API tools faq
paste
sandervanvugt

ex280 both days oct22

sandervanvugt
Oct 20th, 2022
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.12 KB | None | 0 0
raw download clone embed print report
  1. 686 crc cleanup
  2. 687 crc setup
  3. 688 crc start -m 14000 -p pull-secret
  4. 689 free -m
  5. 690 eval $(crc oc-env)
  6. 691 oc login -u developer https://api.crc.testing:6443
  7. 692 oc new-project illbeback
  8. 693 oc get all
  9. 694 crc console --credentials
  10. 695 oc login -u kubeadmin -p 27GZa-IGncb-ZLNqm-gL4hq https://api.crc.testing:6443
  11. 696 oc create testapp --image=docker.io/bitnami/nginx --replicas=3
  12. 697 oc create deploy testapp --image=docker.io/bitnami/nginx --replicas=3
  13. 698 oc get all
  14. 699 PODNAME=$(oc get pods | grep test | awk '{ print $1 }')
  15. 700 echo $PODMAN
  16. 701 echo $PODNAME
  17. 702 oc api-resources | less
  18. 703 oc api-resources | wc
  19. 704 sudo dnf provides */htpasswd
  20. 705 oc whoami
  21. 706 htpasswd -c -B -b /tmp/htpasswd admin password
  22. 707 htpasswd -B -b /tmp/htpasswd anna password
  23. 708 htpasswd -B -b /tmp/htpasswd linda password
  24. 709 htpasswd -B -b /tmp/htpasswd anouk password
  25. 710 htpasswd -B -b /tmp/htpasswd lisa password
  26. 711 htpasswd -B -b /tmp/htpasswd ahmed password
  27. 712 cat /tmp/htpasswd
  28. 713 oc create secret generic htpasswd-secret --from-file htpasswd=/tmp/htpasswd -n openshift-config
  29. 714 oc adm policy -h | less
  30. 715 oc adm policy add-cluster-role-to-user -h | less
  31. 716 oc adm policy add-cluster-role-to-user cluster-admin admin
  32. 717 oc get oauth cluster
  33. 718 oc get oauth cluster -o yaml > oauth.yaml
  34. 719 vim oauth.yaml
  35. 720 oc replace -f oauth.yaml
  36. 721 oc get all -n openshift-authentication
  37. 722 oc login -u anna -p password
  38. 723 oc login -u kubeadmin -p 27GZa-IGncb-ZLNqm-gL4hq https://api.crc.testing:6443
  39. 724 cd ../ex280/
  40. 725 ./countdown 18
  41. 726 oc get all -n openshift-authentication
  42. 727 oc login -u anna -p password
  43. 728 oc get user
  44. 729 oc get users
  45. 730 oc get nodes
  46. 731 oc login -u admin -p password
  47. 732 oc get nodes
  48. 733 oc get users
  49. 734 oc get identity
  50. 735 oc adm groups new developers
  51. 736 oc adm -h
  52. 737 oc adm groups -h
  53. 738 oc adm groups add-users developers anouk
  54. 739 oc adm groups new testers
  55. 740 oc adm groups add-users testers lisa
  56. 741 history
  57. 742 oc get oauth cluster -o yaml
  58. 743 oc get clusterroles
  59. 744 oc get clusterroles | wc
  60. 745 oc get clusterroles | grep -v 'system:'
  61. 746 source <(oc completion bash)
  62. 747 oc describe clusterroles multus
  63. 748 oc describe clusterroles storage-admin
  64. 749 oc describe clusterroles storage-admin -o yaml
  65. 750 oc get clusterroles storage-admin -o yaml
  66. 751 oc adm policy who-can delete user
  67. 752 oc get clusterrolebindings
  68. 753 oc get clusterrolebindings | wc
  69. 754 oc get clusterrolebindings | grep -v 'system:'
  70. 755 oc get clusterrolebindings | grep -v 'system:' | wc
  71. 756 oc get rolebindings
  72. 757 oc projects
  73. 758 oc projects -n openshift-sdn
  74. 759 oc get rolebindings -n openshift-sdn
  75. 760 oc get rolebindings -A
