OpenShift Cheatsheet

From Linuxwiki
Jump to navigation Jump to search

Here some helpful OpenShift commands which work (at least) since version >= 4.11


Login

How to get a token: https://oauth-openshift.apps.ocp.example.com/oauth/token/display

You might need it for login or automatization. 

$ oc login --token=... --server=https://api.ocp.example.com:6443

Use the token directly against the API: 

$ curl -H "Authorization: Bearer $TOKEN" https://api.ocp.example.com:6443/apis/user.openshift.io/v1/users/~"

Login with username/password: 

$ oc login -u admin -p password https://api.ocp.example.com:6443

Get console URL: 

$ oc whoami --show-console

Running

General cluster info: 

$ oc cluster-info

Which resources are there? 

$ oc api-resources (--namespaced=false)

(in|without namespace)

Explain resources: 

$ oc explain service

Switch namespace: 

$ oc project <namespace>

quit namespace: 

$ oc project -n default

Get all resources: 

$ oc get all

Get status of all nodes: 

$ oc get nodes

Show Uptime: 

$ oc get machines -A

Sort Events by time: 

$ oc get events --sort-by=metadata.creationTimestamp

Show/edit initial configuration: 

$ oc get cm cluster-config-v1 -o yaml -n kube-system
  (edit)

List alerts: 

$ oc -n openshift-monitoring exec -ti alertmanager-main-0 -c alertmanager -- amtool alert --alertmanager.url=http://localhost:9093 -o extended
List silences:
$ oc -n openshift-monitoring exec -ti alertmanager-main-0 -c alertmanager -- amtool silence query --alertmanager.url=http://localhost:9093

https://cloud.redhat.com/blog/how-to-use-amtool-to-manage-red-hat-advanced-cluster-management-for-kubernetes-alerts

Patch resource: 

$ oc patch installplan install-defgh -n openshift-operators-redhat --type merge  --patch '{"spec":{"approved":true}}'

Get state paused/not paused of machineconfigpool: 

$ oc get mcp worker -o jsonpath='{.spec.paused}'

Set master/worker to (un)paused: 

$ oc patch --type=merge --patch='{"spec":{"paused":false}}' machineconfigpool/{master,worker}

Liveness/Readiness Probes of all pods in certain timestamp: 

$ oc adm node-logs --role worker -u kubelet | egrep -E 'Liveness|Readiness' | grep "Aug 21 11:22"

Logging

Watch audit logs: 

$ oc adm node-logs --role=master --path=openshift-apiserver/

Watch audit.log from certain node: 

$ oc adm node-logs ocp-abcdf-master-0 --path=openshift-apiserver/audit-2023-09-26T14-11-04.448.log

Search string: 

$ oc adm node-logs ocp-abcdf-master-0 --path=openshift-apiserver/audit-2023-09-26T14-11-04.448.log | jq 'select(.verb == "delete")'

Source:
https://docs.openshift.com/container-platform/4.12/security/audit-log-view.html

Information gathering

https://access.redhat.com/documentation/en-us/openshift_container_platform/4.12/html/support/gathering-cluster-data#support_gathering_data_gathering-cluster-data

Must-gather

$ oc adm must-gather

-> create must-gather.local.XXXXXX

https://docs.openshift.com/container-platform/4.12/cli_reference/openshift_cli/administrator-cli-commands.html#oc-adm-inspect (evtl. delete secrets!)

Useful terms

IPI Installer-provisioned infrastructure cluster
Cluster installed by install command; user must only provide some information (which platform, cluster name, network, storage, ...)

UPI User provisioned infrastructure cluster

  • DNS and Loadbalancing must already be there
  • Installation manually, download ova file (in case of vSphere)
  • master created manually
  • workers recommended
  • *no* keepalived

Advantages:
IPI: installation more simple, using preconfigured features
UPI: more flexibility, no loadbalancer outage during update

Change from IPI -> UPI not possible

You can get more shortcuts by typing: 

$ oc api-resources
cm config map
csv cluster service version
dc deploymentconfig
ds deploymentsetting
ip installplan
mcp machineconfigpool
pv persistent volume
sa service account
scc security context constraints
svc service
Retrieved from "https://wiki.nomorebluescreen.de/index.php?title=OpenShift_Cheatsheet&oldid=452"