EX288 Merge Flashcards
(156 cards)
<p>Create image stream</p>
<p>oc import-image stream-name --from URL/${USER}/image-name --confirm</p>
<p>Get OCP internal registry URL</p>
<p>oc get route -n openshift-image-registry</p>
<p>Enable access to internal registry</p>
<p>oc patch config.imageregistry cluster -n openshift-image-registry --type merge -p '{"spec":{"defaultRoute":true}}'</p>
<p>Create webhook</p>
<p>oc set triggers bc/name --from-gitlab</p>
<p>Mount cm into deployment</p>
<p>oc set env deployment/my-deployment-name --from configmap/mycm</p>
<p>Create secrets for OCP to access external registry using username & password</p>
<p>oc create secret docker-registry quayio<br></br>--docker-server=$SERVER<br></br>--docker-username=$USERNAME<br></br>--docker-password=$PASSWORD</p>
<p>Link secrets to access external registry</p>
<p>oc secret link builder credential-name --for=pull<br></br>oc secret link default credential-name --for=pull</p>
<p>oc secrets link deployer quayio --for=pull</p>
<p>Set a command as post commit build hook</p>
<p>oc set build-hook bc/name --post-commit --command -- bundle exec rake test --verbose</p>
<p>Set a post commit build hook using the shell approach</p>
<p>oc set build-hook bc/name --post-commit --script="curl http://api.com/user/${USER}"</p>
<p>How do you check if credentials have been added properly for accessing external registry?</p>
<p>oc describe serviceaccount default</p>
<p>Determine which SCC permissions are required for a pod to run</p>
<p>oc get pod podname -o yaml | oc adm policy scc-subject-review -f -</p>
<p>Create a service account</p>
<p>oc create sa nginx-sa</p>
<p>Connect the service accountnginx-sato the SCCanyuid:</p>
<p>oc adm policy add-scc-to-user anyuid -z nginx-sa</p>
<p>Bind the service accountnginx-sato the pod orsccnginxdeployment to allow it to run with its new permissions</p>
<p>oc set sa deploy podname nginx-sa</p>
<p>List of steps to resolve nginx CrashLoopBackoff</p>
<p></p>
<ul> <li>oc get pod podname -o yaml | oc adm policy scc-subject-review -f -</li> <li>oc create sa nginx-sa</li> <li>oc adm policy add-scc-to-user anyuid -z nginx-sa</li> <li>oc set sa deploy sccnginx nginx-sa</li></ul>
<p>Kubernetes main resource types</p>
<p>POD (po)<br></br>Persistent Volumes (pv)<br></br>Persistent Volume Claims (pvc)<br></br>Build Config (bc)<br></br>Deployment / deployment Confg (dc)<br></br>Services (svc)<br></br>Config Maps (cm)<br></br>Secrets</p>
<p>Login to OCP cluster using CLI</p>
<p>oc login -u user1 -p passwd URL</p>
<p>Forward port to mysql server</p>
<p>oc port-forward mysql 3306:3306</p>
<p>Deploy mysql using template</p>
<p>oc new-app <br></br> --template=mysql-persistent <br></br> -p MYSQL_USER=user1 <br></br><br></br>-p MYSQL_PASSWORD=mypa55 <br></br><br></br>-p MYSQL_DATABASE=testdb <br></br><br></br> -p MYSQL_ROOT_PASSWORD=r00tpa55 <br></br><br></br>-p VOLUME_CAPACITY=10Gi</p>
<p>Deploy mysql using image from registry</p>
<p>oc new-app --image=myregistry.com/mycompany/myapp --name=myapp</p>
<p>Deploy app using github url</p>
<p>oc new-app https://github.com/openshift/ruby-hello-world --name=ruby-hello</p>
<p>Deploy mysql using mysql image</p>
<p>oc new-app mysql MYSQL_USER=user MYSQL_PASSWORD=pass MYSQL_DATABASE=testdb -l db=mysql</p>
<p>Get list of pv</p>
<p>oc get pv</p>
<p>Create pv</p>
<p>oc create -f pvc.yaml</p>
get certain resources
oc get RESOURCE_TYPE RESOURCE_NAME
Show detailed of the resource
oc describe resource_type resource_name
oc create
oc create
edit resource
oc edit deploymentconfig/parksmap-katacoda
Delete resource
oc delete RESOURCE_TYPE name
Search by label
oc get svc,deployments -l app=nexus
Create a route
oc expose svc quotedb --name quote
oc expose object_type object_name
Restart an OCP build
oc start-build myapp
Create an app with s2i
oc new-app -i php http://services.lab.example.com/app --name=myapp
Get list of image streams for a specific project.
