Using CheatSheets To Apply Best Practices

OpenShift Cheatsheet

OpenShift Cheatsheet

1.1 OpenShift Glossary

Name Command
OKD The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift.
oc command line OpenShift command line: oc <action> <object_type> <object_name_or_id>
Project Namespace in Kubernetes. Resources are aggregated by projects. oc get project
Build Builds create a new image from source code, other images, Dockerfiles, etc. oc get build
Build Configuration How to build source code and a base image into a new image. oc get bc
Route Endpoint in Kubernetes. A route is an external DNS entry
Deployment Configuration oc get dc
ImageStream oc get is
ImageStreamTag oc get istag
ImageStreamImage oc get isimage
Template oc get template
Template Instance oc get templateinstance
Explain Online manual oc explain pod
Red Hat Registry By default, all images are pulled from registry.redhat.io.
OpenShift SaaS Version https://openshift.io/
OpenShift online https://cloud.openshift.com
Reference Minishift CheatSheet Link: Minishift
Reference OpenShift CheatSheet, Rancher CheatSheet, PKS CheatSheet

architecture_overview.png

1.2 OC – Highlights

Name Command
Get api requests verbose output with kubectl call oc --loglevel 999 get pod/dummy-deployment-6d6759c786-5kwth
Start a pod and get a shell for debug oc debug dc/jorge
Impersonate for oc command oc --as=jorge get pods, oc --as-group=developers get pods
Use oc to do admin operations oc adm <sub-command>
Try experimental commands of oc oc ex <sub-command>
Explain OpenShift/Kubernetes concepts to me oc explain pod, oc explain replicaset
Enable oc shell autocompletion echo "source <(oc completion zsh)" >>~/.zshrc, then reload terminal
Reference OpenShift CheatSheet, Kubectl CheatSheet

1.3 OC – Admin

Name Command
Login/logout oc login, oc logout, oc whoami
List route oc get route
List all object types oc types, oc api-resources
Start a local OpenShift all-in-one cluster oc cluster up

1.4 OC – Developer

Name Command
Create a project oc new-project <projectname> --description=<description> --display-name=<display_name>
Check status of current project oc status Link: OC CLI Operations
Show oc cli profile oc config view Link: Managing CLI Profiles
Get all resource oc get all
Switch project oc project <projectname>
Create an application oc new-app https://github.com/sclorg/cakephp-ex
Create a new build oc new-build https://github.com/sclorg/cakephp-ex
Manually start a build with given conf oc start-build <buildconfig_name>
Stop a build that is in progress oc cancel-build <build_name>
Import an external image oc import-image <image_stream>
Tag an image oc tag <current_image> <image_stream>

