370854b3487fba6634878a692fa666324e3bbf9e
technology/cloud/openshift.md
... | ... | @@ -1,3 +1,2 @@ |
1 | 1 | # openshift |
2 | 2 | |
3 | -- 20180913: [red_hat_container_event](red_hat_container_event) |
technology/cloud/red_hat_container_event.md
... | ... | @@ -1,619 +0,0 @@ |
1 | -# rh container event (cloud-native roadshow) |
|
2 | - |
|
3 | -## ops |
|
4 | - |
|
5 | -- wifi: |
|
6 | - - Ballsridge Hotel |
|
7 | - - beourguest2018 |
|
8 | -- https://redhat.qwiklab.com/focuses/191 |
|
9 | -- lab details |
|
10 | - - host master.674462327352.aws.testdrive.openshift.com |
|
11 | - - user cloud-user |
|
12 | - - pass qwikLABS-L64-23179 |
|
13 | - - docs http://support.674462327352.aws.testdrive.openshift.com/ |
|
14 | -- [feedback](http://bit.ly/CNRSFeedback) |
|
15 | -- additional credits: testdrivetokens <at> redhat <dot> com |
|
16 | - |
|
17 | -- run cloudforms/oshift web console on oshift (app nodes) - reverse proxy for bastion |
|
18 | - |
|
19 | -## lab |
|
20 | -- navigate to `https://redhat.qwiklab.com/focuses/191` and login |
|
21 | - - user: dudley.burrows@ward.ie |
|
22 | - - pass: reachfortheclouds |
|
23 | -- select 'My Learning' then 'OpenShift for Ops Test Drive' |
|
24 | -- Click 'Start Lab' in the top right. Once the lab has been spun up the connection details will appear in the left pane. |
|
25 | -- The lab guide URL will also be shown. |
|
26 | - |
|
27 | - |
|
28 | -## presentation |
|
29 | - |
|
30 | -### oshift overview |
|
31 | -- hybrid scaling |
|
32 | - - from on-prem to cloud in mins |
|
33 | -- jenkins pipeline |
|
34 | - - servicenow rest api to 'tick box' before continuing |
|
35 | -- kubernetes |
|
36 | -- oci compatible container runtime (docker) |
|
37 | -- internal container repo in oshift (certified by rh) |
|
38 | -- 10x workload density than vms --?? |
|
39 | -- ownership boundaries |
|
40 | - - dev |
|
41 | - - container |
|
42 | - - app |
|
43 | - - os dependencies |
|
44 | - - ops |
|
45 | - - container host |
|
46 | - - infra |
|
47 | -- container image layers |
|
48 | - - immutable images (kill and redeploy) |
|
49 | -- base image patching |
|
50 | - - oshift rebuilds all containers using image stream |
|
51 | - - source to image build |
|
52 | -- lightweight, oci-compliant container runtime (cri-o --??) |
|
53 | - - rhel on node (host) and container |
|
54 | - - pod = collection of containers |
|
55 | - - smallest unit of management in oshift |
|
56 | - - only oci-compliant are supported |
|
57 | -- masters (3x) |
|
58 | - - can lose all w/out effecting live traffic |
|
59 | - - rest api (servicenow to do oshift activites) |
|
60 | - - datastore |
|
61 | - - desired / current state |
|
62 | - - etcd db |
|
63 | - - one per master |
|
64 | - - sync'd across masters |
|
65 | - - ansible playbook bundles instead of bakup (infra as code) |
|
66 | - - orchestration and scheduling |
|
67 | - - placement by policy |
|
68 | - - health/scaling - autoscaling pods |
|
69 | - - endpoints put in by devs |
|
70 | - - readiness probe |
|
71 | - - liveness probe |
|
72 | -- infra nodes |
|
73 | - - integrated container registry |
|
74 | -- persistent storage |
|
75 | - - glusterfs |
|
76 | -- service layer |
|
77 | -- routing layer |
|
78 | - - expose services externally |
|
79 | - |
|
80 | -### container storage |
|
81 | -- oshift persistent storage framework |
|
82 | - - PersistentVolumeClaim |
|
83 | - - submitted by dev |
|
84 | - - StorageClass |
|
