OpenShift & K8S Cheat Sheet

From Bitbull Wiki
Revision as of 07:40, 23 April 2021 by Chris (talk | contribs)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Kubernetes

Daily

* https://kubernetes.io/de/docs/reference/kubectl/cheatsheet/

=SHELL

  • Authenticate Kubectl
export KUBECONFIG=<PATH-TO-M>-CONFIG>/kubeconfig-dev.yaml

.bash_profile

  • openshift project/user prompt
source <(kubectl completion bash)
export PS1='### \D{%d.%m.%Y_%H:%M} \u@\h:\w \e[1;33m✯\e[m $(kubectl config view -o jsonpath="{.contexts[].context.namespace}") \n# '
  • password gen
genpasswd() {
   local l=$1
   [ "$l" == "" ] && l=16
   tr -dc A-Za-z0-9_=., < /dev/urandom | head -c ${l} | xargs 
}

Deploy

Create and change into Namespace

kubectl create namespace mynamespace
kubectl config set-context --current --namespace=mynamespace

Deploy Docker Container and Expose Service

kubectl create deployment xfce --image=christian773/xfce-vnc:latest --port=6901

Inject VARS into Deployment/Container

kubectl edit deployment nginx1

spec:
  containers:
  - name: nginx
    image: nginx:1.7.9
    env:
    - name: MY_VAT
      value: MY_VALUE

Get Environment VARS of Pod

kubectl exec pod-name -- printenv

Expose Container Port as Service

kubectl expose deployment nginx-app --port=8080 --name=nginx-service

Create Ingress Rule for Service

kubectl create ingress ingress-www --rule=www.domain.com/*=nginx-service:8080

Configure

Debug

Run Container with custom Command

kubectl run -i --tty busybox --image=busybox -- sh

Attach Container in Pod

kubectl attach busybox -c busybox -i -t





Helpers

.bash_profile

  • openshift project/user prompt
function ps1(){
   export PS1='[\u@\h($(oc whoami -c 2>/dev/null|cut -d/ -f3,1)) \W]\$ '
}
function ps1e(){
   export PS1='# [\d \t \u@\h($(oc whoami -c 2>/dev/null|cut -d/ -f3,1)) \W]\n$ '
}
  • password gen
genpasswd() {
        local l=$1
        [ "$l" == "" ] && l=16
        tr -dc A-Za-z0-9_=%.,: < /dev/urandom | head -c ${l} | xargs 
 }



Administration

daily cmds

oc get nodes -o wide
oc get all -o wide --all-namespaces
oc get ep -o wide
oc get events --sort-by='.lastTimestamp'
oc get rolebindings --all-namespaces
oc get pv
oc get pvc
oc get projects
oc get users
oc get groups

inspect user/group permissions

oc get rolebinding -o wide -n gitea
oc get rolebinding -o wide --all-namespaces

inspect imagestreams

oc get is -n openshift
oc describe is php -n openshift
oc export -n openshift isimage php@42c4a9072f


backup all openshift objects in all projects

oc get all --all-namespaces --no-headers=true | awk '{print $1","$2}' | while read obj
do
  NS=$(echo $obj | cut -d, -f1)
  OBJ=$(echo $obj | cut -d, -f2)
  FILE=$(echo $obj | sed 's/\//-/g;s/,/-/g')
  echo $NS $OBJ $FILE; oc export -n $NS $OBJ -o yaml > $FILE.yml
done

backup all kubernets objects in current namespace

oc get projects
oc project my-namespace
kubectl get all --no-headers=true | awk '{print $1}' | while read obj
do
  OBJ=$(echo $obj | cut -d, -f2)
  FILE=$(echo $obj | sed 's/\//-/g;s/,/-/g')
  echo " ------------- $NS $OBJ $FILE"
  kubectl get $OBJ -o yaml > $FILE.yml
done

snippets

run as root (anyuid)

oc create serviceaccount sa-anyuid
oc adm policy add-scc-to-user anyuid -z sa-anyuid
# create new-app before to get a dc
oc patch dc/deployment-config-name --patch '{"spec":{"template":{"spec":{"serviceAccountName": "sa-anyuid"}}}}'

run as root (anyuid) for every pod in project

oc adm policy add-scc-to-user anyuid -z default

imagestream demo (build service)

  • get all the imagestreams
oc get is -n openshift
  • inspect nginx imagestream
oc describe is nginx -n openshift
  • setup new project
oc new-project is-demo
  • setup the dev environment
oc new-app --name=html-dev  nginx:1.10~https://github.com/joe-speedboat/openshift.html.devops.git#master
oc get all
oc logs -f builds/html-dev-1

oc get svc
oc expose svc/html-dev --hostname=html-dev.app.domain.com
oc get route

curl http://html-dev.app.domain.com
  • show this app to the qa team
oc get is
oc tag docker-registry.default.svc:5000/is-demo/html-dev:latest is-demo/html-qa:1.0
oc get is
oc new-app --name=html-qa --image-stream="is-demo/html-qa:1.0"
oc expose svc/html-qa --hostname=html-qa.app.domain.com
curl html-qa.app.domain.com
  • now go and make some changes to the git repo, then push it to github
now lets build the latest dev release
oc start-build html-dev
oc status
oc get pods
  • check dev application for latest changes
curl http://html-dev.app.domain.com
  • check if qa application remains in desired state
curl html-qa.app.domain.com
  • now commit the new dev branch to qa branch
oc get is
oc tag docker-registry.default.svc:5000/is-demo/html-dev html-qa:1.1
  • change the imagestream to newer release
oc edit dc/html-qa
oc get dc
oc get pods
  • check if qa application is reflecting latest changes from v1.1
curl html-qa.app.domain.com
  • now we rollback the qa release to v1.0
oc edit dc/html-qa
oc get dc
oc get pods
  • check if qa application is reflecting the rollbacked version v1.0
curl html-qa.app.domain.com

database backup

mariadb (os v3.9)

  • install global backup template
oc create -f https://raw.githubusercontent.com/joe-speedboat/mariadb-backup-cronjob/master/mariadb-backup-template.yaml

Maintenance

CleanUp old docker images on nodes

Keeping up to three tag revisions 1, and keeping resources (images, image streams and pods) younger than sixty minutes:
oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m
Pruning every image that exceeds defined limits:
oc adm prune images --prune-over-size-limit
CopyPaste example
oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m --confirm
oc adm prune images --prune-over-size-limit --confirm
Retrieved from "http://www.bitbull.ch/wiki/index.php?title=OpenShift_%26_K8S_Cheat_Sheet&oldid=5330"