Similar commands for Openshift and vanilla Kubernetes, main difference is to use “kubectl” instead of “oc”.
Contents
Service management
Scale a service
oc scale deploymentConfig REPLACE_ME --replicas=0
Scale all the services in a namespace except those whose name contain a word
oc get deploymentConfig | awk '{ if ($1 !~ /REPLACE_ME/) print $1, $3 }' | while read deploymentConfigName; do oc scale deploymentConfig $deploymentConfigName --replicas=0; done
Restart a service by redeploying the latest version
oc deploy REPLACE_DEPLOYMENT_CONFIG_NAME --latest
oc rollout latest dc/REPLACE_DEPLOYMENT_CONFIG_NAME -n REPLACE_NAMESPACE
Roll back to the last successful deployment
oc rollback REPLACE_APP_NAME -n REPLACE_NAMESPACE
Roll back to a specific version
oc rollback REPLACE_APP_NAME --to-version=REPLACE_VERSION -n REPLACE_NAMESPACE
oc delete all -l app=REPLACE_SERVICE
oc delete all,pvc,sa,secret,rolebindings -l app_name=REPLACE_SERVICE -n REPLACE_NAMESPACE
Pod interaction
Connect into a pod
oc exec -it REPLACE_POD_NAME bash
Copy files from a pod to local
oc rsync :/remote/dir/filename ./local/dir
Copy files from local to a pod
oc rsync ./local/dir :/remote/dir
Delete a stuck pod
oc delete pod REPLACE_POD_NAME --grace-period=0
Secret management
Create a secret
oc create secret generic REPLACE_SECRET_NAME --from-file=REPLACE_FILE_PATH
Download a list of secrets
It generates a file that can be easily be parsed to load the secrets into another cluster:
oc get secrets | grep 'REPLACE_SECRET_PREFIX' | awk '{print $1}' | while read a; do echo -n "$a,";oc extract secrets/$a ; done > temp.txt
Upload a list of secrets
while read line;do secretName=$(echo $line | awk -F',' '{print $1}');fileName=$(echo $line | awk -F',' '{print $2}');oc create secret generic $secretName --from-file=$fileName;done < temp.txt
Get the value of a specific secret
oc get secret secret_name -o yaml
Convert the secret value to base64
echo "REPLACE_TOKEN_VALUE" | base64 -d
User management
Add admin role to a user on a project
oc policy add-role-to-user admin REPLACE_USERNAME -n REPLACE_NAMESPACE
Add edit role to a user on a project
oc policy add-role-to-user edit REPLACE_USERNAME -n REPLACE_NAMESPACE
Add read-only role to a user on a project
oc policy add-role-to-user view REPLACE_USERNAME -n REPLACE_NAMESPACE
Remove a role from a user
oc policy remove-role-from-use {admin|edit|view} REPLACE_USERNAME -n REPLACE_NAMESPACE
Service account management
Create a service account
oc create sa REPLACE_ACCOUNT_NAME
Get details of a service account
To see its token names, etc:
oc describe sa REPLACE_ACCOUNT_NAME
Get all the service accounts in a project
oc get sa -n REPLACE_NAMESPACE
Other
Change a route’s max timeout
oc annotate route REPLACE_ROUTE_NAME --overwrite haproxy.router.openshift.io/timeout=2s
Openshift OC CLI commands list cheat sheet
https://confluence.almuk.santanderuk.corp/display/PDLOCALDEVELOPMENTUK/Openshift+commands+list