ataching a new `PersistentVolumeClaim` to a `DeploymentConfig`

```
oc volume dc/docker-registry \
   --add --overwrite \
   -t persistentVolumeClaim \
   --claim-name=registry-claim \
   --name=registry-storage
```
 * Docker builder app creation
 
 ```
 oc new-app --docker-image=openshift/hello-openshift:v1.0.6 -l "todelete=yes"
 ```
* To create an app using a template (`eap64-basic-s2i`): Ticketmonster demo

```
oc new-app javaee6-demo
oc new-app --template=eap64-basic-s2i -p=APPLICATION_NAME=ticketmonster,SOURCE_REPOSITORY_URL=https://github.com/jboss-developer/ticket-monster,SOURCE_REPOSITORY_REF=2.7.0.Final,CONTEXT_DIR=demo
```

* STI app creation

```
oc new-app https://github.com/openshift/sinatra-example -l "todelete=yes"
oc new-app openshift/php~https://github.com/openshift/sti-php -l "todelete=yes"
```

 * To watch a build process log

```
oc get builds
oc logs -f builds/sti-php-1
```

* To create application using Git repository at current directory:

```
$ oc new-app
```

* To create application using remote Git repository and context subdirectory:

```
$ oc new-app https://github.com/openshift/sti-ruby.git \
    --context-dir=2.0/test/puma-test-app
```

* To create application using remote Git repository with specific branch reference:
```
$ oc new-app https://github.com/openshift/ruby-hello-world.git#beta4
```
> New App From Source Code
> 
>  Build Strategy Detection
> 
>  If new-app finds a Dockerfile in the repository, it uses docker build strategy Otherwise, new-app uses source strategy
>   
>  To specify strategy, set `--strategy flag` to source or docker
>  Example: To force new-app to use docker strategy for local source repository:
  
  ```
  $ oc new-app /home/user/code/myapp --strategy=docker
  ```

* to create a definition generated by `oc new-app` command based on S2I support

```
$ oc new-app https://github.com/openshift/simple-openshift-sinatra-sti.git -o json | \
   tee ~/simple-sinatra.json
```

* To create application from MySQL image in Docker Hub:

```
$ oc new-app mysql
```

* To create application from local registry:

```
$ oc new-app myregistry:5000/example/myimage
```

> If the registry that the image comes from is not secured with SSL, cluster administrators must ensure that the Docker daemon on the OpenShift Enterprise nodes is run with the --insecure-registry flag pointing to that registry. You must also use the `--insecure-registry=true` flag to tell new-app that the image comes from an insecure registry.

* To create application from stored template:

```
$ oc create -f examples/sample-app/application-template-stibuild.json
$ oc new-app ruby-helloworld-sample
```

* To set environment variables when creating application for database image:

```
$ oc new-app openshift/postgresql-92-centos7 \
    -e POSTGRESQL_USER=user \
    -e POSTGRESQL_DATABASE=db \
    -e POSTGRESQL_PASSWORD=password
```

* To output new-app artifacts to file, edit them, then create them using oc create:

```
$ oc new-app https://github.com/openshift/ruby-hello-world -o json > myapp.json
$ vi myapp.json
$ oc create -f myapp.json
```

* To deploy two images in single pod:

```
$ oc new-app nginx+mysql
```

* To deploy together image built from source and external image:

```
$ oc new-app \
    ruby~https://github.com/openshift/ruby-hello-world \
    mysql \
    --group=ruby+mysql
```
* to export all the project's objects/resources as a single template:

```
$ oc export all --as-template=<template_name>
```

> You can also substitute a particular resource type or multiple resources instead of all. Run $ oc export -h for more examples

* to create a new project using `oadm` and defining an admin user
```
$ oadm new-project instant-app --display-name="instant app example project" \
    --description='A demonstration of an instant-app/template' \
    --node-selector='region=primary' --admin=andrew
```

* to create an app using `oc` CLI based on a `template`
```
$ oc new-app --template=mysql-ephemeral --param=MYSQL_USER=mysqluser,MYSQL_PASSWORD=redhat,MYSQL_DATABASE=mydb,DATABASE_SERVICE_NAME=database
```

* to see a list of `env` `vars` defined in a DeploymentConfig object
```
$ oc env dc database --list
# deploymentconfigs database, container mysql
MYSQL_USER=***
MYSQL_PASSWORD=***
MYSQL_DATABASE=***

```

* to manage enviorenmet variables in different ose objects types.

