├── mysa.yaml ├── nginx.yml ├── nwpol-deny-all.yaml ├── cluster-monitoring-config.yaml ├── mypod.yaml ├── nginx-custom-config.conf ├── pvc.yaml ├── mysapod.yaml ├── list-pods.yaml ├── linginx1.conf ├── prometheus-role.yaml ├── README.md ├── pv.yaml ├── nginx-source1.yml ├── nginx-source2.yml ├── nginx-target.yml ├── nwpol.yaml ├── prometheus-binding.yaml ├── localstorage.yml ├── list-pods-mysa-binding.yaml ├── nginx-cm.yml ├── haproxy.cfg ├── network-attachment-definition.yaml ├── nwpol-allow-specific.yaml ├── containerlimits.yaml ├── pv-pod.yaml ├── morevolumes.yaml ├── nwpolicy-complete-example.yaml ├── limits.yaml ├── oauth.yaml ├── withcert.yaml ├── linginx-v1.yaml ├── default.conf ├── linginx-v2.yaml ├── linginx-v3.yaml ├── limitrange.yaml ├── 08dec25.txt └── dec2025.txt /mysa.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: mysa 5 | -------------------------------------------------------------------------------- /nginx.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginxxxx 5 | spec: 6 | containers: 7 | - name: nginx 8 | image: nginx 9 | -------------------------------------------------------------------------------- /nwpol-deny-all.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: networking.k8s.io/v1 3 | metadata: 4 | name: deny-all 5 | spec: 6 | podSelector: {} 7 | -------------------------------------------------------------------------------- /cluster-monitoring-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: cluster-monitoring-config 5 | namespace: openshift-monitoring 6 | data: 7 | config.yaml: | 8 | 9 | -------------------------------------------------------------------------------- /mypod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: mypod 5 | spec: 6 | containers: 7 | - name: alpine 8 | image: alpine:3.9 9 | command: 10 | - "sleep" 11 | - "3600" 12 | -------------------------------------------------------------------------------- /nginx-custom-config.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8888; 3 | server_name localhost; 4 | location / { 5 | root /usr/share/nginx/html; 6 | index index.html index.htm; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /pvc.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: pv-newclaim 5 | spec: 6 | accessModes: 7 | - ReadWriteOnce 8 | resources: 9 | requests: 10 | storage: 999Mi 11 | -------------------------------------------------------------------------------- /mysapod.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: mysapod 5 | spec: 6 | serviceAccountName: mysa 7 | containers: 8 | - name: alpine 9 | image: alpine:3.9 10 | command: 11 | - "sleep" 12 | - "3600" 13 | -------------------------------------------------------------------------------- /list-pods.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: list-pods 5 | namespace: default 6 | rules: 7 | - apiGroups: 8 | - '' 9 | resources: 10 | - pods 11 | verbs: 12 | - list 13 | -------------------------------------------------------------------------------- /linginx1.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8080 default_server; 3 | listen [::]:80 default_server ipv6only=on; 4 | 5 | root /usr/share/nginx/html; 6 | index index.html; 7 | 8 | server_name localhost; 9 | } 10 | -------------------------------------------------------------------------------- /prometheus-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: prometheus 5 | rules: 6 | - apiGroups: 7 | - "" 8 | resources: 9 | - pods 10 | verbs: 11 | - get 12 | - list 13 | - watch 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This Git repository contains supporting files for my "OpenShift Administration (EX280)" video course. See https://sandervanvugt.com for more details. 2 | 3 | The files are also used in the live training I'm teaching at https://learning.oreilly.com. 4 | -------------------------------------------------------------------------------- /pv.yaml: -------------------------------------------------------------------------------- 1 | kind: PersistentVolume 2 | apiVersion: v1 3 | metadata: 4 | name: pv-volume 5 | labels: 6 | type: local 7 | spec: 8 | capacity: 9 | storage: 2Gi 10 | accessModes: 11 | - ReadWriteOnce 12 | hostPath: 13 | path: "/mnt/mydata" 14 | -------------------------------------------------------------------------------- /nginx-source1.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-access 5 | labels: 6 | type: access 7 | namespace: source-project 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx 12 | ports: 13 | - containerPort: 8080 14 | protocol: TCP 15 | -------------------------------------------------------------------------------- /nginx-source2.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-noaccess 5 | labels: 6 | type: noaccess 7 | namespace: source-project 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx 12 | ports: 13 | - containerPort: 8080 14 | protocol: TCP 15 | -------------------------------------------------------------------------------- /nginx-target.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-target 5 | labels: 6 | type: incoming 7 | namespace: target-project 8 | spec: 9 | containers: 10 | - name: nginx 11 | image: nginx 12 | ports: 13 | - containerPort: 8080 14 | protocol: TCP 15 | -------------------------------------------------------------------------------- /nwpol.