85 | - - set up by ops |
|
86 | - - Storage Backend |
|
87 | - - PersistentVolmue |
|
88 | - - mounted by pod |
|
89 | - - bound to PersistentVolumeClaim |
|
90 | -- glusterfs |
|
91 | - - (app) node labelled as container native storage |
|
92 | - - underlying storage: das, jbod |
|
93 | - - scale-out linearly |
|
94 | - - replicate sync and async |
|
95 | - - [heketi](#ref#1) - restful glusterfs management |
|
96 | - |
|
97 | -- subscription licensing |
|
98 | - - not required for master/infra |
|
99 | - - only for 'worker' nodes (app nodes) |
|
100 | - - based on number of vms or socket pairs |
|
101 | - - spotfleets?? |
|
102 | - - cloudforms to manage subscriptions? |
|
103 | - |
|
104 | -### lab |
|
105 | -- environment |
|
106 | - - master x1 |
|
107 | - - infra x1 |
|
108 | - - app x6 |
|
109 | - - idm x1 (ldap auth) |
|
110 | -- ssh into master node |
|
111 | -- using ansible playbooks for installing oshift |
|
112 | - - part of the `openshift-ansible` pkg |
|
113 | -- installers config `/etc/ansible/hosts` [docs](#ref#2) |
|
114 | - - general settings under `[OSEv3:vars]` |
|
115 | -- top level runbook triggers install of cluster |
|
116 | - - `/usr/share/ansible/openshift-ansible/playbooks/deploy_cluster.yml` |
|
117 | -- requires 'super admin' account |
|
118 | -- [cmds](#oc commands) |
|
119 | -- [web_console](https://openshift.674462327352.aws.testdrive.openshift.com/console) |
|
120 | -- [prometheus](#ref#3) |
|
121 | - - cluster infra monitoring and alerting |
|
122 | -- verify storage cluster |
|
123 | - ``` |
|
124 | - export HEKETI_CLI_SERVER=http://heketi-storage-storage.apps.674462327352.aws.testdrive.openshift.com |
|
125 | - export HEKETI_CLI_USER=admin |
|
126 | - export HEKETI_CLI_KEY=myS3cr3tpassw0rd |
|
127 | - heketi-cli cluster list #shows internal uuid of cns cluster |
|
128 | - heketi-cli topology info |
|
129 | - ``` |
|
130 | -- application management |
|
131 | - - create new project (bucket) |
|
132 | - - deploy new app (automatically created [service](#ref#6)) |
|
133 | - - view service yaml |
|
134 | - - scale app |
|
135 | - - delete pod |
|
136 | - - oshift redeploys in less than 10secs! |
|
137 | - - create route (expose service) |
|
138 | -- [application probes](#ref#7) |
|
139 | - - liveness probe |
|
140 | - - readiness probe |
|
141 | - - check endpoint health |
|
142 | - ``` |
|
143 | - curl mapit-app-management.apps.674462327352.aws.testdrive.openshift.com/health |
|
144 | - ``` |
|
145 | - - probe endpoint for liveness (set probe) |
|
146 | - ``` |
|
147 | - oc set probe dc/mapit --liveness --get-url=http://:8080/health --initial-delay-seconds=30 |
|
148 | - ``` |
|
149 | - - probe endpoint for readiness (set probe) |
|
150 | - ``` |
|
151 | - oc set probe dc/mapit --readiness --get-url=http://:8080/health --initial-delay-seconds=30 |
|
152 | - ``` |
|
153 | - - confirm |
|
154 | - ``` |
|
155 | - oc describe dc mapit |
|
156 | - ``` |
|
157 | - - 'Containers' section |
|
158 | -- add storage to app |
|
159 | - ``` |
|
160 | - oc volume dc/mapit --add --name=mapit-storage -t pvc --claim-mode=ReadWriteMany --claim-size=1Gi --claim-name=mapit-storage --mount-path=/app-storage |
|
161 | - ``` |
|
162 | - - storage now available at `/app-storage` inside node (rsh log on) |
|
163 | -- project request template, quota, limits |
|
164 | - - view default template |
|
165 | - - modify template |
|
166 | - ``` |
|
167 | - cat /opt/lab/support/project_request_template.yaml |
