Automation with OpenShift Flashcards
Show the “schema” of an object or its properties
oc explain deployment.status.replicas
jsonpath construct to iterate over lists in the resource
c get deployment -n openshift-cluster-samples-operator \
cluster-samples-operator -o jsonpath=’{.status.conditions[*].type}’
Get a specific item in a list using jsonpath
c get deployment -n openshift-cluster-samples-operator \
cluster-samples-operator -o jsonpath=’{.spec.template.spec.containers[0].name}’
Filter items in a list with jsonpath
oc get deployment -n openshift-cluster-samples-operator \
cluster-samples-operator -o jsonpath=’{.status.conditions[?(@.type==”Available”)].status}’
list a single property from many objects
oc get route -n openshift-monitoring \
-o jsonpath=’{.items[*].spec.host}’
print specific properties in a tabular format
oc get pod –all-namespaces -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase,NODE:.spec.nodeName
With jsonpath, extract single property with multiple nesting
oc get pods -A -o jsonpath=’{.items[].spec.containers[].image}’
Extract multiple properties at different levels of nesting
oc get pods -A -o jsonpath=’{range .items[*]}’ \
‘{.metadata.namespace} {.metadata.creationTimestamp}{“\n”}’
Execute jsonpath from file
oc get nodes -o jsonpath-file=not_ready_nodes.jsonpath
Capture the host name of the web console in a variable
console=$(oc get route -n openshift-console console \
-o jsonpath=’{.spec.host}’)
Use the curl command to display the expiry date of the OpenShift Router TLS certificate
curl https://$console -k -v 2>&1 | grep ‘expire date’
Get the host names for all routes and store them in a variable
hosts=$(oc get route -A \
-o jsonpath=’{.items[*].spec.host}’)
Use curl to get the HTTP status for each route
locate the name of the secret that contains the users
oc get oauth cluster -o json
extract the secret name from the identity provider named htpasswd_provider
filter=’?(.name==”htpasswd_provider”)’
oc get oauth cluster -o jsonpath=”{.spec.identityProviders[$filter].htpasswd.fileData.name}{‘\n’}”
Where does OCP store service account token
In the running pod under /var/run/secrets/kubernetes.io/serviceaccount/token
How do you get an operational script to authenticate with OCP
Create a service account for the purpose
service accounts belong to a namespace yes or no?
yes
CR for creating a service account
Why prefer using CR vs oc cli
declarative YAML or JSON text files encourages the DevOps practices of version control and code review
By default, the service account does not have permission to make requests to the OpenShift API server. True or False?
True.
roles and role bindings must be defined for the sa
Roles are namespaced. True or False?
True
ClusterRoles are namespaced. True or False?
True
RoleBinding are namespaced. True or False?
True
What are valid subjects for role binding?
users, groups, or service accounts.
How do you create a binding?
oc policy add-role-to-user
Cron Job CR
Job CR
What are container script deployment strategies?
1) container command
2) volume
3) container image
Explain the container command script deployment strategy
Specify short Bash scripts as arguments to a container in the spec. This method is easy to deploy, but makes reviewing and automated tests more difficult.
Explain the volume script deployment straregy
Mount a ConfigMap or persistent storage as a volume.
Explain the image script deployment strategy
Package the script in a container image with all necessary dependencies. Use a GitOps pipeline with build, test, and deployment automation.
get jobs in all namescapes
oc get jobs -A
curl command to get api version
curl -k –header “Authorization: Bearer $(oc whoami -t)” $(oc whoami –show-server)/api
Find the list of APis using curl
curl -k –header “Authorization: Bearer $(oc whoami -t)” $(oc whoami –show-server)/apis
Create a project using REST API
curl -k –header “Authorization: Bearer qfyV5ULvv…i712kJT” \
–header ‘Content-Type: application/json’ -d “$(< project.json)” \
-X POST https://api.example.com/apis/project.openshift.io/v1/projects
Content of json file for creating a project
{
“apiVersion”: “project.openshift.io/v1”,
“kind”: “Project”,
“metadata”: {
“name”: “example”
}
}
Ansible OCP modules
1) k8s: manages k8s objects, allowing you to create, update, or delete Kubernetes objects
2) k8s_auth: returns api_key that other modules can use
3) k8s_info: Retrieves info about k8s objects
4) k8s_scale: sets new sizes for a Deployment, ReplicaSet, rc, or Job
5) k8s_service: manages services on k8s
Ansible block to configure defauts
Ansible play to login into OCP
Ansible task to create objects from file
Ansible task to get info about Pods that are web apps in dev or test
Ansible task to scale up deployment
Ansible task to expose https port with ClusterIP
Prequisites for CP ansible modules
1) openshift >= 0.6.2
2) PyYAML >= 3.11
3) urllib3
4) requests
5) requests-oauthlib
Ansible playbook to get route info
Ansible task a URL and print the response code