  76. 761 oc get rolebindings -A | wc
  77. 762 ./countdown 1
  78. 763 oc get rolebindings -A
  79. 764 oc get clusterrolebinding -o wide | grep 'self-provisioner'
  80. 765 oc describe clusterrolebindings self-provisioners
  81. 766 oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth
  82. 767 oc describe clusterrolebindings self-provisioners
  83. 768 oc login -u linda -p password
  84. 769 oc new-project
  85. 770 oc new-project linda
  86. 771 oc login -u admin -p password
  87. 772 oc new-project rbac
  88. 773 oc policy add-role-to-user admin linda -n rbac
  89. 774 oc get groups
  90. 775 oc login -u linda -p password
  91. 776 oc login -u admin -p password
  92. 777 oc policy add-role-to-group edit developers -n rbac
  93. 778 oc policy add-role-to-group edit view testers -n rbac
  94. 779 oc policy add-role-to-group view testers -n rbac
  95. 780 oc get rolebindings
  96. 781 oc get rolebindings -o wide
  97. 782 oc adm policy add-cluster-role-to-group --rolebinding-name self-provisioners self-provisioner system:authenticated:oauth
  98. 783 oc login -u anna -p password
  99. 784 oc login -u admin -p password
  100. 785 oc create secret generic mysql --from-literal user=sqluser --from-literal password=password --from-literal database=secretdb --from-literal hostname=mysql --from-literal root_password=password
  101. 786 oc get secret mysql -o yaml
  102. 787 echo cGFzc3dvcmQ= | base64 -d
  103. 788 oc new-app --name mysql --docker-image docker.io/bitnami/mysql
  104. 789 oc get pods -w
  105. 790 oc get pods
  106. 791 oc logs mysql-6c9d88d69d-lg5bw
  107. 792 oc set -h | less
  108. 793*
  109. 794 oc get pods
  110. 795*
  111. 796 ./countdown 12
  112. 797 oc get pods
  113. 798 oc get pods mysql-cbd7c7566-d5644 -o yaml | lesws
  114. 799 oc get pods mysql-cbd7c7566-d5644 -o yaml | less
  115. 800 oc create sa mysa
  116. 801 oc get sa mysa -o yaml
  117. 802 oc get scc
  118. 803 oc describe scc nonroot
  119. 804 oc describe pod mysql-cbd7c7566-d5644 | grep -i scc
  120. 805 oc login -u linda -p password
  121. 806 oc new-project sccs
  122. 807 oc new-app --name sccnginx --image=nginx
  123. 808 oc get pods
  124. 809 oc describe pod sccnginx-67c84759cb-2cm5c
  125. 810 oc logs sccnginx-67c84759cb-2cm5c
  126. 811 oc get pods sccnginx-67c84759cb-2cm5c -o yaml | oc adm policy scc-subject-review -f -
  127. 812 oc login -u admin -p password
  128. 813 oc get pods sccnginx-67c84759cb-2cm5c -o yaml | oc adm policy scc-subject-review -f -
  129. 814 oc create sa nginx-sa
  130. 815 oc adm policy add-scc-to-user anyuid -z nginx-sa
  131. 816 oc login -u linda -p password
  132. 817*
  133. 818 oc get pods
  134. 819 oc get all
  135. 820 oc get pods -o yaml | less
  136. 821 oc new-project nonroot
  137. 822 oc new-app --image=bitnami/nginx --name=bginx
  138. 823 oc get pods -o wide bginx-6fdf8894c4-h5xq4
  139. 824 oc describe pod bginx-6fdf8894c4-h5xq4
  140. 825 oc get svc
  141. 826 oc edit svc bginx
  142. 827 oc get svc
  143. 828 oc expose svc bginx
  144. 829 oc get all
  145. 830 curl bginx-nonroot.apps-crc.testing
  146. 831 history
  147. 832 eval $(crc oc-env)
  148. 833 oc login -u developer -p developer https://api.crc.testing:6443
  149. 834 oc login -u admin -p password
  150. 835 oc get all