oc get is -n openshift
Get list of builds
oc get builds
Get list of bc
oc get buildconfig
Get list of templates inside a project where you are not currently
oc get templates -n openshift
Explain: oc process --parameters mysql-persistent -n openshift
list available parameters/resources from a template
Process a template and redirect output to a file
oc process -o yaml -f filename > myapp.yaml
Which OCP resource is responsible for the build step in the S2I process
BuildConfig (BC)
How do you retrieve logs resulting from the S2I build step?
oc logs bc/appname
How do you retrieve logs resulting from the S2I deployment step?
oc logs -f deployment/appname
How do you troubleshoot volume issues in OCP?
1) Delete the persistent volume claim
2) Delete the persistent volume.
3) Recreate the persistent volume
Delete persistent volume
oc delete pv
Monitor logs from a build
oc logs -f bc/temps
Flag to configure oc new-app to create a DeploymentConfig resource instead of a Deployment
--as-deployment-config
Flag to provide the image stream to be used
--image-stream
-i
Flag to specify if deployment is docker or pipeline or source
--strategy
Flag to provide the URL to a Git repository to be used as input to an S2I build
--code
Flag to provide the URL to a container image to be deployed.
--docker-image
Flag to show the result of the operation without performing it
--dry-run
Flag to provide the path to a directory to treat as the root when creating an app from a git URL
--context-dir
Build app from git url using specific builder image
oc new-app php~http://gitserver.example.com/mygitrepo
oc new-app -i php http://gitserver.example.com/mygitrepo
oc new-app php:7.0~http://gitserver.example.com/mygitrepo
oc new-app -i php:7.0 http://gitserver.example.com/mygitrepo
Diff between tilde (~) and --image-stream (-i) options
-i : requires git client installed locally
- i: language detection needs to clone the repo for inspection
~ : no language detection
~ : no git client needed
Command to retrieve a file inside a running container file system
oc cp frontend-1-zvjhb:/var/log/httpd/error_log \
/tmp/frontend-server.log
Diff between Linux cp and oc cp
oc cp does not copy a file to a folder.
execute commands inside the container
oc rsh frontend-1-zvjhb ps ax
Start and interactive shell to container
oc rsh -t frontend-1-zvjhb
create a new configuration map that stores string literals
oc create cm config_map_name \
--from-literal key1=value1 \
--from-literal key2=value2
create a new secret that stores string literals
oc create secret generic secret_name \
--from-literal username=user1 \
--from-literal password=mypa55w0rd
create a new configuration map that stores the contents of a file or a directory containing a set of files
oc create cm config_map_name \
--from-file /home/demo/conf.txt
create a new secret that stores the contents of a file or a directory containing a set of files
oc create secret generic secret_name \
--from-file /home/demo/mysecret.txt
Command to retrieve cm in json
oc get configmap/myconf -o json
Command to edit cm
oc edit configmap/myconf
Command to alter a cm
oc patch cm/myconf --patch '{"data":{"key1":"newvalue1"}}'
inject all values stored in a cm into a deployment
oc set env deployment/my-deployment-name --from configmap/mycm
Create secrets to allow OCP to connect to docker registry
oc create secret docker-registry registrycreds \
--docker-server registry.example.com \
--docker-username youruser \
--docker-password yourpassword
Link secrets to default service account
oc secrets link default registry-creds-name --for=pull
Link secrets registrycreds to builder image
oc secrets link builder registrycreds --for=pull,mount
Create a route to expose the internal OCP registry
oc patch config.imageregistry cluster -n openshift-image-registry \
--type merge -p '{"spec":{"defaultRoute":true}}'
Show the route of the internal OCP registry
oc get route -n openshift-image-registry
Log in into the internal registry from CLI
1) TOKEN=$(oc whoami -t)
2) podman login -u myuser -p ${TOKEN} internal-registry-url
allows a user to pull images from the internal registry in a given project
oc policy add-role-to-user system:image-puller \
user_name -n project_name
Get image stream tags in a project
oc get istag -n openshift
create an image stream tag resource for a container image hosted on an external registry
oc import-image myimagestream[:tag] --confirm \
--from registry/myorg/myimage[:tag]
oc import-image myimagestream:1.0 --confirm \
--from registry/myorg/myimage
create one image stream tag resource for each container image tag that exists in the source registry server
oc import-image myimagestream --confirm --all \
--from registry/myorg/myimage
update an image stream tag to match one current image IDs on the source registry server
oc import-image myimagestream[:tag] --confirm
Starts a new build manually.
