Exam288 Flashcards
Create image stream
oc import-image stream-name –from URL/${USER}/image-name –confirm
Get OCP internal registry URL
oc get route -n openshift-image-registry
Enable access to internal registry
oc patch config.imageregistry cluster -n openshift-image-registry –type merge -p ‘{“spec”:{“defaultRoute”:true}}’
Create webhook
oc set triggers bc/name –from-gitlab
Mount cm into deployment
oc set env deployment/my-deployment-name –from configmap/mycm
Create secrets for OCP to access external registry using username & password
oc create secret docker-registry quayio
- -docker-server=$SERVER
- -docker-username=$USERNAME
- -docker-password=$PASSWORD
Link secrets to access external registry
oc secret link builder credential-name –for=pull
oc secret link default credential-name –for=pull
oc secrets link deployer quayio –for=pull
Set a command as post commit build hook
oc set build-hook bc/name –post-commit –command – bundle exec rake test –verbose
Set a post commit build hook using the shell approach
oc set build-hook bc/name –post-commit –script=”curl http://api.com/user/${USER}”
How do you check if credentials have been added properly for accessing external registry?
oc describe serviceaccount default
Determine which SCC permissions are required for a pod to run
oc get pod podname -o yaml | oc adm policy scc-subject-review -f -
Create a service account
oc create sa nginx-sa
Connect the service account nginx-sa to SCC anyuid:
oc adm policy add-scc-to-user anyuid -z nginx-sa
Bind the service account nginx-sa to the pod or sccnginx deployment to allow it to run with its new permissions
oc set sa deploy podname nginx-sa
List of steps to resolve nginx CrashLoopBackoff
- oc get pod podname -o yaml | oc adm policy scc-subject-review -f -
- oc create sa nginx-sa
- oc adm policy add-scc-to-user anyuid -z nginx-sa
- oc set sa deploy sccnginx nginx-sa