  151. 836 oc whoami
  152. 837 oc login -u linda -p password
  153. 838 oc get all
  154. 839 source <(oc completion bash)
  155. 840 oc delete routes.route.openshift.io bginx
  156. 841 oc get svc
  157. 842 oc describe svc bginx
  158. 843 oc get all -L
  159. 844 oc get all --show-labels
  160. 845 oc describe svc bginx
  161. 846 oc expose svc bginx --hostname myserver.example.com
  162. 847 oc get all
  163. 848 curl myserver.example.com
  164. 849 oc delete routes.route.openshift.io bginx
  165. 850 oc expose svc bginx
  166. 851 oc get all
  167. 852 curl bginx-nonroot.apps-crc.testing
  168. 853 oc edit svc bginx
  169. 854 curl bginx-nonroot.apps-crc.testing
  170. 855 oc edit svc bginx
  171. 856 cd openssl/
  172. 857 ls
  173. 858 rm -f *
  174. 859 openssl genrsa -des3 -out myCA.key 2048
  175. 860 openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem
  176. 861 ls -l
  177. 862 openssl genrsa -out tls.key 2048
  178. 863 openssl req -new -key tls.key -out tls.csr
  179. 864 openssl x509 -req -in tls.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out tls.crt -days 1650 -sha256
  180. 865 ls -l
  181. 866 openssl req -text -verify -noout -in tls.csr
  182. 867 man openssl-req
  183. 868 man openssl-x509
  184. 869 pwd
  185. 870 cd ../ex180
  186. 871 ./countdown 13
  187. 872 oc whoami
  188. 873 oc new-project myproject
  189. 874 cd ../ex280/
  190. 875 ls
  191. 876 vim linginx1.conf
  192. 877 oc create cm linginx1 --from-file linginx1.conf
  193. 878 oc describe cm linginx1
  194. 879 oc login -u admin -p password
  195. 880 oc create sa linginx-sa
  196. 881 oc adm policy add-scc-to-user anyuid -z linginx-sa
  197. 882 vim linginx-v1.yaml
  198. 883 oc create -f linginx-v1.yaml
  199. 884 oc get all
  200. 885 oc get svc -o yaml
  201. 886 oc get endpoints
  202. 887 cd ..
  203. 888 oc create -h | less
  204. 889 oc create route -h | less
  205. 890 oc create route edge -h | less
  206. 891 oc create route edge linginx1 --service linginx1 --cert=openssl/tls.crt --key=openssl/tls.key --ca-cert=openssl/myCA.pem
  207. 892 oc get routes
  208. 893 curl -svv https://linginx1-myproject.apps-crc.testing
  209. 894 curl -skvv https://linginx1-myproject.apps-crc.testing
  210. 895 cd openssl/
  211. 896 ls
  212. 897 ls -l
  213. 898 cd ..
  214. 899 mkdir tlsstuff
  215. 900 cd tlsstuff/
  216. 901 openssl genrsa -des3 out -myCA.key 2048
  217. 902 openssl genrsa -des3 -out -myCA.key 2048
  218. 903 rm -myCA.key
  219. 904 rm -- -myCA.key
  220. 905 openssl genrsa -des3 -out myCA.key 2048
  221. 906 openssl req -x509 -new -nodes -key myCA.key -sha256 -days 3650 -out myCA.pem
  222. 907 openssl genrsa -out tls.key 2048
  223. 908 openssl req -new -key tls.key -out tls.csr
  224. 909 openssl x509 -req -in tls.csr -CA myCA.pem -CAkey myCA.key -CAcreateserial -out tls.crt -days 1650 -sha256
  225. 910 ls -l
  226. 911 oc create secret tls -h
  227. 912 oc create secret tls -h | less
  228. 913 oc create secret tls linginx-certs --cert tls.crt --key tls.key
  229. 914 oc get secret linginx-certs -o yaml
  230. 915 oc create cm nginxconfigmap --from-file ../ex280/default.conf
  231. 916 oc describe cm nginxconfigmap
  232. 917 oc create sa linginx-sa
  233. 918 oc whoami
  234. 919 cd ..