The first adds, with value /data. The second updates, with value /opt.

```
$ oc env dc/registry STORAGE=/data
$ oc env dc/registry --overwrite STORAGE=/opt
```

To unset environment variables in the pod templates:

```
$ oc env <object-selection> KEY_1- ... KEY_N- [<common-options>]
```

> The trailing hyphen (-, U+2D) is required.

This example removes environment variables ENV1 and ENV2 from deployment config d1:
```
$ oc env dc/d1 ENV1- ENV2-
```

This removes environment variable ENV from all replication controllers:
```
$ oc env rc --all ENV-
```

This removes environment variable ENV from container c1 for replication controller r1:

To list environment variables in pods or pod templates:
```
$ oc env rc r1 --containers='c1' ENV-
```

This example lists all environment variables for pod p1:
```
$ oc env <object-selection> --list [<common-options>]
```

```
$ oc env pod/p1 --list
```

* to apply some change (patch)

```
oc patch dc/<dc_name> \
   -p '{"spec":{"template":{"spec":{"nodeSelector":{"nodeLabel":"logging-es-node-1"}}}}}'
```

* to apply a vlome storage

```
oc volume dc/<dc_name> \
          --add --overwrite --name=<volume_name> \
          --type=persistentVolumeClaim --claim-name=<claim_name>
```

* to make a node unschedulable in a cluster

```
oadm manage node <nome do node > --schedulable=false
```
* to create a registry with storage-volume mounted on host
```
oadm registry --service-account=registry \
    --config=/etc/origin/master/admin.kubeconfig \
    --credentials=/etc/origin/master/openshift-registry.kubeconfig \
    --images='registry.access.redhat.com/openshift3/ose-${component}:${version}' \
    --mount-host=<path> --selector=meuselector
```

* to export all resources from a project/namespace as a template
```
oc export all --as-template=<template_name>
```

* to create a build from a Dockerfile

```
# create the build
cat ./path/to/your/Dockerfile | oc new-build --name=build-from-docker --binary --strategy=docker -l app=app-from-custom-docker-build  -D -

#if you need to give some input to your Docker Build process
oc start-build build-from-docker --from-dir=. --follow

# create an OSE app from the docker build image
oc new-app app-from-custom-docker-build -l app=app-from-custom-docker-build

oc expose service app-from-custom-docker-build
```

* to copy files to/from a POD

```
#Ref: https://docs.openshift.org/latest/dev_guide/copy_files_to_container.html

oc rsync /home/user/source devpod1234:/src

oc rsync devpod1234:/src /home/user/source
```

## Cluster nodes CleanUp

1. Desliga todos os containers que vc não tá usando no seu ambiente do openshift
2. Executa em todos os nodes e master o comando: docker rm $(docker ps -a -q)
3. Remove todas as imagens de todos os nodes e master. Para isso loga em cada uma delas via ssh e remove as imagens usando docker rmi <id da image>. Pega as imagens que começa com o ip do registry 172.30...
4. configurar GC: https://docs.openshift.com/enterprise/3.1/admin_guide/garbage_collection.html

##Tips

* internal DNS name of ose/kubernetes services
 * follows the pattern `<service-name>.<project>.svc.cluster.local`


 Object Type	 | Example 
--------------- | ----------------------------------------------
 Default        | <pod_namespace>.cluster.local 
 Services       | <service>.<pod_namespace>.svc.cluster.local
 Endpoints      | <name>.<namespace>.endpoints.cluster.local
 
 > "he only caveat to this, is that if we are using the multi-tenant OVS networking plugin, our cluster administrators will have to make visible our ci project to all other projects:" Ref: https://blog.openshift.com/improving-build-time-java-builds-openshift/
```
$ oadm pod-network make-projects-global ci
```