oc start-build name
Cancel a build
oc cancel-build name
Deletes a build configuration.
oc delete bc/name
Delete a build
oc delete build/name-1
Describes details about a build configuration resource and the associated builds,
oc describe bc name
Describe a build providing the build name:
oc describe build name-1
How do you change the number of most recent builds that are persisted
Edit the bc and change following properties:
successfulBuildsHistoryLimit, and the failedBuildsHistoryLimit
change log level for bc
oc set env bc/name BUILD_LOGLEVEL="4"
Deploy app using pre-created image
oc new-app --docker-image=registry.access.redhat.com/rhel7-mysql57
What are the oc-new app option flags?
--as-deployment-config
--image-stream
--strategy
--code
--docker-image
--dry-run
--context-dir
Parameters for --strategy
- docker
- source
- pipeline
Explain --strategy
Helps in disambiguating if URL contains both docker file and source code
Explain --as-deployment-config
Used in oc new-app to use deployment config for the deployment of the app instead of deployment.
Create image stream named myis for acme/awesome container image coming from insecure registry.com
oc import-image myis --confirm --from registry.com/acme/awesome --insecure
What are image stream tags for?
1) points to new container tag
2) alternative friendly name for the container image
Examples:
1) ruby:2.5 for container image rhel8/ruby-25.
2) ruby:2.6 for container image rhel8/ruby-26
What are different types of secrets?
- basic-auth
- opaque
- service-account-token
- ssh-auth
- tls
Two type of bc triggers
Image change triggers
Webhook triggers
How do you view the triggers associated with a build configuration
oc describe bc/name
Add an image change trigger to a build
oc set triggers bc/name --from-image=project/image:tag
How do you remove an image change trigger from a bc
oc set triggers bc/name --from-image=project/image:tag --remove
Add a webhook to a bc
oc set triggers bc/name --from-gitlab
oc set triggers bc/name --from-github
oc set triggers bc/name --from-bitbucket
Remove a webhook from a bc
oc set triggers bc/name --from-gitlab --remove
oc set triggers bc/name --from-github --remove
oc set triggers bc/name --from-bitbucket --remove
What are the two types of post commit hooks?
Command: A executed using the exec system call.
Shell script: Runs a build hook with the /bin/sh -ic command
Create a command post-commit build hook
oc set build-hook bc/name --post-commit \
--command -- bundle exec rake test --verbose
Create a shell script post-commit build hook
oc set build-hook bc/name --post-commit \
--script="curl http://api.com/user/${USER}"
How do you tell S2I where to find its mandatory scripts (run, assemble)
Set io.openshift.s2i.scripts-url as label in the builder image
Ways to customize the s2i script:
1) override the default S2I scripts by providing your own S2I scripts in the .s2i/bin
2) create a wrapper script that invokes the default scripts, and then adds the necessary customization before or after the invocation
using skopeo how do you determine the location of the s2i script for rhscl/php-73-rhel7 S2I builder image
skopeo inspect
docker://myregistry.com/rhscl/php-73-rhel7 | grep io.openshift.s2i.scripts-url
Command for skafolding s2i builder image
s2i create image_name directory
How do yous pecify the maven repo URL when creating an app?
--build-env MAVEN_MIRROR_URL=${URL}
How to specify a build env variable for oc new-app?
--build-env ENV_VAR_NAME=VALUE
Do not put a space after the environment variable ENV_VAR_NAME=VALUE. The environment variable follows the NAME=VALUE format.
