Murawski Blog
tools
Darius MurawskiDi 07 Februar 2023
OpenShift CheatSheet

OpenShift CheatSheet

Image source: Self made

TL;DR

OpenShift is a software product by RedHat. It adds some functionality to a kubernetes cluster. With this functions, its more easy to create builds, deployments and routing inside and outside of your cluster.

This is just a summary of commands that I extracted from my OpenShift Course. In case you want the full content, feel free to check it out: here

Access to OpenShift

oc login <cluster>
oc logout

Projects

Projects are the root for any interaction. Each Team can have his own project. When accessing the cluster, you first need to set the project that you are working on. Inside the scope of the project, all names are unique.

# create project
oc new-project <project>

# list projects
oc projects

# switch project
oc project <project>

Help

This section describes how to get hints or help provided by the current openshift installation. You can also use it when the version you are try to accomplete a task, differ from the version that you read the online documentation for.

Explain

For general help on the commands and the strcture, you can use the explain command.

# general structure
oc explain <type>

# explain pods
oc explain pod

# explain pod specification
oc explain pod.spec

# expain containers
oc explain pod.spec.containers

Get

With get get command, you can fetch the definition of a created instance of a given type.

# get definition
oc get <type>

# get yaml definition
oc get -o yaml <type>/<name>

# get yaml definition
oc get -o yaml <type>/<name>

# Check that the service and pod are connected properly
oc status

Pods

Pods a are a collection of related containers that should run together. A pod can hold containers. For debugging purpose, you can start a pod in debug mode. This allow you to inspect the content of the executed container without running the CMD or ENTRYPOINT commands of the Dockerfile.

use the port forwarding only for debugging, as their are other resource types that are responsible for handling traffic.

# create pod
oc create -f <pod.yml>

# debug pods
oc debug pod

# list pods
oc get pods

# Port fortwarding to pods
oc port-forward <pod> <localport>:<pod port>

Build Config (bc)

Responsible for builds on the cluster. The artifact of a build is a docker image.

# Follow build progress (Git only)
oc logs -f bc/<name>

Deployment Config (dc)

Responsible for deployments. You can run a previously created docker image via a deployment config.

# Deploy an existing image based on its tag or git
oc new-app <image tag / git url>

# Set the name for the DeploymentConfig
oc new-app <image tag> --name <desired name>

# Describe the DC to get its labels
oc describe dc/<name>

# Delete all application resources using labels (get them from oc describe)
oc delete all -l app=<name>

# Roll out the latest version of the application
oc rollout latest dc/<name>

# Roll back to the previous version of the application
oc rollback dc/<name>

# Scale a deployment config
oc scale dc/<name> --replicas=<int>

Service (svc)

A Service abstracts the ip of (grouped) pods. They can gave access to other pods or allow routing from outside (with a routerconfig).

# Create a service for a single pod
oc expose --port 8080 pod/<name>

# Create a service for a DeploymentConfig
oc expose --port 8080 dc/<name>

Routes

Router allow access to a service from outside the cluster. To make a webserver availabe, you need a route, than a service and finally the pod with the application.

# Create a Route based on a Service
oc expose svc/hello-world

ConfigMap (cm)

They store key value pairs that can be injected into an container as environment variables or mounted as volume. Note that they are limited to 1 MB by default.

# Create a ConfigMap using literal command line arguments
oc create configmap <configmap-name> --from-literal KEY="VALUE"

# Create from a file
oc create configmap <configmap-name> --from-file=MESSAGE.txt

# Create from a file with a key override
oc create configmap <configmap-name> --from-file=MESSAGE=MESSAGE.txt

# Same --from-file but with a directory
oc create configmap <configmap-name> --from-file pods

# Set environment variables (same for all types of ConfigMap)
oc set env dc/<name> --from cm/<configmap-name>

Secrets

They store key value pairs that can be injected into an container as environment variables. Compared to ConfigMaps, the values are stored in base64 Encoding and decoded inside the container. You can also take a look at them via the web interface when you have appropriate permissions on the open shift cluster.

# Create a simple generic (Opaque) Secret
oc create secret generic <secret-name> --from-literal KEY="VALUE"

# set the Secret as Environment Variables
oc set env dc/<dc-name> --from secret/<secret-name>

# Create a Docker registry secret
oc create secret docker-registry \
  <secret name> \
  --docker-server=$REGISTRY_HOST \
  --docker-username=$REGISTRY_USERNAME \
  --docker-password=$REGISTRY_PASSWORD \
  --docker-email=$REGISTRY_EMAIL

# This command links the secret to the service account named "default"
oc secrets link default <secret name> --for=pull

ImageStreams (is)

Register an Image to OpenShift.

oc import-image --confirm <image tag>

# Deploy an application based on your new ImageStream
oc new-app myproject/<name>

ImageStreamTag (istag)

Register a differnt tag of an remote image to OpenShift.

oc tag <original> <destination>

Service Accounts

Used for technical users.

# Check that the service account has the secret associated
oc describe serviceaccount/default

# Once authentication is set up, start the application
oc new-app quay.io/$REGISTRY_USERNAME/private-repo

Build

Defines an execution of a BuildConfig.

# Create a new BuildConfig from a Git repository URL (with a branch)
oc new-build <Git URL>
oc new-build <Git URL>#<branch>

# Use --context-dir to build from a subdirectory
oc new-build <Git URL> --context-dir hello-world


# Working with existing BuildConfigs

# Start a build from a build config
oc start-build bc/<name>

# Get logs for a single build
oc logs -f build/<name>

# Get logs for the latest build for a BuildConfig
# This is the best way (usually)
oc logs -f bc/<name>

# Start a build for an existing BuildConfig
oc start-build bc/hello-world

# Cancel a running build
oc cancel-build bc/hello-world

# Set a post-commit hook
oc set build-hook bc/<name> \
  --post-commit \
  --script="echo Hello from build hook"

# Remove the build hook
oc set build-hook bc/hello-world \
  --post-commit \
  --remove

# Get the secret token
oc get -o yaml buildconfig/<name>

# Export the secret as a variable
export GENERIC_SECRET=<generic token from previous command>

# Get the webhook URL
oc describe buildconfig/hello-world

# Copy the webhook URL and replace <secret> with $GENERIC_SECRET
curl -X POST -k <webhook URL with secret replaced with $GENERIC_SECRET>