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: networking.k8s.io/v1 3 | metadata: 4 | name: nwpol 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | type: production 9 | ingress: 10 | - from: 11 | - namespaceSelector: 12 | matchLabels: 13 | name: production-net 14 | 15 | -------------------------------------------------------------------------------- /prometheus-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: prometheus_binding 5 | subjects: 6 | - kind: ServiceAccount 7 | name: default 8 | namespace: monitoring 9 | roleRef: 10 | kind: ClusterRole 11 | name: prometheus 12 | apiGroup: rbac.authorization.k8s.io 13 | -------------------------------------------------------------------------------- /localstorage.yml: -------------------------------------------------------------------------------- 1 | apiVersion: local.storage.openshift.io/v1 2 | kind: LocalVolume 3 | metadata: 4 | name: local-disks 5 | namespace: openshift-local-storage 6 | spec: 7 | storageClassDevices: 8 | - storageClassName: my-local-storage 9 | volumeMode: Block 10 | devicePaths: 11 | - /dev/loop0 12 | #fstype: ext4 13 | -------------------------------------------------------------------------------- /list-pods-mysa-binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: list-pods-mysa-binding 5 | namespace: default 6 | roleRef: 7 | kind: Role 8 | name: list-pods 9 | apiGroup: rbac.authorization.k8s.io 10 | subjects: 11 | - kind: ServiceAccount 12 | name: mysa 13 | namespace: default 14 | -------------------------------------------------------------------------------- /nginx-cm.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: nginx-cm 5 | labels: 6 | role: web 7 | spec: 8 | containers: 9 | - name: nginx-cm 10 | image: nginx 11 | volumeMounts: 12 | - name: conf 13 | mountPath: /etc/nginx/conf.d 14 | volumes: 15 | - name: conf 16 | configMap: 17 | name: nginx-cm 18 | items: 19 | - key: nginx-custom-config.conf 20 | path: default.conf 21 | -------------------------------------------------------------------------------- /haproxy.cfg: -------------------------------------------------------------------------------- 1 | global 2 | log /dev/log local0 3 | defaults 4 | balance roundrobin 5 | log global 6 | maxconn 100 7 | mode tcp 8 | timeout connect 5s 9 | timeout client 500s 10 | timeout server 500s 11 | listen apps 12 | bind 0.0.0.0:80 13 | server crcvm 192.168.130.11:80 check 14 | listen apps_ssl 15 | bind 0.0.0.0:443 16 | server crcvm 192.168.130.11:443 check 17 | listen api 18 | bind 0.0.0.0:6443 19 | server crcvm 192.168.130.11:6443 check 20 | -------------------------------------------------------------------------------- /network-attachment-definition.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.cni.cncf.io/v1 2 | kind: NetworkAttachmentDefinition 3 | metadata: 4 | name: second 5 | spec: 6 | config: |- 7 | { 8 | "cniVersion": "0.3.1", 9 | "name": "second", 10 | "type": "host-device", 11 | "device": "eth10", 12 | "ipam": { 13 | "type": "static", 14 | "addresses": [ 15 | {"address": "192.168.126.10/24"} 16 | ] 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /nwpol-allow-specific.yaml: -------------------------------------------------------------------------------- 1 | kind: NetworkPolicy 2 | apiVersion: networking.k8s.io/v1 3 | metadata: 4 | name: allow-some 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | type: incoming 9 | ingress: 10 | - from: 11 | - namespaceSelector: 12 | matchLabels: 13 | type: incoming 14 | podSelector: 15 | matchLabels: 16 | type: access 17 | ports: 18 | - port: 8080 19 | protocol: TCP 20 | -------------------------------------------------------------------------------- /containerlimits.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: "v1" 2 | kind: "LimitRange" 3 | metadata: 4 | name: "resource-limits" 5 | spec: 6 | limits: 7 | - type: "Container" 8 | max: 9 | cpu: "2" 10 | memory: "1Gi" 11 | min: 12 | cpu: "100m" 13 | memory: "4Mi" 14 | default: 15 | cpu: "300m" 16 | memory: "200Mi" 17 | defaultRequest: 18 | cpu: "200m" 19 | memory: "100Mi" 20 | maxLimitRequestRatio: 21 | cpu: "10" 22 | -------------------------------------------------------------------------------- /pv-pod.yaml: -------------------------------------------------------------------------------- 1 | kind: Pod 2 | apiVersion: v1 3 | metadata: 4 | name: pv-pod 5 | spec: 6 | volumes: 7 | - name: pv-storage 8 | persistentVolumeClaim: 9 | claimName: pv-claim 10 | containers: 11 | - name: pv-container 12 | image: nginx 13 | securityContext: 14 | privileged: yes 15 | ports: 16 | - containerPort: 80 17 | name: "http-server" 18 | volumeMounts: 19 | - mountPath: "/usr/share/nginx/html" 20 | name: pv-storage 21 | -------------------------------------------------------------------------------- /morevolumes.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: morevol2 5 | spec: 6 | containers: 7 | - name: centos1 8 | image: centos:7 9 | command: 10 | - sleep 11 | - "3600" 12 | volumeMounts: 13 | - mountPath: /centos1 14 | name: test 15 | - name: centos2 16 | image: centos:7 17 | command: 18 | - sleep 19 | - "3600" 20 | volumeMounts: 21 | - mountPath: /centos2 22 | name: test 23 | volumes: 24 | - name: test 25 | emptyDir: {} 26 | -------------------------------------------------------------------------------- /nwpolicy-complete-example.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.k8s.io/v1 2 | kind: NetworkPolicy 3 | metadata: 4 | name: access-nginx 5 | spec: 6 | podSelector: 7 | matchLabels: 8 | app: nginx 9 | ingress: 10 | - from: 11 | - podSelector: 12 | matchLabels: 13 | access: "true" 14 | ... 15 | 16 | --- 17 | apiVersion: v1 18 | kind: Pod 19 | metadata: 20 | name: nginx 21 | labels: 22 | app: nginx 23 | spec: 24 | containers: 25 | - name: nwp-nginx 26 | image: nginx:1.17 27 | ... 28 | 29 | --- 30 | apiVersion: v1 31 | kind: Pod 32 | metadata: 33 | name: busybox 34 | labels: 35 | app: sleepy 36 | spec: 37 | containers: 38 | - name: nwp-busybox 39 | image: busybox 40 | command: 41 | - sleep 42 | - "3600" 43 | -------------------------------------------------------------------------------- /limits.