|
168 | - ``` |
|
169 | - - new sections: |
|
170 | - - [ResourceQuota](#ref#8) |
|
171 | - - [LimitRange](#ref#9) |
|
172 | - - install new template |
|
173 | - - modify 'master-config.yaml' section 'projectRequestTemplate' |
|
174 | - ``` |
|
175 | - sudo vim /etc/origin/master/master-config.yaml |
|
176 | - ``` |
|
177 | - - restart master |
|
178 | - ``` |
|
179 | - sudo systemctl restart atomic-openshift-master-api atomic-openshift-master-controllers |
|
180 | - ``` |
|
181 | -- groups |
|
182 | - - [external auth providers](#ref#10) |
|
183 | - - [role based access control](#ref#11) |
|
184 | - - login as normal user |
|
185 | - - no projects |
|
186 | - - login as 'fancyuser' |
|
187 | - - projects are shown |
|
188 | - - create 3x new projects (lifecycle) |
|
189 | - - ose-teamed-app edit dev and test, view prod |
|
190 | - - ose-fancy-dev edit prod |
|
191 | - - login is as teamed user to see 3x projects |
|
192 | - - create app in prod - fails! |
|
193 | - - prometheus |
|
194 | - - login as fancyuser1 |
|
195 | -- infrastructure management, metrics and logging |
|
196 | - - extending cluster |
|
197 | - - view app nodes |
|
198 | - - uncomment '#scaleup_' in '/etc/ansible/hosts' |
|
199 | - - use ansible to verify nodes are online |
|
200 | - ``` |
|
201 | - ansible new_nodes -m ping |
|
202 | - ``` |
|
203 | - - run playbook to extend cluster |
|
204 | - ``` |
|
205 | - ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/openshift-node/scaleup.yml |
|
206 | - ``` |
|
207 | - - multi master ha setup [docs](#ref#12) |
|
208 | - - container-native storage for infra |
|
209 | - - required by registry, logging, metrics |
|
210 | - - configure installer |
|
211 | - ``` |
|
212 | - sudo sed -i 's/#cnsinfra_//g' /etc/ansible/hosts |
|
213 | - ``` |
|
214 | - - install cns cluster for infra |
|
215 | - ``` |
|
216 | - ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/openshift-glusterfs/config.yml |
|
217 | - ``` |
|
218 | - - regular file storage service (glusterfs) not supported for logging/metrics |
|
219 | - - must use block storage (glusterblock) |
|
220 | - - metrics |
|
221 | - - based on [hawkular](#ref#13) in a cassandra db |
|
222 | - - configure installer |
|
223 | - ``` |
|
224 | - sudo sed -i 's/#metrics_//g' /etc/ansible/hosts |
|
225 | - sudo sed -i '/openshift_metrics_install_metrics=false/d' /etc/ansible/hosts |
|
226 | - ``` |
|
227 | - - run playbook to install metrics |
|
228 | - ``` |
|
229 | - ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/openshift-metrics/config.yml |
|
230 | - ``` |
|
231 | - - logging |
|
232 | - - using efk |
|
233 | - - elasticsearch (centralplace) |
|
234 | - - fluentd (consolidated) |
|
235 | - - kibana (ui) |
|
236 | - - configure installer |
|
237 | - ``` |
|
238 | - sudo sed -i 's/#logging_//g' /etc/ansible/hosts |
|
239 | - sudo sed -i '/openshift_logging_install_logging=false/d' /etc/ansible/hosts |
|
240 | - ``` |
|
241 | - - run playbook to install logging |
|
242 | - ``` |
|
243 | - ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/openshift-logging/config.yml |
|
244 | - ``` |
|
245 | - - multitenant networking |
|
246 | - - [sdn](#ref#14) based on open vswitch |
|
247 | - - execute creation script |
|
248 | - ``` |
|
249 | - bash /opt/lab/support/net-proj.sh |
|
250 | - ``` |
|
251 | - - get ip of pod b |
|
252 | - ``` |
|
253 | - bash /opt/lab/support/podbip.sh |
|
254 | - ``` |
|
255 | - - export pod b ip |
