Difference between revisions of "OpenShift Notes"
Jump to navigation
Jump to search
| Line 8: | Line 8: | ||
;Get a list with pods and their assigned scc | ;Get a list with pods and their assigned scc | ||
oc get pod --all-namespaces | awk '{print $2 " -n "$1}' | grep -v NAME | while read p ; do echo "======= pod $p" ; oc describe pod $p | grep scc: ; done | oc get pod --all-namespaces | awk '{print $2 " -n "$1}' | grep -v NAME | while read p ; do echo "======= pod $p" ; oc describe pod $p | grep scc: ; done | ||
| + | ; only show the interesting containers | ||
| + | <code> | ||
| + | oc get pod --all-namespaces | awk '{print $2 " -n "$1}' | grep -v NAME | while read p | ||
| + | do | ||
| + | oc describe pod $p | grep scc: | grep -v ": restricted" | while read perm | ||
| + | do | ||
| + | echo "$p -> $perm" | ||
| + | done | ||
| + | done | column -t | ||
| + | </code> | ||
[[Category:OpenShift]] | [[Category:OpenShift]] | ||
[[Category:V4x]] | [[Category:V4x]] | ||
Revision as of 06:46, 2 April 2021
1 General
This is stuff I don't want to remember and don't want to forget! So I keep it here! BTW: I'm working with OKD current version (4.7)
2 Security
2.1 SCC Review
- Get a list with pods and their assigned scc
oc get pod --all-namespaces | awk '{print $2 " -n "$1}' | grep -v NAME | while read p ; do echo "======= pod $p" ; oc describe pod $p | grep scc: ; done
- only show the interesting containers
oc get pod --all-namespaces | awk '{print $2 " -n "$1}' | grep -v NAME | while read p
do
oc describe pod $p | grep scc: | grep -v ": restricted" | while read perm
do
echo "$p -> $perm"
done
done | column -t