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: LimitRange 3 | metadata: 4 | name: limit-limits 5 | spec: 6 | limits: 7 | - type: Pod 8 | max: 9 | cpu: 500m 10 | memory: 2Mi 11 | min: 12 | cpu: 10m 13 | memory: 1Mi 14 | - type: Container 15 | max: 16 | cpu: 500m 17 | memory: 500Mi 18 | min: 19 | cpu: 10m 20 | memory: 5Mi 21 | default: 22 | cpu: 250m 23 | memory: 200Mi 24 | defaultRequest: 25 | cpu: 20m 26 | memory: 20Mi 27 | - type: openshift.io/Image 28 | max: 29 | storage: 1Gi 30 | - type: openshift.io/ImageStream 31 | max: 32 | openshift.io/image-tags: 10 33 | openshift.io/images: 20 34 | - type: PersistentVolumeClaim 35 | min: 36 | storage: 2Gi 37 | max: 38 | storage: 50Gi 39 | 40 | -------------------------------------------------------------------------------- /oauth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: config.openshift.io/v1 2 | kind: OAuth 3 | metadata: 4 | creationTimestamp: "2020-12-03T12:17:01Z" 5 | generation: 2 6 | managedFields: 7 | - apiVersion: config.openshift.io/v1 8 | fieldsType: FieldsV1 9 | fieldsV1: 10 | f:spec: {} 11 | manager: cluster-version-operator 12 | operation: Update 13 | time: "2020-12-03T12:17:01Z" 14 | - apiVersion: config.openshift.io/v1 15 | fieldsType: FieldsV1 16 | fieldsV1: 17 | f:spec: 18 | f:identityProviders: {} 19 | manager: kubectl-client-side-apply 20 | operation: Update 21 | time: "2020-12-04T13:12:08Z" 22 | name: cluster 23 | resourceVersion: "52694" 24 | selfLink: /apis/config.openshift.io/v1/oauths/cluster 25 | uid: 14d07b5f-3ad7-458a-b794-c7b99bc9fbb2 26 | spec: 27 | identityProviders: 28 | - htpasswd: 29 | fileData: 30 | name: htpasswd-secret 31 | mappingMethod: claim 32 | name: htpass-users 33 | type: HTPasswd 34 | -------------------------------------------------------------------------------- /withcert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app: withcert 7 | name: withcert 8 | spec: 9 | replicas: 1 10 | selector: 11 | matchLabels: 12 | app: withcert 13 | strategy: {} 14 | template: 15 | metadata: 16 | creationTimestamp: null 17 | labels: 18 | app: withcert 19 | spec: 20 | containers: 21 | - image: bitnami/nginx 22 | name: nginx 23 | resources: {} 24 | ports: 25 | - containerport: 8443 26 | protocol: TCP 27 | volumeMounts: 28 | - name: secret-service 29 | mountPath: /etc/pki/nginx/ 30 | volumes: 31 | - name: secret-service 32 | secret: 33 | defaultMode: 420 34 | secretName: server-secret 35 | items: 36 | - key: tls.crt 37 | path: server.crt 38 | - key: tls.eky 39 | path: private/server.key 40 | status: {} 41 | -------------------------------------------------------------------------------- /linginx-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: linginx1 5 | labels: 6 | deployment: linginx1 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | deployment: linginx1 12 | template: 13 | metadata: 14 | labels: 15 | deployment: linginx1 16 | spec: 17 | containers: 18 | - image: docker.io/nginx 19 | name: linginx1 20 | ports: 21 | - containerPort: 8080 22 | protocol: TCP 23 | volumeMounts: 24 | - mountPath: "/etc/nginx/conf.d" 25 | name: configmap-volume 26 | volumes: 27 | - name: configmap-volume 28 | configMap: 29 | name: linginx1 30 | items: 31 | - key: linginx1.conf 32 | path: default.conf 33 | serviceAccount: linginx-sa 34 | serviceAccountName: linginx-sa 35 | --- 36 | apiVersion: v1 37 | kind: Service 38 | metadata: 39 | labels: 40 | deployment: linginx1 41 | name: linginx1 42 | spec: 43 | ports: 44 | - name: http 45 | port: 8080 46 | protocol: TCP 47 | targetPort: 8080 48 | selector: 49 | deployment: linginx1 50 | -------------------------------------------------------------------------------- /default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8080 default_server; 3 | listen [::]:80 default_server ipv6only=on; 4 | listen 8443 ssl; 5 | 6 | root /usr/share/nginx/html; 7 | index index.html; 8 | 9 | server_name localhost; 10 | ssl_certificate /etc/nginx/ssl/tls.crt; 11 | ssl_certificate_key /etc/nginx/ssl/tls.key; 12 | ssl_session_timeout 1d; 13 | ssl_session_cache shared:SSL:50m; 14 | ssl_session_tickets off; 15 | # modern configuration. tweak to your needs. 16 | ssl_protocols TLSv1.2; 17 | ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; 18 | ssl_prefer_server_ciphers on; 19 | # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) 20 | add_header Strict-Transport-Security max-age=15768000; 21 | # OCSP Stapling --- 22 | # fetch OCSP records from URL in ssl_certificate and cache them 23 | ssl_stapling on; 24 | ssl_stapling_verify on; 25 | location / { 26 | try_files $uri $uri/ =404; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /linginx-v2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: linginx2 5 | labels: 6 | deployment: linginx2 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | deployment: linginx2 12 | template: 13 | metadata: 14 | labels: 15 | deployment: linginx2 16 | spec: 17 | containers: 18 | - image: docker.io/nginx 19 | name: linginx2 20 | ports: 21 | - containerPort: 8080 22 | protocol: TCP 23 | - containerPort: 8443 24 | protocol: TCP 25 | volumeMounts: 26 | - mountPath: "/etc/nginx/ssl" 27 | name: tls-certs 28 | - mountPath: "/etc/nginx/conf.d" 29 | name: configmap-volume 30 | volumes: 31 | - name: tls-certs 32 | secret: 33 | secretName: linginx-certs 34 | - name: configmap-volume 35 | configMap: 36 | name: nginxconfigmap 37 | serviceAccount: linginx-sa 38 | serviceAccountName: linginx-sa 39 | --- 40 | apiVersion: v1 41 | kind: Service 42 | metadata: 43 | labels: 44 | deployment: linginx2 45 | name: linginx2 46 | spec: 47 | ports: 48 | - name: http 49 | port: 8080 50 | protocol: TCP 51 | targetPort: 8080 52 | - name: https 53 | port: 8443 54 | protocol: TCP 55 | targetPort: 8443 56 | selector: 57 | deployment: linginx2 58 | -------------------------------------------------------------------------------- /linginx-v3.