Using CheatSheets To Apply Best Practices

OpenShift Cheatsheet

OpenShift Cheatsheet

1.1 OpenShift Glossary

Name Command
OKD The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift.
oc command line OpenShift command line: oc <action> <object_type> <object_name_or_id>
Project Namespace in Kubernetes. Resources are aggregated by projects. oc get project
Build Builds create a new image from source code, other images, Dockerfiles, etc. oc get build
Build Configuration How to build source code and a base image into a new image. oc get bc
Route Endpoint in Kubernetes. A route is an external DNS entry
Deployment Configuration oc get dc
ImageStream oc get is
ImageStreamTag oc get istag
ImageStreamImage oc get isimage
Template oc get template
Template Instance oc get templateinstance
Explain Online manual oc explain pod
Red Hat Registry By default, all images are pulled from
OpenShift SaaS Version
OpenShift online
Reference Minishift CheatSheet Link: Minishift
Reference OpenShift CheatSheet, Rancher CheatSheet, PKS CheatSheet


1.2 OC – Highlights

Name Command
Get api requests verbose output with kubectl call oc --loglevel 999 get pod/dummy-deployment-6d6759c786-5kwth
Start a pod and get a shell for debug oc debug dc/jorge
Impersonate for oc command oc --as=jorge get pods, oc --as-group=developers get pods
Use oc to do admin operations oc adm <sub-command>
Try experimental commands of oc oc ex <sub-command>
Explain OpenShift/Kubernetes concepts to me oc explain pod, oc explain replicaset
Enable oc shell autocompletion echo "source <(oc completion zsh)" >>~/.zshrc, then reload terminal
Reference OpenShift CheatSheet, Kubectl CheatSheet

1.3 OC – Admin

Name Command
Login/logout oc login, oc logout, oc whoami
List route oc get route
List all object types oc types, oc api-resources
Start a local OpenShift all-in-one cluster oc cluster up

1.4 OC – Developer

Name Command
Create a project oc new-project <projectname> --description=<description> --display-name=<display_name>
Check status of current project oc status Link: OC CLI Operations
Show oc cli profile oc config view Link: Managing CLI Profiles
Get all resource oc get all
Switch project oc project <projectname>
Create an application oc new-app
Create a new build oc new-build
Manually start a build with given conf oc start-build <buildconfig_name>
Stop a build that is in progress oc cancel-build <build_name>
Import an external image oc import-image <image_stream>
Tag an image oc tag <current_image> <image_stream>

