sudhirpandey · January 29, 2025 21:26
diff --git a/oc command lines b/oc command lines
 #patchin resource limits
 oc get limits/resource-limits -o jsonpath='{.spec.limits[0].max.memory}'
 oc patch limits/resource-limits --type=json --patch="[{'op':'replace','path':'/spec/limits/0/max/memory', 'value':'1Gi'}]"

 #onliner to rollout the deployments in case if resourc limit change
 oc get projects -o jsonpath="{range .items[*]} {.metadata.name}{'\n'}{end}" |xargs -i oc get dc -o jsonpath="{range .items[*]} {.metadata.name}+{.metadata.namespace}{'\n'}{end}" -n {}|xargs -i bash -c 'if [[ "${1#*+}" =~ '^sandbox.*' ]]; then oc scale dc "${1%+*}" --replicas=0 -n "${1#*+}" && sleep 10 && oc scale dc "${1%+*}" --replicas=1 -n "${1#*+}"; fi' - '{}'

 #get svc and types
 oc get service --all-namespaces -o=custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,TYPE:.spec.type

 #to get all the tags of is
 oc get is name -n namespace --template='{{ range $index, $element :=.status.tags }}{{ $element.tag }}{{"\n"}}{{end}}'

 #To get all the projects
 `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`

 oc get projects -o jsonpath="{range .items[*]} {.metadata.name}{'\n'}{end}"

 oc get projects -o jsonpath="{.items[*].metadata.name}"


 #To get all the routes
 `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}'|xargs -i oc get routes --template '{{range .items}}{{ .spec.host}}{{"\n"}}{{end}}' -n {}`

 #Get firts message from the status
 oc get dc service-name --template='{{ range $index, $element :=.status.conditions }}{{ if eq $index 0 }}{{ $element.message }} {{end}}{{end}}'


 #Get the outputs from desired keys
 oc get svc svcname -o json |jq '.metadata.annotations."prometheus.io/probe"'
 oc get svc svcname --template='{{ index .metadata.annotations "prometheus.io/probe" }}


 #Patch all the services to have prometheus tags
 PATCH='{"metadata":{"labels":{"team":"xxxx"}}}'
 oc get svc | awk '{print $1}'| tail -n +2 |xargs -i oc patch svc {} -p "$PATCH"
 PATCH='{"metadata":{"annotations":{"prometheus.io/probe":"true"}}}'
 repeat

 #capablity check
 oc adm policy who-can create buildConfigs
 oc adm policy who-can create build
 oc adm policy who-can update build
 oc adm policy who-can update buildConfigs
 oc adm policy who-can create builds
 oc policy who-can get imagestreams/layers -n

 #Peak into elastic search openshift logging
 oc get secret logging-fluentd --template='{{.data.ca}}' | base64 -d > ca
 oc get secret logging-fluentd --template='{{.data.key}}' | base64 -d > key
 oc get secret logging-fluentd --template='{{.data.cert}}' | base64 -d > cert
 oc port-forward <es pod name> 9200:9200
 curl -s --cacert ca --key key --cert cert https://localhost:9200/_cluster/health | python -mjson.tool


 #Test port is open in container without network tools
 cat < /dev/tcp/127.0.0.1/22

 #haproxy debug the request errors
 echo "show errors"|socat unix-connect:/var/lib/haproxy/run/haproxy.sock stdio

 #see contianer interface with host 
 cat /sys/class/net/eth0/iflink

 #temporarily allow traffic in cluster
 iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport <port> -j ACCEPT
 iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m tcp --dport <port> -j ACCEPT

 #Api usage with token

 curl -k -H "Authorization: Bearer <token>" https://cluster.xxx.xxx.xxx/api/v1/namespaces/monitoring/configmaps