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: linginx3 5 | labels: 6 | deployment: linginx3 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | deployment: linginx3 12 | template: 13 | metadata: 14 | labels: 15 | deployment: linginx3 16 | spec: 17 | containers: 18 | - image: bitnami/nginx:latest 19 | name: linginx3 20 | ports: 21 | - containerPort: 8080 22 | protocol: TCP 23 | - containerPort: 8443 24 | protocol: TCP 25 | volumeMounts: 26 | - mountPath: "/etc/nginx/ssl" 27 | name: tls-certs 28 | volumeMounts: 29 | - mountPath: "/etc/nginx/conf.d" 30 | name: configmap-volume 31 | volumes: 32 | - name: tls-certs 33 | secret: 34 | secretName: linginx-certs 35 | - name: configmap-volume 36 | configMap: 37 | name: nginxconfigmap 38 | serviceAccount: linginx-sa 39 | serviceAccountName: linginx-sa 40 | --- 41 | apiVersion: v1 42 | kind: Service 43 | metadata: 44 | labels: 45 | deployment: linginx3 46 | name: linginx3 47 | spec: 48 | ports: 49 | - name: http 50 | port: 80 51 | protocol: TCP 52 | targetPort: 8080 53 | - name: https 54 | port: 8443 55 | protocol: TCP 56 | targetPort: 8443 57 | selector: 58 | deployment: linginx3 59 | -------------------------------------------------------------------------------- /limitrange.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: template.openshift.io/v1 2 | kind: Template 3 | metadata: 4 | creationTimestamp: null 5 | name: project-request 6 | objects: 7 | - apiVersion: project.openshift.io/v1 8 | kind: Project 9 | metadata: 10 | annotations: 11 | openshift.io/description: ${PROJECT_DESCRIPTION} 12 | openshift.io/display-name: ${PROJECT_DISPLAYNAME} 13 | openshift.io/requester: ${PROJECT_REQUESTING_USER} 14 | creationTimestamp: null 15 | name: ${PROJECT_NAME} 16 | spec: {} 17 | status: {} 18 | - apiVersion: rbac.authorization.k8s.io/v1 19 | kind: RoleBinding 20 | metadata: 21 | creationTimestamp: null 22 | name: admin 23 | namespace: ${PROJECT_NAME} 24 | roleRef: 25 | apiGroup: rbac.authorization.k8s.io 26 | kind: ClusterRole 27 | name: admin 28 | subjects: 29 | - apiGroup: rbac.authorization.k8s.io 30 | kind: User 31 | name: ${PROJECT_ADMIN_USER} 32 | - apiVersion: v1 33 | kind: ResourceQuota 34 | metadata: 35 | name: ${PROJECT_NAME}-quota 36 | spec: 37 | hard: 38 | cpu: 3 39 | memory: 10G 40 | - apiVersion: v1 41 | kind: LimitRange 42 | metadata: 43 | name: ${PROJECT_NAME}-limits 44 | spec: 45 | limits: 46 | - type: Container 47 | defaultRequest: 48 | cpu: 30m 49 | memory: 30M 50 | parameters: 51 | - name: PROJECT_NAME 52 | - name: PROJECT_DISPLAYNAME 53 | - name: PROJECT_DESCRIPTION 54 | - name: PROJECT_ADMIN_USER 55 | - name: PROJECT_REQUESTING_USER 56 | -------------------------------------------------------------------------------- /08dec25.txt: -------------------------------------------------------------------------------- 1 | 983 wget https://developers.redhat.com/content-gateway/file/pub/openshift-v4/clients/crc/2.57.0/crc-linux-amd64.tar.xz 2 | 984 tar xvf crc-linux-amd64.tar.xz 3 | 985 crc delete 4 | 986 cd crc-linux-2.57.0-amd64/ 5 | 987 history | grep setup 6 | 988 crc setup 7 | 989 crc start -d 80 -m 32768 -p ../pull-secret 8 | 990 vim login.txt 9 | 991 ip a 10 | 992 exit 11 | 993 cat /etc/os-release 12 | 994 crc status 13 | 995 free -m 14 | 996 lscpu | less 15 | 997 exity 16 | 998 exit 17 | 999 history 18 | 1000 cat pull-secret 19 | 1001 history 20 | 1002 cd crc-linux-2.57.0-amd64/ 21 | 1003 cat login.txt 22 | 1004 eval $(crc oc-env) 23 | 1005 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 24 | 1006 crc console --credentials 25 | 1007 cd 26 | 1008 oc projects 27 | 1009 oc get ns 28 | 1010 oc get ns | wc -l 29 | 1011 oc projects 30 | 1012 oc projects | wc -l 31 | 1013 oc login -u developer -p developer 32 | 1014 oc projects 33 | 1015 oc get ns 34 | 1016 oc completion --help | less 35 | 1017 oc completion bash > ~/.kube/completion.bash.inc 36 | 1018 printf " 37 | # oc shell completion 38 | source '$HOME/.kube/completion.bash.inc' 39 | " >> $HOME/.bash_profile 40 | 1019 source $HOME/.bash_profile 41 | 1020 oc new-project -h | less 42 | 1021* 43 | 1022 history 44 | 1023 oc whoami 45 | 1024 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 46 | 1025 htpasswd -c -B -b /tmp/htpasswd admin password 47 | 1026 sudo dnf provides */htpasswd 48 | 1027 sudo subscription-manager register 49 | 1028 sudo dnf repolist 50 | 1029 sudo dnf provides */htpasswd 51 | 1030 sudo dnf install httpd-tools 52 | 1031 htpasswd -c -B -b /tmp/htpasswd admin password 53 | 1032 cat /tmp/htpasswd 54 | 1033 htpasswd -B -b /tmp/htpasswd anna password 55 | 1034 htpasswd -B -b /tmp/htpasswd linda password 56 | 1035 htpasswd -B -b /tmp/htpasswd anouk password 57 | 1036 htpasswd -B -b /tmp/htpasswd lisa password 58 | 1037 htpasswd -B -b /tmp/htpasswd ahmed password 59 | 1038 cat /tmp/htpasswd 60 | 1039 oc create secret -h | less 61 | 1040 oc create secret generic -h | less 62 | 1041 oc create secret generic htpasswd-secret --from-file htpasswd=/tmp/htpasswd -n openshift-config 63 | 1042 oc adm policy -h | less 64 | 1043 oc adm policy add-cluster-role-to-user -h | less 65 | 1044 oc adm policy add-cluster-role-to-user cluster-admin admin 66 | 1045 oc get oauth 67 | 1046 oc get oauth -o yaml > oauth.yaml 68 | 1047 vim oauth.yaml 69 | 1048 oc get all -n openshift-authentication 70 | 1049 oc replace -f oauth.yaml 71 | 1050 oc get all -n openshift-authentication 72 | 1051 watch oc get all -n openshift-authentication 73 | 1052 oc delete pod -n openshift-authentication 74 | 1053 oc delete pod -n openshift-authentication oauth-openshift-5f6577b965-xhrqw 75 | 1054 watch oc get all -n openshift-authentication 76 | 1055 oc get users 77 | 1056 oc login -u anna -p password 78 | 1057 oc get users 79 | 1058 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 80 | 1059 oc get users 81 | 1060 history 82 | 1061 oc whoami 83 | 1062 oc get nodes 84 | 1063 oc get users 85 | 1064 oc login -u anna -p password 86 | 1065 oc get users 87 | 1066 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 88 | 1067 oc get identity 89 | 1068 oc adm groups -h | less 90 | 1069 oc adm groups new developers 91 | 1070 oc adm groups add-users developers anouk 92 | 1071 oc adm groups new testers 93 | 1072 oc adm groups add-users testers santos 94 | 1073 oc adm groups add-users testers lisa 95 | 1074 oc get clusterroles 96 | 1075 oc get clusterroles | wc -l 97 | 1076 oc get clusterroles | grep -v 'system:' 98 | 1077 oc describe clusterrole storage-admin 99 | 1078 oc create clusterrole -h | less 100 | 1079 oc get cluserrolbinding -o wide | grep 'self-provisioner' 101 | 1080 oc get clusterrolebinding -o wide | grep 'self-provisioner' 102 | 1081 oc describe clusterrolebindings self-provisioners 103 | 1082 oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth 104 | 1083 oc describe clusterrolebindings self-provisioners 105 | 1084 oc login -u linda -p password 106 | 1085 oc whoami 107 | 1086 oc new-project rbac 108 | 1087 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 109 | 1088 oc policy add-role-to-user admin linda -n rbac 110 | 1089 oc new-project rbac 111 | 1090 oc policy add-role-to-user admin linda -n rbac 112 | 1091 oc get groups 113 | 1092 oc login -u admin -p password 114 | 1093 oc policy add-role-to-group edit developers -n rbac 115 | 1094 oc policy add-role-to-group view testers -n rbac 116 | 1095 oc get rolebindings -o wide 117 | 1096 oc adm policy add-cluster-role-to-group --rolebinding-name self-provisioners self-provisioner system:authenticated:oauth 118 | 1097 oc whoami 119 | 1098 oc login -u linda -p password 120 | 1099 oc new-project whatever 121 | 1100 history 122 | 1101 history > /tmp/08dec25.txt 123 | -------------------------------------------------------------------------------- /dec2025.txt: -------------------------------------------------------------------------------- 1 | 489 cat pull-secret 2 | 490 history 3 | 491 cd crc-linux-2.57.0-amd64/ 4 | 492 cat login.txt 5 | 493 eval $(crc oc-env) 6 | 494 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 7 | 495 crc console --credentials 8 | 496 cd 9 | 497 oc projects 10 | 498 oc get ns 11 | 499 oc get ns | wc -l 12 | 500 oc projects 13 | 501 oc projects | wc -l 14 | 502 oc login -u developer -p developer 15 | 503 oc projects 16 | 504 oc get ns 17 | 505 oc completion --help | less 18 | 506 oc completion bash > ~/.kube/completion.bash.inc 19 | 507 printf " 20 | 508 # oc shell completion 21 | 509 source '$HOME/.kube/completion.bash.inc' 22 | 510 " >> $HOME/.bash_profile 23 | 511 source $HOME/.bash_profile 24 | 512 oc new-project -h | less 25 | 513 history 26 | 514 oc whoami 27 | 515 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 28 | 516 htpasswd -c -B -b /tmp/htpasswd admin password 29 | 517 sudo dnf provides */htpasswd 30 | 518 sudo subscription-manager register 31 | 519 sudo dnf repolist 32 | 520 sudo dnf provides */htpasswd 33 | 521 sudo dnf install httpd-tools 34 | 522 htpasswd -c -B -b /tmp/htpasswd admin password 35 | 523 cat /tmp/htpasswd 36 | 524 htpasswd -B -b /tmp/htpasswd anna password 37 | 525 htpasswd -B -b /tmp/htpasswd linda password 38 | 526 htpasswd -B -b /tmp/htpasswd anouk password 39 | 527 htpasswd -B -b /tmp/htpasswd lisa password 40 | 528 htpasswd -B -b /tmp/htpasswd ahmed password 41 | 529 cat /tmp/htpasswd 42 | 530 oc create secret -h | less 43 | 531 oc create secret generic -h | less 44 | 532 oc create secret generic htpasswd-secret --from-file htpasswd=/tmp/htpasswd -n openshift-config 45 | 533 oc adm policy -h | less 46 | 534 oc adm policy add-cluster-role-to-user -h | less 47 | 535 oc adm policy add-cluster-role-to-user cluster-admin admin 48 | 536 oc get oauth 49 | 537 oc get oauth -o yaml > oauth.yaml 50 | 538 vim oauth.yaml 51 | 539 oc get all -n openshift-authentication 52 | 540 oc replace -f oauth.yaml 53 | 541 oc get all -n openshift-authentication 54 | 542 watch oc get all -n openshift-authentication 55 | 543 oc delete pod -n openshift-authentication 56 | 544 oc delete pod -n openshift-authentication oauth-openshift-5f6577b965-xhrqw 57 | 545 watch oc get all -n openshift-authentication 58 | 546 oc get users 59 | 547 oc login -u anna -p password 60 | 548 oc get users 61 | 549 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 62 | 550 oc get users 63 | 551 history 64 | 552 oc whoami 65 | 553 oc get nodes 66 | 554 oc get users 67 | 555 oc login -u anna -p password 68 | 556 oc get users 69 | 557 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 70 | 558 oc get identity 71 | 559 oc adm groups -h | less 72 | 560 oc adm groups new developers 73 | 561 oc adm groups add-users developers anouk 74 | 562 oc adm groups new testers 75 | 563 oc adm groups add-users testers santos 76 | 564 oc adm groups add-users testers lisa 77 | 565 oc get clusterroles 78 | 566 oc get clusterroles | wc -l 79 | 567 oc get clusterroles | grep -v 'system:' 80 | 568 oc describe clusterrole storage-admin 81 | 569 oc create clusterrole -h | less 82 | 570 oc get cluserrolbinding -o wide | grep 'self-provisioner' 83 | 571 oc get clusterrolebinding -o wide | grep 'self-provisioner' 84 | 572 oc describe clusterrolebindings self-provisioners 85 | 573 oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth 86 | 574 oc describe clusterrolebindings self-provisioners 87 | 575 oc login -u linda -p password 88 | 576 oc whoami 89 | 577 oc new-project rbac 90 | 578 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 91 | 579 oc policy add-role-to-user admin linda -n rbac 92 | 580 oc new-project rbac 93 | 581 oc policy add-role-to-user admin linda -n rbac 94 | 582 oc get groups 95 | 583 oc login -u admin -p password 96 | 584 oc policy add-role-to-group view testers -n rbac 97 | 585 oc get rolebindings -o wide 98 | 586 oc adm policy add-cluster-role-to-group --rolebinding-name self-provisioners self-provisioner system:authenticated:oauth 99 | 587 oc whoami 100 | 588 oc login -u linda -p password 101 | 589 oc new-project