1.5 All openshift resources: oc api-resources

NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings     true Binding
componentstatuses cs   false ComponentStatus
configmaps cm   true ConfigMap
endpoints ep   true Endpoints
events ev   true Event
limitranges limits   true LimitRange
namespaces ns   false Namespace
nodes no   false Node
persistentvolumeclaims pvc   true PersistentVolumeClaim
persistentvolumes pv   false PersistentVolume
pods po   true Pod
podtemplates true   PodTemplate  
replicationcontrollers rc   true ReplicationController
resourcequotas quota   true ResourceQuota
secrets true   Secret  
serviceaccounts sa   true ServiceAccount
services svc   true Service
mutatingwebhookconfigurations   admissionregistration.k8s.io false MutatingWebhookConfiguration
validatingwebhookconfigurations   admissionregistration.k8s.io false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition
apiservices   apiregistration.k8s.io false APIService
controllerrevisions   apps true ControllerRevision
daemonsets ds apps true DaemonSet
deployments deploy apps true Deployment
replicasets rs apps true ReplicaSet
statefulsets sts apps true StatefulSet
deploymentconfigs dc apps.openshift.io true DeploymentConfig
tokenreviews   authentication.k8s.io false TokenReview
localsubjectaccessreviews   authorization.k8s.io true LocalSubjectAccessReview
selfsubjectaccessreviews   authorization.k8s.io false SelfSubjectAccessReview
selfsubjectrulesreviews   authorization.k8s.io false SelfSubjectRulesReview
subjectaccessreviews   authorization.k8s.io false SubjectAccessReview
clusterrolebindings   authorization.openshift.io false ClusterRoleBinding
clusterroles   authorization.openshift.io false ClusterRole
localresourceaccessreviews   authorization.openshift.io true LocalResourceAccessReview
localsubjectaccessreviews   authorization.openshift.io true LocalSubjectAccessReview
resourceaccessreviews   authorization.openshift.io false ResourceAccessReview
rolebindingrestrictions   authorization.openshift.io true RoleBindingRestriction
rolebindings   authorization.openshift.io true RoleBinding
roles   authorization.openshift.io true Role
selfsubjectrulesreviews   authorization.openshift.io true SelfSubjectRulesReview
subjectaccessreviews   authorization.openshift.io false SubjectAccessReview
subjectrulesreviews   authorization.openshift.io true SubjectRulesReview
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler
cronjobs cj batch true CronJob
jobs batch true Job  
buildconfigs bc build.openshift.io true BuildConfig
builds   build.openshift.io true Build
certificatesigningrequests csr certificates.k8s.io false CertificateSigningRequest
events ev events.k8s.io true Event
daemonsets ds extensions true DaemonSet
deployments deploy extensions true Deployment
ingresses ing extensions true Ingress
networkpolicies netpol extensions true NetworkPolicy
podsecuritypolicies psp extensions false PodSecurityPolicy
replicasets rs extensions true ReplicaSet
images   image.openshift.io false Image
imagesignatures   image.openshift.io false ImageSignature
imagestreamimages isimage image.openshift.io true ImageStreamImage
imagestreamimports   image.openshift.io true ImageStreamImport
imagestreammappings   image.openshift.io true ImageStreamMapping
imagestreams is image.openshift.io true ImageStream
imagestreamtags istag image.openshift.io true ImageStreamTag
clusternetworks   network.openshift.io false ClusterNetwork
egressnetworkpolicies   network.openshift.io true EgressNetworkPolicy
hostsubnets   network.openshift.io false HostSubnet
netnamespaces   network.openshift.io false NetNamespace
networkpolicies netpol networking.k8s.io true NetworkPolicy
oauthaccesstokens   oauth.openshift.io false OAuthAccessToken
oauthauthorizetokens   oauth.openshift.io false OAuthAuthorizeToken
oauthclientauthorizations   oauth.openshift.io false OAuthClientAuthorization
oauthclients   oauth.openshift.io false OAuthClient
poddisruptionbudgets pdb policy true PodDisruptionBudget
podsecuritypolicies psp policy false PodSecurityPolicy
projectrequests   project.openshift.io false ProjectRequest
projects   project.openshift.io false Project
appliedclusterresourcequotas   quota.openshift.io true AppliedClusterResourceQuota
clusterresourcequotas clusterquota quota.openshift.io false ClusterResourceQuota
clusterrolebindings   rbac.authorization.k8s.io false ClusterRoleBinding
clusterroles   rbac.authorization.k8s.io false ClusterRole
rolebindings   rbac.authorization.k8s.io true RoleBinding
roles   rbac.authorization.k8s.io true Role
routes   route.openshift.io true Route
podsecuritypolicyreviews   security.openshift.io true PodSecurityPolicyReview
podsecuritypolicyselfsubjectreviews   security.openshift.io true PodSecurityPolicySelfSubjectReview
podsecuritypolicysubjectreviews   security.openshift.io true PodSecurityPolicySubjectReview
rangeallocations   security.openshift.io false RangeAllocation
securitycontextconstraints scc security.openshift.io false SecurityContextConstraints
storageclasses sc storage.k8s.io false StorageClass
volumeattachments   storage.k8s.io false VolumeAttachment
brokertemplateinstances   template.openshift.io false BrokerTemplateInstance
processedtemplates   template.openshift.io true Template
templateinstances   template.openshift.io true TemplateInstance
templates   template.openshift.io true Template
groups   user.openshift.io false Group
identities   user.openshift.io false Identity
useridentitymappings   user.openshift.io false UserIdentityMapping
users   user.openshift.io false User
openshiftwebconsoleconfigs   webconsole.operator.openshift.io false OpenShiftWebConsoleConfig

1.6 OpenShift Source Code

Name Command
Openshift Ansible Deployment GitHub: openshift-ansible/playbooks

1.7 OpenShift Opportunty

Name Command
Doesn’t support multiple clusters  
OC command line could be a strengh or a weakness  
Lack of SDN solution  
Time-consuming for administrators’ operations  

1.8 OpenShift CLI Help All

/User/zdenny > oc --help
OpenShift Client

This client helps you develop, build, deploy, and run your applications on any OpenShift or Kubernetes compatible
platform. It also includes the administrative commands for managing a cluster under the 'adm' subcommand.

