OpenShift Examples
Run OpenShift on your Hetzner Server
https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4
Run OCP on your laptop
OpenShift 4
Code Ready Containers
Usefull Red Hat Solutions article
Glossary
Term
Definition
Container runtime
Container runtimes, or specificially OCI Runtimes are things like runc, crun, kata, gvisor.
Container engines
Container Engines pull and push container images from container registries, configure OCI Runtime Specifications and launch OCI Runtimes. For example CRI-O, ContainerD
Usefull commands
Easy install jq on RHEL
curl -O -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
chmod +x jq-linux64
sudo mv jq-linux64 /usr/local/bin/jq
jq examples
PVC CSV
oc get pvc --all-namespaces -o json | jq -r ' .items[] | [.metadata.namespace,.metadata.name,.status.capacity.storage|tostring]|@csv'
Print certificate from secret
oc get secret -n openshift-web-console webconsole-serving-cert -o json | jq -r '.data."tls.crt"' | base64 -d > foo.pem
# Can't use openssl x509, x509 do not support bundles
openssl crl2pkcs7 -nocrl -certfile foo.pem | openssl pkcs7 -print_certs -noout
Check certificate from master-api
echo -n | openssl s_client -connect q.bohne.io:8443 -servername q.bohne.io 2>/dev/null | openssl x509 -noout -subject -issuer
OpenShift certificate overview:
find /etc/origin/master/ /etc/origin/node -name "*.crt" -printf '%p - ' -exec openssl x509 -noout -subject -in {} \;
kubectl/oc patch
For example:
oc patch configs.imageregistry.operator.openshift.io/cluster \
--type='json' \
--patch='[
{"op": "replace", "path": "/spec/managementState", "value": "Managed"},
{"op": "replace", "path": "/spec/rolloutStrategy", "value": "Recreate"},
{"op": "replace", "path": "/spec/storage", "value": {"pvc":{"claim": "image-registry-pvc" }}}
]'
patch definition:
Blog post: https://labs.consol.de/development/2019/04/08/oc-patch-unleashed.html
Commands inside a POD
Get IP Addresses without ip or ifconfig?
Command
Sample outpout
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61 $ cat /proc/net/fib_trie
Main:
+-- 0.0.0.0/0 3 0 4
+-- 0.0.0.0/4 2 0 2
|-- 0.0.0.0
/0 universe UNICAST
+-- 10.128.0.0/14 2 0 2
|-- 10.128.0.0
/14 universe UNICAST
+-- 10.131.0.0/23 2 0 2
+-- 10.131.0.0/28 2 0 2
|-- 10.131.0.0
/32 link BROADCAST
/23 link UNICAST
|-- 10.131.0.14
/32 host LOCAL
|-- 10.131.1.255
/32 link BROADCAST
+-- 127.0.0.0/8 2 0 2
+-- 127.0.0.0/31 1 0 0
|-- 127.0.0.0
/32 link BROADCAST
/8 host LOCAL
|-- 127.0.0.1
/32 host LOCAL
|-- 127.255.255.255
/32 link BROADCAST
|-- 172.30.0.0
/16 universe UNICAST
|-- 224.0.0.0
/4 universe UNICAST
Local:
+-- 0.0.0.0/0 3 0 4
+-- 0.0.0.0/4 2 0 2
|-- 0.0.0.0
/0 universe UNICAST
+-- 10.128.0.0/14 2 0 2
|-- 10.128.0.0
/14 universe UNICAST
+-- 10.131.0.0/23 2 0 2
+-- 10.131.0.0/28 2 0 2
|-- 10.131.0.0
/32 link BROADCAST
/23 link UNICAST
|-- 10.131.0.14
/32 host LOCAL
|-- 10.131.1.255
/32 link BROADCAST
+-- 127.0.0.0/8 2 0 2
+-- 127.0.0.0/31 1 0 0
|-- 127.0.0.0
/32 link BROADCAST
/8 host LOCAL
|-- 127.0.0.1
/32 host LOCAL
|-- 127.255.255.255
/32 link BROADCAST
|-- 172.30.0.0
/16 universe UNICAST
|-- 224.0.0.0
/4 universe UNICAST
Command
cat /proc/net/fib_trie | grep "|--" | egrep -v "0.0.0.0| 127."
Sample output
1
2
3
4
5
6
7
8
9
10
11
12
13 $ cat /proc/net/fib_trie | grep "|--" | egrep -v "0.0.0.0| 127."
|-- 10.128.0.0
|-- 10.131.0.0
|-- 10.131.0.14
|-- 10.131.1.255
|-- 172.30.0.0
|-- 224.0.0.0
|-- 10.128.0.0
|-- 10.131.0.0
|-- 10.131.0.14
|-- 10.131.1.255
|-- 172.30.0.0
|-- 224.0.0.0
cURL & Kubernetes/OpenShift API examples
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 $ curl --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt \
--header "Authorization: Bearer $(cat /run/secrets/kubernetes.io/serviceaccount/token)" \
https://kubernetes.default.svc.cluster.local/version
{
"major": "1",
"minor": "16+",
"gitVersion": "v1.16.2",
"gitCommit": "4320e48",
"gitTreeState": "clean",
"buildDate": "2020-01-21T19:50:59Z",
"goVersion": "go1.12.12",
"compiler": "gc",
"platform": "linux/amd64"
}
List all Services from ansible-service-broker
curl -k -s $(oc get broker ansible-service-broker -o go-template='{{.spec.url}}v2/catalog') | jq ' .services[] | {Name: .name, displayName: .metadata.displayName}'
{
"Name": "dh--latest",
"displayName": "Hello World (APB)"
}
List all services from template broker:
curl -s -k -X GET -H "Authorization: Bearer $(oc whoami -t)" -H "X-Broker-Api-Version: 2.7" https://192.168.37.1:8443/brokers/template.openshift.io/v2/catalog | jq ' .services[] | {Name: .name, displayName: .metadata.displayName}'
List all services from service catalog
curl -s -k -X GET -H "Authorization: Bearer $(oc whoami -t)" https://192.168.37.1:8443/apis/servicecatalog.k8s.io/v1alpha1/serviceclasses | jq ' .items[] | { brokerName: .brokerName, name: .metadata.name, displayName: .externalMetadata.displayName } '
Stargazers over time
Last update:
December 11, 2022