whatever 102 | 590 history 103 | 591 history > /tmp/08dec25.txt 104 | 592 vim /tmp/08dec25.txt 105 | 593 oc get sc 106 | 594 oc create deploy nginx --image=bitnami/nginx 107 | 595 oc get all 108 | 596 oc set volumes -h | less 109 | 597 oc set volumes deploy/nginx --add --name my-pv-storage --type persistentVolumeClaim --claim-mode rwo --claim-size 1Gi --mount-path /data --claim-name mypvc 110 | 598 oc get pvc 111 | 599 oc get pv 112 | 600 oc get deploy -o yaml | less 113 | 601 oc exec -it nginx-6cf64bb697-nqkv8 -- touch /data/lindafile 114 | 602 crc ssh 115 | 603 oc describe pv -o yaml | less 116 | 604 oc get pv -o yaml | less 117 | 605 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 118 | 606 oc get pv -o yaml | less 119 | 607 oc get sc -o yaml 120 | 608 history 121 | 609 oc create secret generic -h | less 122 | 610 oc create secret generic mysql --from-literal user=sqluser --from-literal password=password --from-literal database=secretdb --from-literal hostname=mysql --from-literal root_password=password 123 | 611 oc get secret -o yaml | less 124 | 612 oc get secret mysql -o yaml | less 125 | 613 echo c2VjcmV0ZGI= | base64 -d 126 | 614 oc new-project newer 127 | 615 oc whoami 128 | 616 oc new-app -h | less 129 | 617 oc new-app --name mysql --docker-image bitnami/mysql 130 | 618 oc get all 131 | 619 podman search bitnami/mysql 132 | 620 oc new-app --name mysql --docker-image docker.io/library/bitnami/mysql 133 | 621 podman search mysql | grep bitnami 134 | 622 oc new-app --name mysql --docker-image docker.io/bitnami/mysql 135 | 623 oc get all 136 | 624 oc new-app --name mysql --image docker.io/bitnami/mysql 137 | 625 oc new-app --name mysql --image bitnami/mysql 138 | 626 oc get all 139 | 627 podman search mysql | less 140 | 628 oc new-app --name mysql --image registry.redhat.io/rhel10/mysql-84 141 | 629 oc get all 142 | 630 oc describe pod mysql-6dc5997c65-vgncv 143 | 631 oc logs mysql-6dc5997c65-vgncv 144 | 632 oc set env deploy/mysql --from secret/mysql --prefix MYSQL_ 145 | 633 oc get secrets 146 | 634 oc create secret generic mysql --from-literal user=sqluser --from-literal password=password --from-literal database=secretdb --from-literal hostname=mysql --from-literal root_password=password 147 | 635 oc set env deploy/mysql --from secret/mysql --prefix MYSQL_ 148 | 636 oc get all 149 | 637 oc get deployment mysql -o yaml | less 150 | 638 oc exec -it mysql-d64c9d559-qfqf7 -- env 151 | 639 kubectl get sa 152 | 640 kubectl get deploy 153 | 641 oc get deployment mysql -o yaml | grep ervice 154 | 642 oc get deployment mysql -o yaml | less 155 | 643 oc explain --recursive deploy | grep -C 5 ervice 156 | 644 oc get pods.spec.serviceAccount 157 | 645 oc get pod.spec.serviceAccount 158 | 646 oc get pod.spec.containers.serviceAccount 159 | 647 oc get pod mysql-d64c9d559-qfqf7 -o yaml | less 160 | 648 oc get deploy -o yaml | less 161 | 649 oc get pods -o yaml | less 162 | 650 oc explain pods.spec | less 163 | 651 oc explain deployment.spec.template.spec | less 164 | 652 oc get scc 165 | 653 oc describe scc nonroot 166 | 654 oc describe scc nonroot | less 167 | 655 oc describe pod mysql-d64c9d559-qfqf7 | grep -i scc 168 | 656 oc whomai 169 | 657 oc whoami 170 | 658 oc login -u linda -p password 171 | 659 oc whoami 172 | 660 oc new-project sccs 173 | 661 oc new-app --name sccnginx --image=nginx:latest 174 | 662 oc get pods 175 | 663 oc logs sccnginx-854f688447-j6dsl 176 | 664 oc get pods sccnginx-854f688447-j6dsl -o yaml | oc adm policy scc-subject-review -f - 177 | 665 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 178 | 666 oc get pods sccnginx-854f688447-j6dsl -o yaml | oc adm policy scc-subject-review -f - 179 | 667 oc create sa nginx-sa 180 | 668 oc adm policy add-scc-to-user restricted-v2 -z nginx-sa 181 | 669 oc adm policy add-scc-to-user restricted-v2 -h | less 182 | 670 oc login -u linda -p password 183 | 671 oc get all 184 | 672 oc get sa 185 | 673 oc set serviceaccount deployment sccnginx nginx-sa 186 | 674 oc get pods 187 | 675 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 188 | 676 oc get pods sccnginx-854f688447-j6dsl -o yaml | oc adm policy scc-subject-review -f - 189 | 677 oc status --suggest 190 | 678 subject-review -f - 191 | 679 oc whoami 192 | 680 oc adm policy add-scc-to-user anyuid -z nginx-sa 193 | 681 oc login -u linda -p password 194 | 682 oc get pods 195 | 683 oc delete pod sccnginx-58b569899f-m5wvs 196 | 684 oc get pods 197 | 685 history 198 | 686 oc get all 199 | 687 curl 10.217.4.225 200 | 688 oc edit svc sccnginx 201 | 689 oc get svc 202 | 690 crc ip 203 | 691 curl 127.0.0.1:31795 204 | 692 oc api-resources | less 205 | 693 oc expose -h | less 206 | 694 oc get svc 207 | 695 oc expose svc sccnginx --hostname whatever.com 208 | 696 oc get routes 209 | 697 curl whatever.com 210 | 698 oc delete route sccnginx 211 | 699 oc expose svc sccnginx 212 | 700 oc get routes 213 | 701 curl sccnginx-sccs.apps-crc.testing 214 | 702 oc edit svc sccnginx 215 | 703 curl sccnginx-sccs.apps-crc.testing 216 | 704 oc describe routes.route.openshift.io sccnginx 217 | 705 oc describe svc sccnginx 218 | 706 oc edit routes.route.openshift.io sccnginx 219 | 707 oc edit svc sccnginx 220 | 708 oc describe routes.route.openshift.io sccnginx 221 | 709 oc describe svc sccnginx 222 | 710 oc label -h | less 223 | 711 oc get nodes 224 | 712 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 225 | 713 oc label nodes crc state=drunk 226 | 714 history | grep nginx 227 | 715 oc run testpod --image=docker.io/library/nginx --dry-run=client -o yaml > dryginx.yaml 228 | 716 vim dryginx.yaml 229 | 717 oc apply -f dryginx.yaml 230 | 718 oc get pods 231 | 719 oc describe pod testpod 232 | 720 vim dryginx.yaml 233 | 721 oc replace -f dryginx.yaml 234 | 722 oc delete -f dryginx.yaml 235 | 723 oc apply -f dryginx.yaml 236 | 