|
256 | - ``` |
|
257 | - export POD_B_IP=$(bash /opt/lab/support/podbip.sh) |
|
258 | - ``` |
|
259 | - - get name of pod in netproj-a project and export as var |
|
260 | - ``` |
|
261 | - oc get pods -n netproj-a |
|
262 | - export POD_A_NAME=ose-1-zccsx |
|
263 | - ``` |
|
264 | - - execute `ping` in pod a try to reach pod b |
|
265 | - ``` |
|
266 | - oc exec -n netproj-a $POD_A_NAME -- ping -c1 -W1 $POD_B_IP |
|
267 | - ``` |
|
268 | - - fails because networks aren't connected |
|
269 | - - join networks |
|
270 | - ``` |
|
271 | - oc get netnamespace |
|
272 | - oc adm pod-network join-projects netproj-a --to=netproj-b |
|
273 | - oc get netnamespace |
|
274 | - ``` |
|
275 | - - network ids of two projs now the same |
|
276 | - - retest connectivity |
|
277 | - ``` |
|
278 | - oc exec -n netproj-a $POD_A_NAME -- ping -c1 -W1 $POD_B_IP |
|
279 | - ``` |
|
280 | - - isolate (unjoin) projects |
|
281 | - ``` |
|
282 | - oc adm pod-network isolate-projects netproj-a |
|
283 | - ``` |
|
284 | - - use ['NetworkPolicy'](#ref#15) for finer grain |
|
285 | - - node maintenance |
|
286 | - - mark node as 'non-schedulable' then drain all pods on node |
|
287 | - - mark node02 as 'non-schedulable' |
|
288 | - ``` |
|
289 | - oc adm manage-node node02.internal.aws.testdrive.openshift.com --schedulable=false |
|
290 | - ``` |
|
291 | - - does not impact running pods |
|
292 | - - drain pods on node02 (dryrun first) |
|
293 | - - node now ready for maintenance (reboot etc) |
|
294 | - - add node back into oshift |
|
295 | - ``` |
|
296 | - oc adm manage-node node02.internal.aws.testdrive.openshift.com --schedulable=true |
|
297 | - ``` |
|
298 | - - oshift registry with cns |
|
299 | - - uses ephemeral storage in its pod |
|
300 | - - restarts or redeployments cause container images lost |
|
301 | - - add cns to registry |
|
302 | - - add volume |
|
303 | - ``` |
|
304 | - oc volume dc/docker-registry --add --name=registry-storage -t pvc \ |
|
305 | - --claim-mode=ReadWriteMany --claim-size=5Gi \ |
|
306 | - --claim-name=registry-storage --claim-class=glusterfs-registry --overwrite |
|
307 | - ``` |
|
308 | - - verify deploymentconfig |
|
309 | - ``` |
|
310 | - oc get dc/docker-registry |
|
311 | - ``` |
|
312 | - - scale registry |
|
313 | - ``` |
|
314 | - oc scale dc/docker-registry --replicas=3 |
|
315 | - ``` |
|
316 | -- container-native storage concepts |
|
317 | - - login as super admin in 'storage' |
|
318 | - ``` |
|
319 | - oc login -u system:admin -n storage |
|
320 | - ``` |
|
321 | - - view pods |
|
322 | - ``` |
|
323 | - oc get pods -n storage -o wide |
|
324 | - ``` |
|
325 | - - check service and route |
|
326 | - ``` |
|
327 | - oc get service,route |
|
328 | - ``` |
|
329 | - - perform health check on endpoint |
|
330 | - ``` |
|
331 | - curl -w "\n" http://heketi-storage-storage.apps.674462327352.aws.testdrive.openshift.com/hello |
|
332 | - ``` |
|
333 | - - login as 'fancyuser1' |
|
334 | - ``` |
|
335 | - oc login -u fancyuser1 -p openshift |
|
336 | - ``` |
|
337 | - - create new app |
|
338 | - ``` |
|
339 | - oc new-project my-database-app |
|
340 | - ``` |
|
341 | - - view template |
|
342 | - ``` |
|
343 | - oc get template/rails-pgsql-persistent -n openshift |
|
344 | - ``` |
|
345 | - - view pvc in template |
|
346 | - ``` |
|
347 | - oc get template/rails-pgsql-persistent -n openshift -o yaml | grep PersistentVolumeClaim -A8 |
|
348 | - ``` |
|
349 | - - specify storage size |