  235. 920 vim ex280/linginx-v2.yaml
  236. 921 oc create -f ex280/linginx-v2.yaml
  237. 922 oc create route passthrough -h | less
  238. 923 oc create route passthrough linginx --service linginx2 --port 8443 --hostname=linginx-default.apps-crc.testing
  239. 924 oc get routes
  240. 925 curl -svvk https://linginx-default.apps-crc.testing:8443
  241. 926 oc get svc
  242. 927 oc debug -t deployment/linginx2 --image registry.access.redhat.com/ubi8/ubi:8.0
  243. 928 ex180/countdown 14
  244. 929 oc whoami
  245. 930 cd ex280/
  246. 931 vim nwpolicy-complete-example.yaml
  247. 932*
  248. 933 oc get all
  249. 934 oc expose pod nginx --port=80
  250. 935 oc exec -it busybox -- wget --spider --timeout=1 nginx
  251. 936 oc label pod busybox access=true
  252. 937 oc exec -it busybox -- wget --spider --timeout=1 nginx
  253. 938 oc whoami
  254. 939 oc new-project source-project
  255. 940 oc label ns source-project type=incoming
  256. 941 vim nginx-source1.yml
  257. 942 oc create -f nginx-source1.yml
  258. 943 vim nginx-source2.yml
  259. 944 oc create -f nginx-source2.yml
  260. 945 oc project target-project
  261. 946 oc delete ns target-project
  262. 947 oc login -u linda -p password
  263. 948 oc new-project target-project
  264. 949 oc new-app --name nginx-target --image quay.io/openshifttest/hello-openshift:openshift
  265. 950 oc get pods -o wide
  266. 951 oc get pods --show-labels
  267. 952 oc login -u admin -p password
  268. 953 oc exec -it nginx-access -n source-project -- curl 10.217.0.238:8080
  269. 954 oc exec -it nginx-noaccess -n source-project -- curl 10.217.0.238:8080
  270. 955 vim nwpol-allow-specific.yaml
  271. 956 oc create -f nwpol-allow-specific.yaml
  272. 957 oc exec -it nginx-noaccess -n source-project -- curl 10.217.0.238:8080
  273. 958 oc get ns source-project --show-labels
  274. 959 oc get ns target-project --show-labels
  275. 960 oc get pods -n source-project --show-labels
  276. 961 vim nwpol-allow-specific.yaml
  277. 962 oc get networpolicy
  278. 963 oc whoami
  279. 964 oc get networkpolicy
  280. 965 oc delete networkpolicy allow-some
  281. 966 oc create -f nwpol-allow-specific.yaml
  282. 967 oc exec -it nginx-noaccess -n source-project -- curl 10.217.0.238:8080
  283. 968 oc exec -it nginx-access -n source-project -- curl 10.217.0.238:8080
  284. 969 oc get pods -n source-project --show-labels
  285. 970 oc get networkpolicy -o yaml
  286. 971 oc delete networkpolicy allow-some
  287. 972 vim nwpol-allow-specific.yaml
  288. 973 oc create -f nwpol-allow-specific.yaml
  289. 974 oc describe networkpolicies.networking.k8s.io allow-some
  290. 975 vim nwpol-allow-specific.yaml
  291. 976 oc get pods -n source-project --show-labels
  292. 977 oc get pods -n target-project --show-labels
  293. 978 oc get ns --show-labels
  294. 979 vim nwpol-allow-specific.yaml
  295. 980 oc delete networkpolicies.networking.k8s.io allow-some
  296. 981 oc get ns source-project --show-labels
  297. 982 oc label ns source-project type-
  298. 983 oc label ns target-project type=incoming
  299. 984 oc create -f nwpol-allow-specific.yaml
  300. 985 oc get pods -n target-project -o wide
  301. 986 oc exec -it nginx-noaccess -n source-project -- curl 10.217.0.238:8080
  302. 987 oc exec -it nginx-access -n source-project -- curl 10.217.0.238:8080
  303. 988 vim nwpol-allow-specific.yaml
  304. 989 oc get pods -n source-project --show-labels
  305. 990 vim nwpol-allow-specific.yaml
  306. 991 oc delete networkpolicies.networking.k8s.io allow-some
  307. 992 oc create -f nwpol-allow-specific.yaml
  308. 993 oc exec -it nginx-access -n source-project -- curl 10.217.0.238:8080
  309. 994 git clone https://github.com/sandervanvugt/ex280
  310. 995 cd ex280/
  311. 996 vim nwpol-allow-specific.yaml
  312. 997 cd ..
  313. 998 vim nwpol-allow-specific.yaml
  314. 999 eval $(crc oc-env)
  315. 1000 oc edit pod newpod
  316. 1001 oc get pods
  317. 1002 oc get pods newpod -o yaml
  318. 1003 oc get pods newpod -o yaml > newpod.yaml
  319. 1004 vim newpod.yaml
  320. 1005 oc get pods
  321. 1006 oc delete pod newpod.yaml
  322. 1007 oc delete pod newpod
  323. 1008 oc create -f newpod.yaml
  324. 1009 oc get pods
  325. 1010 oc login -u admin -p password
  326. 1011 oc login -u linda -p password
  327. 1012 vim newpod.yaml
  328. 1013 kubectl get pods
  329. 1014 oc get pods
  330. 1015 oc delete pod newpod
  331. 1016 oc create -f newpod.yaml
  332. 1017 oc get pods
  333. 1018 oc login -u admin -p password
  334. 1019 source <(oc completion bash)
  335. 1020 oc adm taint nodes crc-lgph7-master-0 key1-
  336. 1021 history
  337.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!