724 oc get pods 237 | 725 oc label node crc state- 238 | 726 oc get pods 239 | 727 oc create deploymentconfig -h | less 240 | 728 oc create deploymentconfig my-nginx --image=docker.io/library/nginx 241 | 729 kubectl get deploy 242 | 730 kubectl get dc 243 | 731 kubectl create deploy scales --image=docker.io/library/nginx --replicas=3 --dry-run=client -o yaml scale.yaml 244 | 732 kubectl create deploy scales --image=docker.io/library/nginx --replicas=3 --dry-run=client -o yaml > scale.yaml 245 | 733 kubectl delete deploy scale.yaml 246 | 734 oc get deploy 247 | 735 vim scale.yaml 248 | 736 oc apply -f scale.yaml 249 | 737 vim scale.yaml 250 | 738 oc run testing --image=docker.io/library/nginx --dry-run=client -o yaml > testing.yaml 251 | 739 vim testing.yaml 252 | 740 oc get deploy 253 | 741 oc apply -f scale.yaml 254 | 742 oc get deploy 255 | 743 oc apply -f testing.yaml 256 | 744 oc get deploy 257 | 745 oc get pods 258 | 746 oc logs scales-77759f8bf7-9szm8 259 | 747 oc delete all --all 260 | 748 crc config set enable-cluster-monitoring true 261 | 749 crc config view 262 | 750 oc get ns | grep metri 263 | 751 oc get ns | grep prome 264 | 752 oc get pods -A 265 | 753 oc get pods -A | grep metr 266 | 754 oc get pods -A | grep prome 267 | 755 history | grep kubead 268 | 756 sudo poweroff 269 | 757 crc status 270 | 758 crc start -d 80 -m 32768 -p ../pull-secret 271 | 759 eval $(crc oc-env) 272 | 760 oc login -u kubeadmin -p auaQn-UazkW-d3DaE-WLDfC 273 | 761 oc new-project yeah 274 | 762 mkdir openssl 275 | 763 cd openssl/ 276 | 764 openssl genrsa -des3 -out myCA.key 2048 277 | 765 openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem 278 | 766 openssl x509 -req -in tls.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out tls.crt -days 1650 -sha256 279 | 767 history 280 | 768 openssl genrsa -out tls.key 2048 281 | 769 openssl req -new -key tls.key -out tls.csr 282 | 770 openssl x509 -req -in tls.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out tls.crt -days 1650 -sha256 283 | 771 ls -lrt 284 | 772 oc new-project myproject 285 | 773 oc project mproject 286 | 774 oc project myproject 287 | 775 cd ../ex288/ 288 | 776 cd .. 289 | 777 ls 290 | 778 git clone https://github.com/sandervanvugt/ex280 291 | 779 cd ex280/ 292 | 780 vim linginx1.conf 293 | 781 oc create cm linginx1 --from-file linginx1.conf 294 | 782 oc whoami 295 | 783 oc create sa linginx-sa 296 | 784 oc adm policy add-scc-to-user anyuid -z linginx-sa 297 | 785 vim linginx-v1.yaml 298 | 786 oc create -f linginx-v1.yaml 299 | 787 oc get pods,svc 300 | 788 oc create route -h | less 301 | 789 oc create route edge -h | less 302 | 790 oc create route edge linginx1 --service linginx1 --cert=../openssl/tls.crt --key=../openssl/tls.key --ca-cert=../openssl/myCA.pem 303 | 791 oc get all 304 | 792 curl -k https://linginx1-myproject.apps-crc.testing 305 | 793 history 306 | 794 curl http://linginx1-myproject.apps-crc.testing 307 | 795 history 308 | 796 curl http://linginx1-myproject.apps-crc.testing 309 | 797 oc describe route linginx1 310 | 798 mkdir openssl 311 | 799 cd openssl/ 312 | 800 openssl genrsa -des3 -out myCA.key 2048 313 | 801 openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem 314 | 802 openssl genrsa -out tls.key 2048 315 | 803 openssl req -new -key tls.key -out tls.csr 316 | 804 ls -l 317 | 805 openssl x509 -req -in tls.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out tls.crt -days 1650 -sha256 318 | 806 oc create secret tls linginx-certs --cert tls.crt --key tls.key 319 | 807 cd .. 320 | 808 cat default.conf 321 | 809 oc create cm nginxconfigmap --from-file default.conf 322 | 810 oc create sa linginx-sa 323 | 811 oc new-project default 324 | 812 oc project default 325 | 813 history 326 | 814 oc create secret tls linginx-certs --cert tls.crt --key tls.key 327 | 815 cd openssl/ 328 | 816 oc create secret tls linginx-certs --cert tls.crt --key tls.key 329 | 817 cd .. 330 | 818 oc create cm nginxconfigmap --from-file default.conf 331 | 819 oc create sa linginx-sa 332 | 820 oc adm policy add-scc-to-user anyuid -z linginx-sa 333 | 821 vim linginx-v2.yaml 334 | 822 oc create -f linginx-v2.yaml 335 | 823 oc create route passthrough linginx --service linginx2 --port 8443 --hostname=linginx-default.apps-crc.testing 336 | 824 oc get routes 337 | 825 oc get svc 338 | 826 curl -k linginx-default.apps-crc.testing 339 | 827 history 340 | 828 oc projects 341 | 829 history 342 | 830 vim nwpolicy-complete-example.yaml 343 | 831 oc apply -f nwpolicy-complete-example.yaml 344 | 832 oc expose pod nginx --port=80 345 | 833 oc exec -it busybox -- wget --spider --timeout=1 nginx 346 | 834 oc describe networkpolicy 347 | 835 oc label pod busybox access=true 348 | 836 oc exec -it busybox -- wget --spider --timeout=1 nginx 349 | 837 oc create ns nwp-namespace 350 | 838 ls 351 | 839 cd .. 352 | 840 git clone https://github.com/sandervanvugt/cka 353 | 841 cd cka 354 | 842 ls 355 | 843 vim nwp-lab10-1.yaml 356 | 844 oc apply -f nwp-lab10-1.yaml 357 | 845 oc expose pod nwp-nginx --port=80 358 | 846 oc exec -it nwp-busybox -n nwp-namespace -- wget --spider --timeout=1 nwp-nginx 359 | 847 oc exec -it nwp-busybox -n nwp-namespace -- nslookup nwp-nginx 360 | 848 oc exec -it nwp-busybox -n nwp-namespace -- wget --spider --timeout=1 nwp-nginx.default.svc.cluster.local 361 | 849 vim nwp-lab10-2.yaml 362 | 850 oc apply -f nwp-lab10-2.yaml 363 | 851 oc exec -it nwp-busybox -n nwp-namespace -- wget --spider --timeout=1 nwp-nginx.default.svc.cluster.local 364 | 852 history 365 | 853 vim nwp-lab10-1.yaml 366 | 854 vim dmitriy.yaml 367 | 855 oc get pods --show-labels 368 | 856 vim dmitriy.yaml 369 | 857 vim nwp-lab10-1.yaml 370 | 858 vim dmitriy.yaml 371 | 859 vim nwp-lab10-1.yaml 372 | 860 oc get ns nwp-namespace --show-labels 373 | 861 vim dmitriy.yaml 374 | 862 oc apply -f dmitriy.yaml 