 #hacking dc to do sed and launch entry point

 - args:
        - -c
        - /bin/sed -i '/^command=clair/ s/$/ -insecure-tls/' /supervisord.conf &&
          /boot.sh
        command:
        - /bin/sh
	#patchin resource limits
	oc get limits/resource-limits -o jsonpath='{.spec.limits[0].max.memory}'
	oc patch limits/resource-limits --type=json --patch="[{'op':'replace','path':'/spec/limits/0/max/memory', 'value':'1Gi'}]"

	#onliner to rollout the deployments in case if resourc limit change
	oc get projects -o jsonpath="{range .items[]} {.metadata.name}{'\n'}{end}" \|xargs -i oc get dc -o jsonpath="{range .items[]} {.metadata.name}+{.metadata.namespace}{'\n'}{end}" -n {}\|xargs -i bash -c 'if [[ "${1#+}" =~ '^sandbox.' ]]; then oc scale dc "${1%+}" --replicas=0 -n "${1#+}" && sleep 10 && oc scale dc "${1%+}" --replicas=1 -n "${1#+}"; fi' - '{}'

	#get svc and types
	oc get service --all-namespaces -o=custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,TYPE:.spec.type

	#to get all the tags of is
	oc get is name -n namespace --template='{{ range $index, $element :=.status.tags }}{{ $element.tag }}{{"\n"}}{{end}}'

	#To get all the projects
	`oc get projects -o name \|xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`

	oc get projects -o jsonpath="{range .items[*]} {.metadata.name}{'\n'}{end}"

	oc get projects -o jsonpath="{.items[*].metadata.name}"


	#To get all the routes
	`oc get projects -o name \|xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}'\|xargs -i oc get routes --template '{{range .items}}{{ .spec.host}}{{"\n"}}{{end}}' -n {}`

	#Get firts message from the status
	oc get dc service-name --template='{{ range $index, $element :=.status.conditions }}{{ if eq $index 0 }}{{ $element.message }} {{end}}{{end}}'


	#Get the outputs from desired keys
	oc get svc svcname -o json \|jq '.metadata.annotations."prometheus.io/probe"'
	oc get svc svcname --template='{{ index .metadata.annotations "prometheus.io/probe" }}


	#Patch all the services to have prometheus tags
	PATCH='{"metadata":{"labels":{"team":"xxxx"}}}'
	oc get svc \| awk '{print $1}'\| tail -n +2 \|xargs -i oc patch svc {} -p "$PATCH"
	PATCH='{"metadata":{"annotations":{"prometheus.io/probe":"true"}}}'
	repeat

	#capablity check
	oc adm policy who-can create buildConfigs
	oc adm policy who-can create build
	oc adm policy who-can update build
	oc adm policy who-can update buildConfigs
	oc adm policy who-can create builds
	oc policy who-can get imagestreams/layers -n

	#Peak into elastic search openshift logging
	oc get secret logging-fluentd --template='{{.data.ca}}' \| base64 -d > ca
	oc get secret logging-fluentd --template='{{.data.key}}' \| base64 -d > key
	oc get secret logging-fluentd --template='{{.data.cert}}' \| base64 -d > cert
	oc port-forward <es pod name> 9200:9200
	curl -s --cacert ca --key key --cert cert https://localhost:9200/_cluster/health \| python -mjson.tool


	#Test port is open in container without network tools
	cat < /dev/tcp/127.0.0.1/22

	#haproxy debug the request errors
	echo "show errors"\|socat unix-connect:/var/lib/haproxy/run/haproxy.sock stdio

	#see contianer interface with host
	cat /sys/class/net/eth0/iflink

	#temporarily allow traffic in cluster
	iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport <port> -j ACCEPT
	iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m tcp --dport <port> -j ACCEPT

	#Api usage with token

	curl -k -H "Authorization: Bearer <token>" https://cluster.xxx.xxx.xxx/api/v1/namespaces/monitoring/configmaps


	#hacking dc to do sed and launch entry point

	- args:
	- -c
	- /bin/sed -i '/^command=clair/ s/$/ -insecure-tls/' /supervisord.conf &&
	/boot.sh
	command:
	- /bin/sh
No results found