oc cheat sheet¶
oc is a tool written in Go to interact with an openshift cluster (one at a time). State about the current login session is stored in the home directory of the local user running the oc command.
Login¶
oc login --username collaborator --password collaborator
Log in to your server using a token for an existing session.
oc login --token <token> --server=https://<>.us-east.containers.cloud.ibm.com:21070
Get api version
oc api-versions
To assess who you are and get login userid:
oc whoami
See what the current context:
oc whoami --show-context
verify which server you are logged into
oc whoami --show-server
Even if logged as a non admin user, we can still execute some command as admin, if the user is a sudoer:
oc get projects --as system:admin
Cluster¶
You can get a list of all OpenShift clusters you have ever logged into by running:
oc config get-clusters
Show a list of contexts for all sessions ever created. For each context listed, this will include details about the project, server and name of user, in that order
oc config get-contexts
Proxy the API server
oc proxy --port=8001
curl -X GET http://localhost:8001/api/v1/namespaces/myproject/pods
Persistence volume¶
oc get pv --as system:admin
Add a storage class
Add access for a user to one of your project¶
oc adm policy add-role-to-user view developer -n myproject
> role "view" added: "developer"
The role could be edit | view | admin
Add user¶
Project commands¶
Select a project once logged to openshift:
oc project <projectname>
Get the list of projects
oc get projects
Get the list of supported app templates:
oc new-app -L
Create an app and build from a specific context directory.
oc new-app https://github.com/jbcodeforce/refarch-kc-order-ms --context-dir=order-command-ms/
To create a project, that is mapped to a kubernetes namespace:
$ oc new-project <project_name> --description="<description>" --display-name="<display_name>"
To see a list of all the resources that have been created in the project:
oc get all -o name
If you need to run a container from an image that needs to be run as root, then grant additional provilieges to the project:
oc adm policy add-scc-to-user anyuid -z default -n myproject --as system:admin
Verify the Deployment has been created: oc get deploy
Verify the ReplicaSet has been created: oc get replicaset
Verify the pods are running: oc get pods
Custom Resource Definition¶
See this training
oc get crd
Get service account: Service accounts provide a flexible way to control API access without sharing a regular user’s credentials. Every service account has an associated user name that can be granted roles. Default, builder, deployer are defined in each project)
oc get sa
> builder
default
deployer
jb-kafka-cluster-entity-operator
jb-kafka-cluster-kafka
jb-kafka-cluster-zookeeper
strimzi-cluster-operator
strimzi-topic-operator
As soon as a service account is created (oc create sa strimzi-cluster-operator
), two secrets are automatically added to it:
- an API token
- credentials for the OpenShift Container Registry
Access to the roles defined in a project
oc get roles
> strimzi-topic-operator
>
oc get rolebindings
Work with images¶
Search a docker image and see if it is valid:
oc new-app --search openshiftkatacoda/blog-django-py
Deploy an image to a project and link it to github:
oc new-app --docker-image=<docker-image> [--code=<source>] --name myapp
The image will be pulled down and stored within the internal OpenShift image registry. You can list what image stream resources have been created within a project by running the command:
oc get imagestream -o name
Expose app¶
To expose the application created so it is available outside of the OpenShift cluster, you can run the command:
oc expose service/blog-django-py
To view the hostname assigned to the route created from the command line, you can run the command:
oc get route/blog-django-py
Or by using a label selector:
oc get all --selector app=blog-django-py -o name
Get detail of a resource:
oc describe route/blog-django-py
Deleting an application and all its resources, using label:
oc delete all --selector app=blog-django-py
To import an image without creating a container:
oc import-image openshiftkatacoda/blog-django-py --confirm
Then to deploy an instance of the application from the image stream which has been created, run the command:
oc new-app blog-django-py --name blog-1
List what image stream resources have been created within a project by running the command:
oc get imagestream -o name
Create an app from the source code, and use source to image build process to deploy the app:
oc new-app python:latest~https://github.com/jbcodeforce/order-producer-python -name appname
other example with context directory:
oc new-app https://github.com/jbcodeforce/refarch-kc-order-ms --context-dir=order-command-ms/
Then to track the deployment progress:
oc logs -f bc/<appname>
The first time the application is deployed, if you want to expose it to internet do:
oc expose service/<appname>
When using source to image approach, it is possible to trigger the build via:
oc start-build app-name
You can use oc logs to monitor the log output as the build runs. You can also monitor the progress of any builds in a project by running the command:
oc get builds --watch
To trigger a binary build, without committing to github, you can use the local folder to provide the source code:
oc start-build app-name --from-dir=. --wait
The --wait option is supplied to indicate that the command should only return when the build has completed.
Switch back to minishift context:
oc config use-context minishift