|
350 | - ``` |
|
351 | - oc new-app rails-pgsql-persistent -p VOLUME_CAPACITY=5Gi |
|
352 | - ``` |
|
353 | - - get route |
|
354 | - ``` |
|
355 | - oc get route |
|
356 | - ``` |
|
357 | - - explore underlying cns |
|
358 | - - login as system admin |
|
359 | - - select 'my-database-app' proj |
|
360 | - ``` |
|
361 | - oc project my-database-app |
|
362 | - ``` |
|
363 | - - view pvc |
|
364 | - - export pvc name as var |
|
365 | - ``` |
|
366 | - export PGSQL_PV_NAME=$(oc get pvc/postgresql -o jsonpath="{.spec.volumeName}" -n my-database-app) |
|
367 | - ``` |
|
368 | - - describe pvc |
|
369 | - ``` |
|
370 | - oc describe pv $PGSQL_PV_NAME |
|
371 | - ``` |
|
372 | - - export glusterfs volume name |
|
373 | - ``` |
|
374 | - export PGSQL_GLUSTER_VOLUME=$(oc get pv $PGSQL_PV_NAME -o jsonpath='{.spec.glusterfs.path}') |
|
375 | - ``` |
|
376 | - - switch to storage project |
|
377 | - ``` |
|
378 | - oc project storage |
|
379 | - ``` |
|
380 | - - view glusterfs pods |
|
381 | - ``` |
|
382 | - oc get pods -o wide -l glusterfs=storage-pod |
|
383 | - ``` |
|
384 | - - store first glusterfs pod name and ip as vars |
|
385 | - ``` |
|
386 | - export FIRST_GLUSTER_POD=$(oc get pods -o jsonpath='{.items[0].metadata.name}' -l glusterfs=storage-pod) |
|
387 | - export FIRST_GLUSTER_IP=$(oc get pods -o jsonpath='{.items[0].status.podIP}' -l glusterfs=storage-pod) |
|
388 | - echo $FIRST_GLUSTER_POD |
|
389 | - echo $FIRST_GLUSTER_IP |
|
390 | - ``` |
|
391 | - - query gluster pod for volumes (rsh) |
|
392 | - ``` |
|
393 | - oc rsh $FIRST_GLUSTER_POD gluster volume list |
|
394 | - ``` |
|
395 | - - query for topology |
|
396 | - ``` |
|
397 | - oc rsh $FIRST_GLUSTER_POD gluster volume info $PGSQL_GLUSTER_VOLUME |
|
398 | - ``` |
|
399 | - - export brick dir path |
|
400 | - ``` |
|
401 | - export PGSQL_GLUSTER_BRICK=$(echo -n $(oc rsh $FIRST_GLUSTER_POD gluster vol info $PGSQL_GLUSTER_VOLUME | grep $FIRST_GLUSTER_IP) | cut -d ':' -f 3 | tr -d $'\r' ) |
|
402 | - echo $PGSQL_GLUSTER_BRICK |
|
403 | - ``` |
|
404 | - - look at brick dir |
|
405 | - ``` |
|
406 | - oc rsh $FIRST_GLUSTER_POD ls -ahl $PGSQL_GLUSTER_BRICK |
|
407 | - ``` |
|
408 | - - provide scalable, shared storage w/ cns |
|
409 | - - deploy file uploader app |
|
410 | - ``` |
|
411 | - oc login -u fancyuser1 -p openshift |
|
412 | - oc new-project my-shared-storage |
|
413 | - oc new-app openshift/php:7.0~https://github.com/christianh814/openshift-php-upload-demo --name=file-uploader |
|
414 | - ``` |
|
415 | - - view logs to wait for app to be deployed |
|
416 | - ``` |
|
417 | - oc logs -f bc/file-uploader |
|
418 | - ``` |
|
419 | - - expose app via route |
|
420 | - ``` |
|
421 | - oc expose svc/file-uploader |
|
422 | - ``` |
|
423 | - - scale up for ha |
|
424 | - ``` |
|
425 | - oc scale --replicas=3 dc/file-uploader |
|
426 | - ``` |
|
427 | - - upload file to app |
|
428 | - - view pods to find where file is located |
|
429 | - ``` |
|
430 | - oc rsh file-uploader-1-k2v0d ls -hl uploaded |
|
431 | - oc rsh file-uploader-1-sz49r ls -hl uploaded |
|
432 | - oc rsh file-uploader-1-xjg9f ls -hl uploaded |
|
433 | - ``` |
|
434 | - - create pvc |
|
435 | - ``` |
|
436 | - oc volume dc/file-uploader --add --name=my-shared-storage \ |
|
437 | - -t pvc --claim-mode=ReadWriteMany --claim-size=1Gi \ |
|
438 | - --claim-name=my-shared-storage --mount-path=/opt/app-root/src/uploaded |
|
439 | - ``` |
|