1.5 All openshift resources: oc api-resources

bindings     true Binding
componentstatuses cs   false ComponentStatus
configmaps cm   true ConfigMap
endpoints ep   true Endpoints
events ev   true Event
limitranges limits   true LimitRange
namespaces ns   false Namespace
nodes no   false Node
persistentvolumeclaims pvc   true PersistentVolumeClaim
persistentvolumes pv   false PersistentVolume
pods po   true Pod
podtemplates true   PodTemplate  
replicationcontrollers rc   true ReplicationController
resourcequotas quota   true ResourceQuota
secrets true   Secret  
serviceaccounts sa   true ServiceAccount
services svc   true Service
mutatingwebhookconfigurations false MutatingWebhookConfiguration
validatingwebhookconfigurations false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds false CustomResourceDefinition
apiservices false APIService
controllerrevisions   apps true ControllerRevision
daemonsets ds apps true DaemonSet
deployments deploy apps true Deployment
replicasets rs apps true ReplicaSet
statefulsets sts apps true StatefulSet
deploymentconfigs dc true DeploymentConfig
tokenreviews false TokenReview
localsubjectaccessreviews true LocalSubjectAccessReview
selfsubjectaccessreviews false SelfSubjectAccessReview
selfsubjectrulesreviews false SelfSubjectRulesReview
subjectaccessreviews false SubjectAccessReview
clusterrolebindings false ClusterRoleBinding
clusterroles false ClusterRole
localresourceaccessreviews true LocalResourceAccessReview
localsubjectaccessreviews true LocalSubjectAccessReview
resourceaccessreviews false ResourceAccessReview
rolebindingrestrictions true RoleBindingRestriction
rolebindings true RoleBinding
roles true Role
selfsubjectrulesreviews true SelfSubjectRulesReview
subjectaccessreviews false SubjectAccessReview
subjectrulesreviews true SubjectRulesReview
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler
cronjobs cj batch true CronJob
jobs batch true Job  
buildconfigs bc true BuildConfig
builds true Build
certificatesigningrequests csr false CertificateSigningRequest
events ev true Event
daemonsets ds extensions true DaemonSet
deployments deploy extensions true Deployment
ingresses ing extensions true Ingress
networkpolicies netpol extensions true NetworkPolicy
podsecuritypolicies psp extensions false PodSecurityPolicy
replicasets rs extensions true ReplicaSet
images false Image
imagesignatures false ImageSignature
imagestreamimages isimage true ImageStreamImage
imagestreamimports true ImageStreamImport
imagestreammappings true ImageStreamMapping
imagestreams is true ImageStream
imagestreamtags istag true ImageStreamTag
clusternetworks false ClusterNetwork
egressnetworkpolicies true EgressNetworkPolicy
hostsubnets false HostSubnet
netnamespaces false NetNamespace
networkpolicies netpol true NetworkPolicy
oauthaccesstokens false OAuthAccessToken
oauthauthorizetokens false OAuthAuthorizeToken
oauthclientauthorizations false OAuthClientAuthorization
oauthclients false OAuthClient
poddisruptionbudgets pdb policy true PodDisruptionBudget
podsecuritypolicies psp policy false PodSecurityPolicy
projectrequests false ProjectRequest
projects false Project
appliedclusterresourcequotas true AppliedClusterResourceQuota
clusterresourcequotas clusterquota false ClusterResourceQuota
clusterrolebindings false ClusterRoleBinding
clusterroles false ClusterRole
rolebindings true RoleBinding
roles true Role
routes true Route
podsecuritypolicyreviews true PodSecurityPolicyReview
podsecuritypolicyselfsubjectreviews true PodSecurityPolicySelfSubjectReview
podsecuritypolicysubjectreviews true PodSecurityPolicySubjectReview
rangeallocations false RangeAllocation
securitycontextconstraints scc false SecurityContextConstraints
storageclasses sc false StorageClass
volumeattachments false VolumeAttachment
brokertemplateinstances false BrokerTemplateInstance
processedtemplates true Template
templateinstances true TemplateInstance
templates true Template
groups false Group
identities false Identity
useridentitymappings false UserIdentityMapping
users false User
openshiftwebconsoleconfigs false OpenShiftWebConsoleConfig

1.6 OpenShift Source Code

Name Command
Openshift Ansible Deployment GitHub: openshift-ansible/playbooks

1.7 OpenShift Opportunty

Name Command
Doesn’t support multiple clusters  
OC command line could be a strengh or a weakness  
Lack of SDN solution  
Time-consuming for administrators’ operations  

1.8 OpenShift CLI Help All

/User/zdenny > oc --help
OpenShift Client

This client helps you develop, build, deploy, and run your applications on any OpenShift or Kubernetes compatible
platform. It also includes the administrative commands for managing a cluster under the 'adm' subcommand.

  oc [flags]

Basic Commands:
  types           An introduction to concepts and types
  login           Log in to a server
  new-project     Request a new project
  new-app         Create a new application
  status          Show an overview of the current project
  project         Switch to another project
  projects        Display existing projects
  explain         Documentation of resources
  cluster         Start and stop OpenShift cluster

Build and Deploy Commands:
  rollout         Manage a Kubernetes deployment or OpenShift deployment config
  rollback        Revert part of an application back to a previous deployment
  new-build       Create a new build configuration
  start-build     Start a new build
  cancel-build    Cancel running, pending, or new builds
  import-image    Imports images from a Docker registry
  tag             Tag existing images into image streams

Application Management Commands:
  get             Display one or many resources
  describe        Show details of a specific resource or group of resources
  edit            Edit a resource on the server
  set             Commands that help set specific features on objects
  label           Update the labels on a resource
  annotate        Update the annotations on a resource
  expose          Expose a replicated application as a service or route
  delete          Delete one or more resources
  scale           Change the number of pods in a deployment
  autoscale       Autoscale a deployment config, deployment, replication controller, or replica set
  secrets         Manage secrets
  serviceaccounts Manage service accounts in your project

Troubleshooting and Debugging Commands:
  logs            Print the logs for a resource
  rsh             Start a shell session in a pod
  rsync           Copy files between local filesystem and a pod
  port-forward    Forward one or more local ports to a pod
  debug           Launch a new instance of a pod for debugging
  exec            Execute a command in a container
  proxy           Run a proxy to the Kubernetes API server
  attach          Attach to a running container
  run             Run a particular image on the cluster
  cp              Copy files and directories to and from containers.
  wait            Experimental: Wait for one condition on one or many resources

Advanced Commands:
  adm             Tools for managing a cluster
  create          Create a resource from a file or from stdin.
  replace         Replace a resource by filename or stdin
  apply           Apply a configuration to a resource by filename or stdin
  patch           Update field(s) of a resource using strategic merge patch
  process         Process a template into list of resources
  export          Export resources so they can be used elsewhere
  extract         Extract secrets or config maps to disk
  idle            Idle scalable resources
  observe         Observe changes to resources and react to them (experimental)
  policy          Manage authorization policy
  auth            Inspect authorization
  convert         Convert config files between different API versions
  import          Commands that import applications
  image           Useful commands for managing images
  registry        Commands for working with the registry
  api-versions    Print the supported API versions on the server, in the form of "group/version"
  api-resources   Print the supported API resources on the server

Settings Commands:
  logout          End the current server session
  config          Change configuration files for the client
  whoami          Return information about the current session
  completion      Output shell completion code for the specified shell (bash or zsh)

Other Commands:
  ex              Experimental commands under active development
  help            Help about any command
  plugin          Runs a command-line plugin
  version         Display client and server versions

Use "oc <command> --help" for more information about a given command.
Use "oc options" for a list of global command-line options (applies to all commands).

1.9 OpenShift CLI Help Admin

/User/zdenny > oc adm
Administrative Commands

Commands for managing a cluster are exposed here. Many administrative actions involve interaction with the command-line
client as well.

  oc adm [flags]

Component Installation:
  router                             Install a router
  ipfailover                         Install an IP failover group to a set of nodes
  registry                           Install the integrated Docker registry

Security and Policy:
  new-project                        Create a new project
  policy                             Manage policy
  groups                             Manage groups
  ca                                 Manage certificates and keys
  certificate                        Modify certificate resources.

Node Management:
  create-node-config                 Create a configuration bundle for a node
  manage-node                        Manage nodes - list pods, evacuate, or mark ready
  cordon                             Mark node as unschedulable
  uncordon                           Mark node as schedulable
  drain                              Drain node in preparation for maintenance
  taint                              Update the taints on one or more nodes
  pod-network                        Manage pod network

  diagnostics                        Diagnose common cluster problems
  prune                              Remove older versions of resources from the server
  build-chain                        Output the inputs and dependencies of your builds
  migrate                            Migrate data in the cluster
  top                                Show usage statistics of resources on the server
  verify-image-signature             Verify the image identity contained in the image signature

  create-kubeconfig                  Create a basic .kubeconfig file from client certs
  create-api-client-config           Create a config file for connecting to the server as a user
  create-bootstrap-project-template  Create a bootstrap project template
  create-bootstrap-policy-file       Create the default bootstrap policy
  create-login-template              Create a login template
  create-provider-selection-template Create a provider selection template
  create-error-template              Create an error page template

Other Commands:
  completion                         Output shell completion code for the specified shell (bash or zsh)
  config                             Change configuration files for the client

Use "oc adm <command> --help" for more information about a given command.
Use "oc adm options" for a list of global command-line options (applies to all commands).

Leave a Reply

Your email address will not be published. Required fields are marked *