Openshift Cheatsheet for DevOps

In this article you will find a comprehensive Openshift Container Platform cheat sheet for System Administrators and Developers.

Login and Configuration

Firstly, let’s check the most common commands for Login and Configuration in OpenShift:

#login with a user
oc login https://192.168.99.100:8443 -u developer -p developer

#login as system admin
oc login -u system:admin

#User Information
oc whoami 

#View your configuration
oc config view

#Update the current context to have users login to the desired namespace:
oc config set-context `oc config current-context` --namespace=<project_name>

Basic Commands

Secondly, here is a list of the basic commands to manage Pods and create applications with Templates:

#Create a new app from a GutHub Repository
oc new-app https://github.com/sclorg/cakephp-ex

#New app from a different branch
oc new-app --name=html-dev nginx:1.10~https://github.com/joe-speedboat/openshift.html.devops.git#mybranch

#Create objects from a file:
oc create -f myobject.yaml -n myproject

#Delete objects contained in a file:
oc delete -f myobject.yaml -n myproject

#Create or merge objects from file
oc apply -f myobject.yaml -n myproject

#Update existing object
oc patch svc mysvc --type merge --patch '{"spec":{"ports":[{"port": 8080, "targetPort": 5000 }]}}'

#Monitor Pod status
watch oc get pods

#Get a Specific Item (podIP) using a Go template
oc get pod example-pod-2 --template='{{.status.podIP}}'

#Gather information on a project's pod deployment with node information
oc get pods -o wide

#Hide inactive Pods
oc get pods --show-all=false

#Display all resources
oc get all,secret,configmap

#Get the Openshift Console Address
oc get -n openshift-console route console

#Get the Pod name from the Selector and rsh in it
POD=$(oc get pods -l app=myapp -o name) oc rsh -n $POD

#Exec single command in pod
oc exec $POD $COMMAND

#Copy from local folder byteman-4.0.12 in Pod wildfly-basic-1-mrlt5 under the folder /opt/wildfly
oc cp ./byteman-4.0.12 wildfly-basic-1-mrlt5:/opt/wildfly

Image Streams

Here is how to list and import ImageStreams on OpenShift

#List available IS for openshift project
oc get is -n openshift

#Import an image from an external registry
oc import-image --from=registry.access.redhat.com/jboss-amq-6/amq62-openshift -n openshift jboss-amq-62:1.3 --confirm

#List available IS and templates
oc new-app --list

Templates Management

Next, here is how to process Templates:

# Deploy resources contained in a template
oc process -f template.yaml | oc create -f -

#List parameters available in a template
oc process --parameters -f .template.yaml

ConfigMap and Secrets

Create a ConfigMap/Secret from File

oc create configmap my-config --from-file=config.properties

oc create secret generic my-secret --from-file=secret.keyCreate a ConfigMap from literals

Create a ConfigMap/Secret from literals

oc create configmap my-config --from-literal=foo=bar --from-literal=baz=qux
oc create secret generic my-secret --from-literal=secret.key=value

Set a ConfigMap/Secret in a deployment

oc set env deployment/my-deployment --from configmap/my-config
oc set env deployment/my-deployment --from secret/my-secret

How to display a ConfigMap content

oc get cm/my-config -o yaml

Setting environment variables

Then, here is how to set environment variables on Deployment Configs/Build Configs and list them:

# Update deployment 'registry' with a new environment variable
oc set env dc/registry STORAGE_DIR=/local
  
# List the environment variables defined on a build config 'sample-build'
oc set env bc/sample-build --list
  
# List the environment variables defined on all pods
oc set env pods --all --list
      
# Import environment from a secret
oc set env --from=secret/mysecret dc/myapp

WildFly application example on OpeShift

Here is how to bootstrap a WildFly application on OpenShift using a legacy Image Stream:

# Create WildFli Image Stream
oc create -f https://raw.githubusercontent.com/wildfly/wildfly-s2i/wf-26.0/imagestreams/wildfly-centos7.json

# Create WildFly app from GitHub Repo
$ oc new-app wildfly:26.0~https://github.com/fmarchioni/ocpdemos --context-dir=wildfly-basic --name=wildfly-basic

#Expose Service with a Route
oc expose service wildfly-basic

Then, here is how to use Helm to bootstrap an application from an Helm Chart:

#Add WildFly Helm Chart to the Repository
helm repo add wildfly https://docs.wildfly.org/wildfly-charts/

# Image Streams and Configuration in the file sampleapp.yaml
helm install sample-app wildfly/wildfly -f sampleapp.yaml

Create app from a Project with Dockerfile

Next, here is how to create an app from a Dockerfile using a Binary Build:

oc new-build --binary --name=mywildfly -l app=mywildfly

oc patch bc/mywildfly -p '{"spec":{"strategy":{"dockerStrategy":{"dockerfilePath":"Dockerfile"}}}}'
	
oc start-build mywildfly --from-dir=. --follow

oc new-app --image-stream=mywildfly
	
oc expose svc/mywildfly

How to manage Nodes

#Get Nodes list
oc get nodes

#Check on which Node your Pods are running
oc get pods -o wide

#Schedule an application to run on another Node
oc patch dc  myapp -p '{"spec":{"template":{"spec":{"nodeSelector":{"kubernetes.io/hostname": "ip-10-0-0-74.acme.compute.internal"}}}}}'

