1
Managign openshift cluster
2
==========================
4
openshift ex diagnostics
6
Types: nodes, projects, pods
7
oc describe <type> <id> - <id> is listed by 'oc get' command
11
https://192.168.12.201:8443/ - important is https!
17
-n <project> - specifies project, otherthise current is used
18
<type>/<name> - specifies an object, like dc/apache, svc/mysql (space can be used instead of '/')
21
--dry-run - Don't execute actions actually (useful to view objects which would be populated by new-app, etc.)
24
--name <name> - specifies the ID of newly created objects
25
--display-name="<name>" - User-readable name
26
--description="<description>" - Longer description
27
for the sake of simplictiy, in many cases the pod can be referenced by its dc (i.e. dc/apache instead of pod/apache-4-d45353)
28
-l label=value - set multiple labels on all created objects
29
--selector="key=value" - restrict output only to the objects with the specified labels
32
-o <format> - specifies format to report information (json/yaml/wide)
33
-f <file|-> - specifies file to read configuration from
36
cpu: #m - 1000m is equal to 1 CPU core
37
memory: #Mi/Gi - MiB/GiB
42
oc get <type>[/name] - lists resources of the specified type (or just the named one) along with some details (oc get templates)
43
--template '{{.spec.clusterIP}}' - extracting specific information
44
--template '{{index .spec.ports 0 "port"}}' - accessing arrays is a bit tricky, this is quivalent to {{.spec.ports[0].port}}
46
oc describe <obj> - full specification of the specified resource and current status (in short human-readable form or fully in the specified format if -o given)
47
oc export <obj> - just object definition
49
oc edit <obj> - edit object specification in YaML/JSON
50
oc patch <obj> -p '{json-structure-to-change}' - edit object configuration, only specified attributes are changed. For instance, to alter nodes which are allowed to run the pod:
51
oc patch dc/apache -p '{"spec":{"template":{"spec":{"nodeSelector":{"master":"0"}}}}}'
53
oc label <obj> key=value [--overwrite] - tags objects
58
Most of the stuf is configured in YaML/JSON. Bellow are just a few commands to make standard actions.
59
- See resources.txt for main options, view existing objects, and try to prototype with 'oc new-* -o json'
60
- Even more stuff is possible directly with kubernets, see kubernetes.txt
62
- Deploy and create objects -
63
oc new-project <project_name> - creates new project / name-space
64
oc new-app eboraas/apache:latest ENV=value - will get an image from dockerhub and create image-stream, dc, rc, pod and the service (environmental variables apply for all containers)
65
-o json - the objects will be printed out in the requested format instead of being created
66
-p <key>=<value> - set parameters in templates
67
-l <label>=<value> - the labels will be assigned to all created objects
68
oc new-app git://ufo.kit.edu/csa/adei.git - will build image from git repository
69
--context-dir='' - specify the directory with Dockerfile within Git repo
71
oc create -f <[object-description]> - creates a list of objects from the file
72
oc create <type>/<name> - or just create just a simple object of the specified type (like new user or service-account without any permisions)
74
- Editing Environment - adjusting container environment after DC new application is created
75
oc env <dc> VAR="value" VAR2="value"
78
oc scale <dc> --replicas=# - scales the pod to specified number of replicas (scaling to 0 efficiently stopps the pod and associated services)
79
by scalling to 0 and then back to 1, it is possible to efficiently restart the pod.
80
* For jobs/<name> it will change the number of replicas which have to complete, not the number of replicas executed
81
in parallel. The later is changed with running 'scale' on corresponding RC.
82
oc autoscale <dc> --min # --max # --cpu-percent=# - will automatically scale number of running pods depending on POD CPU utilization which is computed with Cluster Metrics infrastructure
83
* Cluster metrics should be properly configured.
84
* HPS object is created and can be queried for status
86
- Expose it to external users - see more details in network.txt
87
oc expose <svc/name> --hostname=<fqdn> - exposes the service for external users under the specified fqdn. FQDN is not required to belong to the configured OpenShift subdomain,
88
but can be arbitrary provided that the traffic is routed to the OpenShift masters.
