Last active
January 29, 2025 21:26
-
-
Save sudhirpandey/d13baf9bdaeb5f50db73d123e1197eb7 to your computer and use it in GitHub Desktop.
openshift command line with Go templating and others
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #expose console from 443 | |
| oc create route reencrypt master --service kubernetes --port 443 -n default | |
| #nested loops , tags count in IS | |
| oc get is --template='{{range $i, $is:=.items}}{{ $total :=0 }}{{ range $index, $element :=$is.status.tags }}{{if eq $element.tag "latest"}}{{$is.metadata.name}}{{"\t"}}{{ $index }}{{end}}{{end}}{{"\n"}}{{end}}' | |
| get complex labels | |
| oc get nodes --template='{{ with $i := index .items 0 }}{{ index $i.metadata.labels "failure-domain.beta.kubernetes.io/region" }}{{ end }}' | |
| #patchin resource limits | |
| oc get limits/resource-limits -o jsonpath='{.spec.limits[0].max.memory}' | |
| oc patch limits/resource-limits --type=json --patch="[{'op':'replace','path':'/spec/limits/0/max/memory', 'value':'1Gi'}]" | |
| #onliner to rollout the deployments in case if resourc limit change | |
| oc get projects -o jsonpath="{range .items[*]} {.metadata.name}{'\n'}{end}" |xargs -i oc get dc -o jsonpath="{range .items[*]} {.metadata.name}+{.metadata.namespace}{'\n'}{end}" -n {}|xargs -i bash -c 'if [[ "${1#*+}" =~ '^sandbox.*' ]]; then oc scale dc "${1%+*}" --replicas=0 -n "${1#*+}" && sleep 10 && oc scale dc "${1%+*}" --replicas=1 -n "${1#*+}"; fi' - '{}' | |
| #get svc and types | |
| oc get service --all-namespaces -o=custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,TYPE:.spec.type | |
| #to get all the tags of is | |
| oc get is name -n namespace --template='{{ range $index, $element :=.status.tags }}{{ $element.tag }}{{"\n"}}{{end}}' | |
| #To get all the projects | |
| `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}` | |
| oc get projects -o jsonpath="{range .items[*]} {.metadata.name}{'\n'}{end}" | |
| oc get projects -o jsonpath="{.items[*].metadata.name}" | |
| #To get all the routes | |
| `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}'|xargs -i oc get routes --template '{{range .items}}{{ .spec.host}}{{"\n"}}{{end}}' -n {}` | |
| #Get firts message from the status | |
| oc get dc service-name --template='{{ range $index, $element :=.status.conditions }}{{ if eq $index 0 }}{{ $element.message }} {{end}}{{end}}' | |
| #Get the outputs from desired keys | |
| oc get svc svcname -o json |jq '.metadata.annotations."prometheus.io/probe"' | |
| oc get svc svcname --template='{{ index .metadata.annotations "prometheus.io/probe" }} | |
| #Patch all the services to have prometheus tags | |
| PATCH='{"metadata":{"labels":{"team":"xxxx"}}}' | |
| oc get svc | awk '{print $1}'| tail -n +2 |xargs -i oc patch svc {} -p "$PATCH" | |
| PATCH='{"metadata":{"annotations":{"prometheus.io/probe":"true"}}}' | |
| repeat | |
| #capablity check | |
| oc adm policy who-can create buildConfigs | |
| oc adm policy who-can create build | |
| oc adm policy who-can update build | |
| oc adm policy who-can update buildConfigs | |
| oc adm policy who-can create builds | |
| oc policy who-can get imagestreams/layers -n | |
| #Peak into elastic search openshift logging | |
| oc get secret logging-fluentd --template='{{.data.ca}}' | base64 -d > ca | |
| oc get secret logging-fluentd --template='{{.data.key}}' | base64 -d > key | |
| oc get secret logging-fluentd --template='{{.data.cert}}' | base64 -d > cert | |
| oc port-forward <es pod name> 9200:9200 | |
| curl -s --cacert ca --key key --cert cert https://localhost:9200/_cluster/health | python -mjson.tool | |
| #Test port is open in container without network tools | |
| cat < /dev/tcp/127.0.0.1/22 | |
| #haproxy debug the request errors | |
| echo "show errors"|socat unix-connect:/var/lib/haproxy/run/haproxy.sock stdio | |
| #see contianer interface with host | |
| cat /sys/class/net/eth0/iflink | |
| #temporarily allow traffic in cluster | |
| iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport <port> -j ACCEPT | |
| iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m tcp --dport <port> -j ACCEPT | |
| #Api usage with token | |
| curl -k -H "Authorization: Bearer <token>" https://cluster.xxx.xxx.xxx/api/v1/namespaces/monitoring/configmaps | |
| #hacking dc to do sed and launch entry point | |
| - args: | |
| - -c | |
| - /bin/sed -i '/^command=clair/ s/$/ -insecure-tls/' /supervisord.conf && | |
| /boot.sh | |
| command: | |
| - /bin/sh | |
| ## tcpdum in the pod without tcpmdump | |
| Provided that tcpdump is already installed on node on which the target container is running | |
| 1. Get the docker container ID (oc get pod foo -o yaml | grep containerID) | |
| 2. Get the PID of the running container on the node where it runs (docker inspect feedfacedeadbeef | grep Pid:) | |
| 3. Enter the desired namespaces of said process (nsenter --target 12345 --net /bin/bash) and run binaries (like tcpdump) that live on the host |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment