Difference between revisions of "OpenShift & K8S Cheat Sheet"
Jump to navigation
Jump to search
Line 24: | Line 24: | ||
} | } | ||
</pre> | </pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Revision as of 20:55, 22 April 2021
Contents
1 Helpers
1.1 .bash_profile
- openshift project/user prompt
function ps1(){ export PS1='[\u@\h($(oc whoami -c 2>/dev/null|cut -d/ -f3,1)) \W]\$ ' } function ps1e(){ export PS1='# [\d \t \u@\h($(oc whoami -c 2>/dev/null|cut -d/ -f3,1)) \W]\n$ ' }
- password gen
genpasswd() { local l=$1 [ "$l" == "" ] && l=12 for i in $(seq 20) do tr -dc A-Za-z0-9_=%.,: < /dev/urandom | head -c ${l} | xargs done }
2 Administration
2.1 daily cmds
oc get nodes -o wide oc get all -o wide --all-namespaces oc get ep -o wide oc get events --sort-by='.lastTimestamp' oc get rolebindings --all-namespaces oc get pv oc get pvc oc get projects oc get users oc get groups
2.2 inspect user/group permissions
oc get rolebinding -o wide -n gitea oc get rolebinding -o wide --all-namespaces
2.3 inspect imagestreams
oc get is -n openshift oc describe is php -n openshift oc export -n openshift isimage php@42c4a9072f
2.4 backup all openshift objects in all projects
oc get all --all-namespaces --no-headers=true | awk '{print $1","$2}' | while read obj do NS=$(echo $obj | cut -d, -f1) OBJ=$(echo $obj | cut -d, -f2) FILE=$(echo $obj | sed 's/\//-/g;s/,/-/g') echo $NS $OBJ $FILE; oc export -n $NS $OBJ -o yaml > $FILE.yml done
2.5 backup all kubernets objects in current namespace
oc get projects oc project my-namespace kubectl get all --no-headers=true | awk '{print $1}' | while read obj do OBJ=$(echo $obj | cut -d, -f2) FILE=$(echo $obj | sed 's/\//-/g;s/,/-/g') echo " ------------- $NS $OBJ $FILE" kubectl get $OBJ -o yaml > $FILE.yml done
3 snippets
3.1 run as root (anyuid)
oc create serviceaccount sa-anyuid oc adm policy add-scc-to-user anyuid -z sa-anyuid # create new-app before to get a dc oc patch dc/deployment-config-name --patch '{"spec":{"template":{"spec":{"serviceAccountName": "sa-anyuid"}}}}'
3.2 run as root (anyuid) for every pod in project
oc adm policy add-scc-to-user anyuid -z default
4 deployment examples
4.1 imagestream demo (build service)
- get all the imagestreams
oc get is -n openshift
- inspect nginx imagestream
oc describe is nginx -n openshift
- setup new project
oc new-project is-demo
- setup the dev environment
oc new-app --name=html-dev nginx:1.10~https://github.com/joe-speedboat/openshift.html.devops.git#master oc get all oc logs -f builds/html-dev-1
oc get svc oc expose svc/html-dev --hostname=html-dev.app.domain.com oc get route
curl http://html-dev.app.domain.com
- show this app to the qa team
oc get is oc tag docker-registry.default.svc:5000/is-demo/html-dev:latest is-demo/html-qa:1.0 oc get is oc new-app --name=html-qa --image-stream="is-demo/html-qa:1.0" oc expose svc/html-qa --hostname=html-qa.app.domain.com curl html-qa.app.domain.com
- now go and make some changes to the git repo, then push it to github
- now lets build the latest dev release
oc start-build html-dev oc status oc get pods
- check dev application for latest changes
curl http://html-dev.app.domain.com
- check if qa application remains in desired state
curl html-qa.app.domain.com
- now commit the new dev branch to qa branch
oc get is oc tag docker-registry.default.svc:5000/is-demo/html-dev html-qa:1.1
- change the imagestream to newer release
oc edit dc/html-qa oc get dc oc get pods
- check if qa application is reflecting latest changes from v1.1
curl html-qa.app.domain.com
- now we rollback the qa release to v1.0
oc edit dc/html-qa oc get dc oc get pods
- check if qa application is reflecting the rollbacked version v1.0
curl html-qa.app.domain.com
4.2 gitea
URL=git.app.domain.com PROJECT=gitea oc new-project $PROJECT oc create sa anyuid oc adm policy add-scc-to-user anyuid -z anyuid oc new-app --name gitea --docker-image=docker.io/gitea/gitea oc patch dc/gitea --patch '{"spec":{"template":{"spec":{"serviceAccountName": "anyuid"}}}}' oc volumes dc --all oc volume dc/gitea --add --name=gitea-volume-1 -t pvc --claim-name=gitea-data --claim-size=5G --overwrite oc volumes dc --all oc expose svc/gitea --hostname=$URL --port=3000 firefox git.app.domain.com
5 database backup
5.1 mariadb (os v3.9)
- install global backup template
oc create -f https://raw.githubusercontent.com/joe-speedboat/mariadb-backup-cronjob/master/mariadb-backup-template.yaml
- more information can be found on git repo mariadb-backup-cronjob
6 Maintenance
6.1 CleanUp old docker images on nodes
- Keeping up to three tag revisions 1, and keeping resources (images, image streams and pods) younger than sixty minutes:
oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m
- Pruning every image that exceeds defined limits:
oc adm prune images --prune-over-size-limit
- CopyPaste example
oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m --confirm oc adm prune images --prune-over-size-limit --confirm