Types of post commit build hookds
- Command
- Shell script
Set a command as post commit build hook
oc set build-hook bc/name --post-commit --command -- bundle exec rake test --verbose
Set a post commit build hook using the shell approach
oc set build-hook bc/name --post-commit \ --script="curl http://api.com/user/${USER}"
Start a build called hook and display logs
oc start-build hook -F
Where do you put your s2i customizations
In your project under .s2i/bin
How do you invoke the s2i run script during customization?
exec /usr/libexec/s2i/run
You must use exec to ensure that the default run script still runs with process ID 1.
Create app from template stored in local file
oc new-app --file mytemplate.yaml -p PARAM1=value1
Apply values to a template and store the result in a local file
oc process -f mytemplate.yaml -p PARAM1=value1 > myresourcelist.yaml
list only parameters defined by a template
oc process -f mytemplate.yaml --parameters
Print the list of env variable in a bc
oc set env bc/hook --list
How do you validate a helm chart?
helm lint hello-world
How do you render the template locally for quick feedback?
helm template ./hello-world
How do you install a helm chart into the Kubernetes cluster:
helm install --name hello-world ./hello-world
How to find out which charts are installed on a cluster?
helm ls --all
How to upgrade a release to a specified or current version of the chart or configuration
helm upgrade hello-world ./hello-world
helm rollback hello-world 1
How to uninstall a release completely from k8s?
helm uninstall hello-world
How to create a versioned archive file of a helm chart?
helm package ./hello-world
How to search a helm repo?
helm search repo
show the status of a helm release
helm status RELEASE_NAME
downloads the charts added as dependencies to a chart
helm dependency update
Initialize a helm project
helm create hello-world
Configure helm deployment to use a specific image
In values.yaml, change the value of image.repository and image.tag.
Add mariadb dependency
in Chats.yaml add:
dependencies:
- name: mariadb
version: 11.0.13
repository: https://charts.bitnami.com/bitnami
Then run: helm dependency update
Specify environment variables with helm
In values.yaml, add:
env:
- name: "QUOTES_HOSTNAME"
value: "famousapp-mariadb"
- name: "QUOTES_DATABASE"
value: "quotesdb"
- name: "QUOTES_USER"
value: "quotes"
- name: "QUOTES_PASSWORD"
value: "quotespwd"
Tree types of probes
startup, readiness, liveness
What does readiness probe determines?
whether or not a container is ready to serve requests
What happens if an app fails readiness probe?
OpenShift removes the IP address for the container from the endpoints of all services.
What happens container fails liveness probe?
OCP kills the container and tries to redeploy it
Readiness probe config key
spec.containers.readinessprobe
Liveness probe config key
spec.containers.livenessprobe
Five options that control probes
- initialDelaySeconds
- timeoutSeconds
- periodSeconds
- successThreshold
- failureThreshold
Three protocols for probe execution
- http
- exec
- tcp socket
How do you edit deployment using the GUI
Edith the deployment YAML by going to Workloads → Deployment →
Create http readiness probe using oc
oc set probe deployment myapp --readiness --get-url=http://:8080/healthz --period=20
Create tcp liveness probe using oc
oc set probe deployment myapp --liveness --open-tcp=3306 --period=20 --timeout-seconds=1
Get help with probe creation
oc set probe --help
Continuously run "oc get pods"
watch -n 2 oc get pods
Set an env variable on a dc
oc set env dc/mysql HOOK_RETRIES=5
Start a deployment
oc rollout latest dc/name
view the history of deployments
oc rollout history dc/name
See details of a specific deployment
oc rollout history dc/name --revision=1
Retry a deployment that failed previously
oc rollout retry dc/name
scale the number of pods in a deployment
oc scale dc/name --replicas=3
Two types of events that trigger a deployment:
- Configuration change
- Image change
Set a deployment trigger for a deployment configuration
oc set triggers dc/name --from-image=myproject/origin-ruby-sample:latest -c helloworld
Deploy java app by specifying maven repo
oc new-app --as-deployment-config --name quip
--build-env MAVEN_MIRROR_URL=URL
https://github.com/user/app-deploy
Activate readiness and liveness probes for an application
oc set probe dc/quip --liveness --readiness --get-url=http://:8080/ready --initial-delay-seconds=30 --timeout-seconds=2