Usage:
  oc [flags]

Basic Commands:
  types           An introduction to concepts and types
  login           Log in to a server
  new-project     Request a new project
  new-app         Create a new application
  status          Show an overview of the current project
  project         Switch to another project
  projects        Display existing projects
  explain         Documentation of resources
  cluster         Start and stop OpenShift cluster

Build and Deploy Commands:
  rollout         Manage a Kubernetes deployment or OpenShift deployment config
  rollback        Revert part of an application back to a previous deployment
  new-build       Create a new build configuration
  start-build     Start a new build
  cancel-build    Cancel running, pending, or new builds
  import-image    Imports images from a Docker registry
  tag             Tag existing images into image streams

Application Management Commands:
  get             Display one or many resources
  describe        Show details of a specific resource or group of resources
  edit            Edit a resource on the server
  set             Commands that help set specific features on objects
  label           Update the labels on a resource
  annotate        Update the annotations on a resource
  expose          Expose a replicated application as a service or route
  delete          Delete one or more resources
  scale           Change the number of pods in a deployment
  autoscale       Autoscale a deployment config, deployment, replication controller, or replica set
  secrets         Manage secrets
  serviceaccounts Manage service accounts in your project

Troubleshooting and Debugging Commands:
  logs            Print the logs for a resource
  rsh             Start a shell session in a pod
  rsync           Copy files between local filesystem and a pod
  port-forward    Forward one or more local ports to a pod
  debug           Launch a new instance of a pod for debugging
  exec            Execute a command in a container
  proxy           Run a proxy to the Kubernetes API server
  attach          Attach to a running container
  run             Run a particular image on the cluster
  cp              Copy files and directories to and from containers.
  wait            Experimental: Wait for one condition on one or many resources

Advanced Commands:
  adm             Tools for managing a cluster
  create          Create a resource from a file or from stdin.
  replace         Replace a resource by filename or stdin
  apply           Apply a configuration to a resource by filename or stdin
  patch           Update field(s) of a resource using strategic merge patch
  process         Process a template into list of resources
  export          Export resources so they can be used elsewhere
  extract         Extract secrets or config maps to disk
  idle            Idle scalable resources
  observe         Observe changes to resources and react to them (experimental)
  policy          Manage authorization policy
  auth            Inspect authorization
  convert         Convert config files between different API versions
  import          Commands that import applications
  image           Useful commands for managing images
  registry        Commands for working with the registry
  api-versions    Print the supported API versions on the server, in the form of "group/version"
  api-resources   Print the supported API resources on the server

Settings Commands:
  logout          End the current server session
  config          Change configuration files for the client
  whoami          Return information about the current session
  completion      Output shell completion code for the specified shell (bash or zsh)

Other Commands:
  ex              Experimental commands under active development
  help            Help about any command
  plugin          Runs a command-line plugin
  version         Display client and server versions

Use "oc <command> --help" for more information about a given command.
Use "oc options" for a list of global command-line options (applies to all commands).

1.9 OpenShift CLI Help Admin

/User/zdenny > oc adm
Administrative Commands

Commands for managing a cluster are exposed here. Many administrative actions involve interaction with the command-line
client as well.

Usage:
  oc adm [flags]

Component Installation:
  router                             Install a router
  ipfailover                         Install an IP failover group to a set of nodes
  registry                           Install the integrated Docker registry

Security and Policy:
  new-project                        Create a new project
  policy                             Manage policy
  groups                             Manage groups
  ca                                 Manage certificates and keys
  certificate                        Modify certificate resources.

Node Management:
  create-node-config                 Create a configuration bundle for a node
  manage-node                        Manage nodes - list pods, evacuate, or mark ready
  cordon                             Mark node as unschedulable
  uncordon                           Mark node as schedulable
  drain                              Drain node in preparation for maintenance
  taint                              Update the taints on one or more nodes
  pod-network                        Manage pod network

Maintenance:
  diagnostics                        Diagnose common cluster problems
  prune                              Remove older versions of resources from the server
  build-chain                        Output the inputs and dependencies of your builds
  migrate                            Migrate data in the cluster
  top                                Show usage statistics of resources on the server
  verify-image-signature             Verify the image identity contained in the image signature

Configuration:
  create-kubeconfig                  Create a basic .kubeconfig file from client certs
  create-api-client-config           Create a config file for connecting to the server as a user
  create-bootstrap-project-template  Create a bootstrap project template
  create-bootstrap-policy-file       Create the default bootstrap policy
  create-login-template              Create a login template
  create-provider-selection-template Create a provider selection template
  create-error-template              Create an error page template

Other Commands:
  completion                         Output shell completion code for the specified shell (bash or zsh)
  config                             Change configuration files for the client

Use "oc adm <command> --help" for more information about a given command.
Use "oc adm options" for a list of global command-line options (applies to all commands).


Leave a Reply

Your email address will not be published. Required fields are marked *