440 | - - refresh app (new nodes) |
|
441 | - - upload new file |
|
442 | - - view file across all nodes |
|
443 | - - increase vol capacity |
|
444 | - - fill up current cap |
|
445 | - ``` |
|
446 | - oc rsh file-uploader-2-jd22b dd if=/dev/zero of=uploaded/bigfile bs=1M count=1000 |
|
447 | - oc rsh file-uploader-2-jd22b df -h /opt/app-root/src/uploaded |
|
448 | - ``` |
|
449 | - - edit pvc |
|
450 | - ``` |
|
451 | - oc edit pvc my-shared-storage |
|
452 | - ``` |
|
453 | - - edit storage size |
|
454 | - - oshift updates on exit from vi |
|
455 | - - confirm cap |
|
456 | - ``` |
|
457 | - oc rsh file-uploader-2-jd22b df -h /opt/app-root/src/uploaded |
|
458 | - ``` |
|
459 | - - providing block storage with cns |
|
460 | - - block storage = iscsi lun |
|
461 | - - view host running elasticsearch |
|
462 | - ``` |
|
463 | - oc get pod -l component=es -n logging -o wide |
|
464 | - ``` |
|
465 | - - view running iscsi session over ssh |
|
466 | - ``` |
|
467 | - ssh node05.internal.aws.testdrive.openshift.com sudo iscsiadm -m session |
|
468 | - ``` |
|
469 | -- exposed services |
|
470 | - - look at [3scale](#ref#16) for protection |
|
471 | - |
|
472 | - |
|
473 | - |
|
474 | -### oc commands |
|
475 | -| command | description | |
|
476 | -|--------------------------------------------------|-------------------------------------------------| |
|
477 | -| `oc login -u system:admin` | login to oshift | |
|
478 | -| `oc get nodes` | list of nodes | |
|
479 | -| `oc project <proj-name>` | change projects | |
|
480 | -| `oc describe statefulset prometheus | describe 'StatefulSet'* | |
|
481 | -| `oc describe daemonset prometheus-node-exporter` | ['node-exporter'](#ref#4) ['daemonset'](#ref#5) | |
|
482 | -| `oc get routes` | show routes | |
|
483 | -| `oc new-project <proj-name>` | create project | |
|
484 | -| `oc new-app docker.io/repo/image` | deploy app | |
|
485 | - |
|
486 | - |
|
487 | -*'StatefulSet' is a special kubernetes resource |
|
488 | - - deals with containers that have various startup and other dependencies |
|
489 | - - a daemonset is another special kubernetes resource. |
|
490 | - - it makes sure that specified containers are running on certain nodes |
|
491 | - |
|
492 | -- show pods |
|
493 | - ``` |
|
494 | - oc get pods |
|
495 | - ``` |
|
496 | -- pod information |
|
497 | - ``` |
|
498 | - oc describe pod <pod-name> |
|
499 | - ``` |
|
500 | -- show yaml output for pod |
|
501 | - ``` |
|
502 | - oc get pod <pod-name> -o yaml |
|
503 | - ``` |
|
504 | -- view pods on node |
|
505 | - ``` |
|
506 | - oc adm manage-node <node-name> --list-pods |
|
507 | - ``` |
|
508 | -- show services |
|
509 | - ``` |
|
510 | - oc get services |
|
511 | - ``` |
|
512 | -- service information |
|
513 | - ``` |
|
514 | - oc describe service <service-name> |
|
515 | - ``` |
|
516 | -- show yaml output for service |
|
517 | - ``` |
|
518 | - oc get service <service-name> -o yaml |
|
519 | - ``` |
|
520 | -- show deploymentconfig |
|
521 | - ``` |
|
522 | - oc get dc |
|
523 | - ``` |
|
524 | -- show replicationcontroller |
|
525 | - ``` |
|
526 | - oc get rc |
|
527 | - ``` |
|
528 | -- scale pods |
|
529 | - ``` |
|
530 | - oc scale --replicas=2 dc/<label> |
|
531 | - ``` |
|
532 | -- show endpoints for label |
|
533 | - ``` |
|
534 | - oc get endpoints <label> |
|
535 | - ``` |
|
536 | -- show router |
|
537 | - ``` |
|
538 | - oc describe dc router -n default |
|
539 | - ``` |
|