#List all pods which are running on a Node
oc adm manage-node node1.local --list-pods

#Add a label to a Node
oc label node node1.local mylabel=myvalue

#Remove a label from a Node
oc label node node1.local mylabel-

How to manage storage

#create a PersistentVolumeClaim (+update the DeploymentConfig to include a PV + update the DeploymentConfig to attach a volumemount into the specified mount-path)
 
oc set volume dc/file-uploader --add --name=my-shared-storage \
-t pvc --claim-mode=ReadWriteMany --claim-size=1Gi \
--claim-name=my-shared-storage --claim-class=ocs-storagecluster-cephfs \
--mount-path=/opt/app-root/src/uploaded \
-n my-shared-storage

#List storage classes
oc -n openshift-storage get sc

Build Management

#Manual build from source  
oc start-build ruby-ex

#Manual build from source and follow logs 
oc start-build ruby-ex -F

#Stop a build that is in progress 
oc cancel-build <build_name> 

#Changing the log level of a build: 
oc set env bc/my-build-name BUILD_LOGLEVEL=[1-5]

How to manage Deployments

#Manual deployment 
$ oc rollout latest ruby-ex

#Pause automatic deployment rollout
oc rollout pause dc $DEPLOYMENT

# Resume automatic deployment rollout
oc rollout resume dc $DEPLOYMENT 

#Define resource requests and limits in DeploymentConfig
oc set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi

#Define livenessProve and readinessProve in DeploymentConfig
oc set probe dc/nginx --readiness --get-url=http://:8080/healthz --initial-delay-seconds=10
oc set probe dc/nginx --liveness --get-url=http://:8080/healthz --initial-delay-seconds=10

#Scale the number of Pods to 2
oc scale dc/nginx --replicas=2

#Define Horizontal Pod Autoscaler (hpa)
oc autoscale dc $DC_NAME --max=4 --cpu-percent=10

Managing Routes

#Create route
$ oc expose service ruby-ex

# Create Route and expose it through a custom Hostname
oc expose serviceruby-ex --hostname 

#Read the Route Host attribute
oc get route my-route -o jsonpath --template="{.spec.host}"

Managing Services

#Make a service idle. When the service is next accessed will automatically boot up the pods again: 
$ oc idle ruby-ex

#Read a Service IP
oc get services rook-ceph-mon-a --template='{{.spec.clusterIP}}'

Clean up resources

#Delete all resources
oc delete all --all

#Delete resources for one specific app
$ oc delete services -l app=ruby-ex
$ oc delete all -l app=ruby-ex

#CleanUp old docker images on nodes
#Keeping up to three tag revisions 1, and keeping resources (images, image streams and pods) younger than sixty minutes:
oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m

#Pruning every image that exceeds defined limits:
oc adm prune images --prune-over-size-limit

Openshift Container Platform Troubleshooting

#How to inspect all resources in a namespace (produces resources tree in YAML files)
oc adm inspect ns/mynamespace

#run cluster diagnostics
oc adm diagnostics

#Collect must-gather
oc adm must-gather

#Check status of current project 	
oc status

#Get events for a project
oc get events --sort-by='{.lastTimestamp}'

# get the logs of the myrunning-pod-2-fdthn pod 
oc logs myrunning-pod-2-fdthn<br />

# follow the logs of the myrunning-pod-2-fdthn pod 
oc logs -f myrunning-pod-2-fdthn<br />

# tail the logs of the myrunning-pod-2-fdthn pod 
oc logs myrunning-pod-2-fdthn --tail=50

#Check the integrated Docker registry logs:
oc logs docker-registry-n-{xxxxx} -n default | less


Security

#Create a secret from the CLI 
oc create secret generic oia-secret --from-literal=username=myuser
 --from-literal=password=mypassword

# Use secret in deployment env
oc set env deployment/ --from secret/oia-secret

# You can also mount the Secret on a Volume 
oc set volumes dc/myapp --add --name=secret-volume --mount-path=/opt/app-root/
 --secret-name=oia-secret

Managing user roles

oc adm policy add-role-to-user admin oia -n python
oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:monitoring:default
oc adm policy add-scc-to-user anyuid -z default

Misc commands

#Manage node state
oc adm manage node <node> --schedulable=false

#List installed operators
oc get csv

#Export in a template the IS, BC, DC and SVC
oc export is,bc,dc,svc --as-template=app.yaml

#Show user in prompt
function ps1(){
   export PS1='[\u@\h($(oc whoami -c 2>/dev/null|cut -d/ -f3,1)) \W]\$ '
}

#backup openshift objects

oc get all --all-namespaces --no-headers=true | awk '{print $1","$2}' | while read obj
do
  NS=$(echo $obj | cut -d, -f1)
  OBJ=$(echo $obj | cut -d, -f2)
  FILE=$(echo $obj | sed 's/\//-/g;s/,/-/g')
  echo $NS $OBJ $FILE; oc export -n $NS $OBJ -o yaml > $FILE.yml
done