89
oc expose --name='apache-alias' service/apache --hostname=katrin.kit.edu
91
- Management & Automatic Updates
92
oc set triggers <dc> --auto - Enables automatic deployment rollout based on different conditions (by default 'dc' configuration change only)
93
--from-image=<is> -c <container> - Monitors ImageStream and update the specified container when new image is pushed to is
95
oc delete dc/<name> pod/<pod> - destroy deployment, rc, and running pods (but keeps service, ep)
96
oc deploy dc/<name> --retry - retry failed deployment
97
oc deploy dc/<name> --cancel - cancel deployment which stuck
98
oc rollback dc/<name> - rollback to previous version (disables automatic updates, should be re-enabled with 'oc set triggers <dc> --auto'
99
oc rollback dc/<name> --to-version=1 - rollback to the specified version
102
Volumes & Configuration
103
=======================
104
The customization of Docker containers is possible
105
- by setting enironmental variables and overriding the default command
106
- by mounting temporary and persistent volumes
107
- by s2i injection (which is normally used to inject interpreted sources in various web platforms)
108
The special configuration objects: ConfigMaps and Secrets (secret is basically encrypted ConfigMap) is standard way to provide configuration. Both are key/value data stores which
109
can be either mounted as volumes (with each key represented as file) or referenced in other object definitions.
112
oc create cm/<name> <spec1> <spec2> ...
113
--from-literal="key=value" - just specifying values on command line
114
--from-file="[key=]path/file" - if key is omitted, the filename (without path) will be used as 'key'. And the file content as 'value'. Large files are OK.
115
--from-file="path/dir" - each file in the directory will be used to populate ConfigMap. The subdirectories seems not included.
116
oc create secret generic <name> <specs> - generic secrets are created like CM
117
oc create secret tls --cert="" --key="" - create secret with PEM-encoded key pair
118
oc create secret docker-registry <name> <opts> - secret used to generate ~/.dockercfg and allow pushing/pulling images from Docker registry
119
--docker-username=user --docker-password=password --docker-email=email [--docker-server=string] [--from-literal=key1=value1]
124
oc adm manage-node <nodes> --list-pods - list pods running on the specified node (or space-separated node list)
125
oc adm manage-node <nodes> --schedulable=true/false - temporary disables/enables placing new pods on the node (the already running pods will continue to run)
126
oc adm manage-node <nodes> --evacuate - evacuate nodes from the specified nodes (nodes should be marked unschedulable or pods can be reschedulled back).
127
There is no way to migrate pod to the specific node (unless all others are marked unschedulable)
128
--pod-selector="app=apache" - only evict the specified nodes
133
oc volumes pod/<pod> - list volumes used by pod
134
oc export pod/apache-3-gnmq1 | grep nodeName - find where the pod is running
136
oc get events - major events: failures, scheduling, deployments, builds, etc. Per-project.
137
oc logs [-f] [--version=#] pod/<pod> - get logs (stdout) from running pod (or from failed deployment attempt), -f starts 'watch'ing operation
138
oc exec pod/<pod> [-c container] ls - run command in the pod (first container of pod by default, the pod should be running)
139
oc rsh pod/<pod> [-c container] /bin/bash - run interactive command
140
oc debug pod/<pod> - this allows to start and debug failing container (i.e. when we can't connect to it with exec as it is failing)
141
oc rsync <pod>:/src_path /local/dst_path - move data between local file system and pod
142
--watch - continously running and synchronizes data upon changes
148
oc get is -n openshift - Standard image streams
149
oc get templates -n openshift - Standard templates
150
- Get template parameters
151
oc process --parameters -n openshift mysql-persistent - List parameters of the mysql template
152
- Deploy from tempalte
153
oc process -n openshift -v MYSQL_USER=adei -v MYSQL_PASSWORD=adei -v MYSQL_ROOT_PASSWORD=ipepdv -v MYSQL_DATABASE=adei -v VOLUME_CAPACITY=1Gi -v MYSQL_VERSION=5.7 mysql-persistent | oc create -f -
155
oc export all --as-template=<name> - Generate template from current configuration