540 | -- set liveness probe |
|
541 | - ``` |
|
542 | - oc set probe dc/<label> --liveness --get-url=http://:8080/health --initial-delay-seconds=30 |
|
543 | - ``` |
|
544 | -- set readiness probe |
|
545 | - ``` |
|
546 | - oc set probe dc/<label> --readiness --get-url=http://:8080/health --initial-delay-seconds=30 |
|
547 | - ``` |
|
548 | -- log on to pod (remote shell) |
|
549 | - ``` |
|
550 | - oc rsh <pod-name> |
|
551 | - ``` |
|
552 | -- view default project request template |
|
553 | - ``` |
|
554 | - oc adm create-bootstrap-project-template |
|
555 | - ``` |
|
556 | -- create new default template |
|
557 | - ``` |
|
558 | - oc create -f /file/path/to/template.yaml -n default |
|
559 | - ``` |
|
560 | -- show quota for project |
|
561 | - ``` |
|
562 | - oc get quote -n <proj-name> |
|
563 | - ``` |
|
564 | -- show limitrange for project |
|
565 | - ``` |
|
566 | - oc get limitrange -n <proj-name> |
|
567 | - ``` |
|
568 | -- show groups (auth) |
|
569 | - ``` |
|
570 | - oc get groups |
|
571 | - ``` |
|
572 | -- execute `groupsync` |
|
573 | - ``` |
|
574 | - sudo oc adm groups sync --sync-config=/path/to/config.yaml --confirm |
|
575 | - ``` |
|
576 | -- show users |
|
577 | - ``` |
|
578 | - oc get user |
|
579 | - ``` |
|
580 | - - users created when first logged in |
|
581 | -- show nodes |
|
582 | - ``` |
|
583 | - oc get nodes |
|
584 | - ``` |
|
585 | -- view nodes by label (i.e. app nodes) |
|
586 | - ``` |
|
587 | - oc get nodes -l region=apps |
|
588 | - ``` |
|
589 | -- show storageclass |
|
590 | - ``` |
|
591 | - oc get sc |
|
592 | - ``` |
|
593 | -- show persistentvolumeclaim |
|
594 | - ``` |
|
595 | - oc get pvc |
|
596 | - ``` |
|
597 | -- show network namespaces |
|
598 | - ``` |
|
599 | - oc get netnamespaces |
|
600 | - ``` |
|
601 | -- |
|
602 | - |
|
603 | -## ref |
|
604 | -- :1: https://github.com/heketi/heketi |
|
605 | -- :2: https://docs.openshift.com/container-platform/3.9/install_config/install/advanced_install.html#configuring-ansible |
|
606 | -- :3: https://docs.openshift.com/container-platform/3.9/install_config/cluster_metrics.html#openshift-prometheus |
|
607 | -- :4: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ |
|
608 | -- :5: https://docs.openshift.com/container-platform/3.9/dev_guide/daemonsets.html |
|
609 | -- :6: https://docs.openshift.com/container-platform/3.9/architecture/core_concepts/pods_and_services.html#services |
|
610 | -- :7: https://docs.openshift.com/container-platform/latest/dev_guide/application_health.html |
|
611 | -- :8: https://docs.openshift.com/container-platform/3.9/admin_guide/quota.html |
|
612 | -- :9: https://docs.openshift.com/container-platform/3.9/admin_guide/limits.html |
|
613 | -- :10: https://docs.openshift.com/container-platform/3.9/install_config/configuring_authentication.html#LDAPPasswordIdentityProvider |
|
614 | -- :11: https://docs.openshift.com/container-platform/3.9/admin_guide/manage_rbac.html#admin-guide-manage-rbac |
|
615 | -- :12: https://docs.openshift.com/container-platform/3.9/architecture/infrastructure_components/kubernetes_infrastructure.html#high-availability-masters |
|
616 | -- :13: http://www.hawkular.org/ |
|
617 | -- :14: https://docs.openshift.com/container-platform/3.9/architecture/networking/sdn.html |
|
618 | -- :15: https://docs.openshift.com/container-platform/3.9/admin_guide/managing_networking.html#admin-guide-networking-networkpolicy |
|
619 | -- :16: https://www.3scale.net/ |