375 | 863 oc exec -it nwp-busybox -n nwp-namespace -- wget --spider --timeout=1 nwp-nginx.default.svc.cluster.local 376 | 864 cat dmitriy.yaml 377 | 865 ./counter.sh 13 378 | 866 cat dmitriy.yaml 379 | 867 oc get deploy 380 | 868 oc scale deploy linginx2 --replicas=3 381 | 869 oc scale deploy linginx2 --replicas=0 382 | 870 history | grep autosc 383 | 871 oc get pods -A | grep metrics 384 | 872 oc new-app --name simple php~https://github.com/sandervanvugt/simpleapp 385 | 873 oc get all 386 | 874 oc autoscale deployment simple --min 5 --max 10 --cpu-percent 1 387 | 875 oc get hpa 388 | 876 oc get deploy 389 | 877 oc describe hpa simple 390 | 878 oc set resources -h | less 391 | 879 # oc set resources deployment nginx --limits=cpu=200m,memory=512Mi --requests=cpu=100m,memory=256Mi 392 | 880 oc set resources deploy simple --limits=256Mi --requests=16Mi 393 | 881 oc set resources deploy simple --limits=memory=256Mi --requests=memory=16Mi 394 | 882 oc get deploy simple -o yaml | less 395 | 883 cd 396 | 884 oc new-project jawohl 397 | 885 oc get all 398 | 886 oc create deploy nee --image=bitnami/nginx:latest --replicas=3 399 | 887 oc get pods 400 | 888 oc set resource deploy nee --request cpu=1m,memory=1Mi --limits cpu=20m,memory=5Mi 401 | 889 oc set resource deploy nee --requests cpu=1m,memory=1Mi --limits cpu=20m,memory=5Mi 402 | 890 oc set resources deploy nee --requests cpu=1m,memory=1Mi --limits cpu=20m,memory=5Mi 403 | 891 oc get all 404 | 892 oc set resources deploy nee --requests cpu=1m,memory=10Gi --limits cpu=20m,memory=50Gi 405 | 893 kubectl get all 406 | 894 oc describe node crc | less 407 | 895 oc get all 408 | 896 oc describe pod nee-7c77d6f7bc-7f5kj 409 | 897 oc set resources deploy nee --requests cpu=1m,memory=10Mi --limits cpu=20m,memory=50Mi 410 | 898 oc adm top pods 411 | 899 oc create quota -h | less 412 | 900 oc whoami 413 | 901 oc new-project quota-test 414 | 902 oc create quota qtest --hard pods=3,cpu=100m,memory=500Mi 415 | 903 oc describe quota 416 | 904 oc create deploy bitginx --image=bitnami/nginx:latest --replicas=3 417 | 905 oc get all 418 | 906 oc describe rs bitginx-d4f859d5d 419 | 907 oc set resources deploy bitginx --requests cpu=100m,memory=5Mi --limits cpu=200m,memory=20Mi 420 | 908 oc get all 421 | 909 oc describe quota 422 | 910 oc create quota qtest --hard pods=3,cpu=1,memory=500Mi 423 | 911 oc edit quota qtest 424 | 912 oc describe quota 425 | 913 oc get all 426 | 914 oc get LimitRange 427 | 915 oc api-resources | grep -i limitr 428 | 916 oc new-project limits 429 | 917 oc explain limitrange.spec.limits 430 | 918 cd ex280/ 431 | 919 vim limits.yaml 432 | 920 oc create -f limits.yaml 433 | 921 oc get limitrange 434 | 922 oc describe limitranges limit-limits 435 | 923 oc describe ns 436 | 924 oc describe ns limits 437 | 925 oc create deploy limitginx --image=bitnami/nginx:latest --replicas=8 438 | 926 oc get all 439 | 927 oc describe replicaset limitginx-7dc4d7c698 440 | 928 vim limits.yaml 441 | 929 oc apply -f limits.yaml 442 | 930 oc get all 443 | 931 oc get deploy 444 | 932 oc scale deploy limitginx --replicas=4 445 | 933 oc get deploy 446 | 934 oc describe rs limitginx-7dc4d7c698 447 | 935 oc_project_ps1() { local proj; proj=$(oc project -q 2>/dev/null); [ -n "$proj" ] && echo "[${proj}] "; } 448 | 936 PS1='$(oc_project_ps1)'"$PS1" 449 | 937 sudo vim /etc/profile.d/ocprompt.sh 450 | 938 oc adm taint node crc priority=highest:NoSchedule 451 | 939 oc new-project tainted 452 | 940 oc create deploy taintginx --image=bitnami/nginx:latest --replicas=3 453 | 941 oc get all 454 | 942 oc describe pod taintginx-845d4489b5-78jq2 455 | 943 oc edit deploy taintginx 456 | 944 oc get all 457 | 945 oc edit node crc 458 | 946 oc adm taint node crc priority- 459 | 947 cd 460 | 948 oc adm must-gather 461 | 949 ls 462 | 950 tar -czvf cluster-247d2f50-fa05-4772-85b5-c3b67ba83b39.tar.gz must-gather.local.4831067140441011288/ 463 | 951 ls -l 464 | 952 ls -l clu* 465 | 953 oc create cronjob -h | less 466 | 954 # oc create cronjob my-job --image=busybox --schedule="*/1 * * * *" -- date 467 | 955 oc create cronjob ooit --image=busybox --schedule="*/1 * * * *" --dry-run=client -o yaml -- date > ooit.yaml 468 | 956 oc explain cronjob.spec 469 | 957 vim ooit.yaml 470 | 958 oc apply -f ooit.yaml 471 | 959 date 472 | 960 oc get all 473 | 961 oc logs ooit-29421724-mscc9 474 | 962 history 475 | 963 oc adm create-bootstrap-project-template -o yaml > stemplate.yaml 476 | 964 vim stemplate.yaml 477 | 965 history | grep -i limitr 478 | 966 oc get limitranges -A 479 | 967 oc get limitranges -n limits -o yaml >> stemplate.yaml 480 | 968 vim stemplate.yaml 481 | 969 oc create -f stemplate.yaml -n openshift-config 482 | 970 oc edit projects.config.openshift.io/cluster 483 | 971 sleep 60 484 | 972 oc new-project santos 485 | 973 oc describe project santos 486 | 974 oc get all 487 | 975 oc create deploy santosginx --image=bitnami/nginx:latest --replicas=3 488 | 976 oc get all 489 | 977 oc get limitrange 490 | 978 oc delete limitrange santos-limitrange 491 | 979 oc get all 492 | 980 oc describe ns santos 493 | 981 oc get all 494 | 982 oc scale deployment santos --replicas=4 495 | 983 oc get deploy 496 | 984 oc edit project.config.openshift.io/cluster 497 | 985 oc set probe -h | less 498 | 986 #oc set probe rc/mysql --readiness --open-tcp=3306 499 | 987 oc get all 500 | 988 oc get deploy 501 | 989 oc get deploy,rs,pods 502 | 990 oc set probe deploy/santosginx --readiness --open-tcp=3306 503 | 991 oc edit deploy santosginx 504 | 992 sleep 11 505 | 993 oc get deploy,rs,pods 506 | 994 oc describe pod santosginx-5cb86fcb7-srz9q 507 | 995 oc edit deployments.apps santosginx 508 | 996 history 509 | 997 sudo poweroff 510 | 998 history > /tmp/dec2025.txt 511 | --------------------------------------------------------------------------------