goffinet · January 17, 2024 18:52 · Dec 7, 2022 · Dec 7, 2022 · Aug 16, 2022 · Aug 1, 2022
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -14,7 +14,21 @@ oc create clusterquota user-qa \
 
  * Templates
 ```
+# export the default template yaml
 oc adm create-bootstrap-project-template -o yaml > /tmp/project-template.yaml
+
+# after making changes to the template
+oc create -f project-template.yaml -n openshift-config
+
+# update the projects.config.openshift.io/cluster to use the new template
+oc edit projects.config.openshift.io/cluster -n openshift-config
+apiVersion: config.openshift.io/v1
+kind: Project
+metadata:
+  name: cluster
+spec:
+  projectRequestTemplate:
+    name: project-request
 ```
 
 ### Openshift Secrets

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,5 +1,22 @@
 # My Openshift Cheatsheet
 
+### Project Quotes, Limits and Templates
+ * Cluster Quota
+```
+oc create clusterquota env-qa \
+    --project-label-selector environment=qa \
+    --hard pods=10,services=5
+    
+oc create clusterquota user-qa \
+    --project-annotation-selector openshift.io/requester=qa \
+    --hard pods=12,secrets=20
+```
+
+ * Templates
+```
+oc adm create-bootstrap-project-template -o yaml > /tmp/project-template.yaml
+```
+
 ### Openshift Secrets
 
 "There are different secret types which can be used to enforce usernames and keys in the secret object: service-account-token, basic-auth, ssh-auth, tls and opaque. The default type is opaque. The opaque type does not perform any validation, and allows unstructured key:value pairs that can contain arbitrary values.

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -980,4 +980,14 @@ oc exec $POD_NAME -c istio-proxy -- \
  grep "X509v3 Subject" -A 1
   X509v3 Subject Alternative Name: critical
     URI:spiffe://cluster.local/ns/mtls/sa/POD_NAME
-```
+```
+
+## Wait for a resource (eg. POD) to be read (met a condition)
+```
+kubectl wait --namespace ingress-nginx \
+  --for=condition=ready pod \
+  --selector=app.kubernetes.io/component=controller \
+  --timeout=90s
+```
+oc create secret generic sshsecret \` `
+oc create secret generic sshsecret \
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -964,4 +964,20 @@ applying the patch
 ```
 oc -n istio-system patch --type=json deploy istio-ingressgateway -p "$(cat gateway-patch.json)"
 
+```
+
+## Istio stuff
+
+Verify the given pod uses a unique SVID ([SPIFFE - Secure Production Identity Framework for Everyone](spiffe.io) Verified Identity Document):
+
+```
+oc exec $POD_NAME -c istio-proxy -- \
+ curl -s  http://127.0.0.1:15000/config_dump  | \
+ jq -r .configs[5].dynamic_active_secrets[0].secret | \
+ jq -r .tls_certificate.certificate_chain.inline_bytes | \
+ base64 --decode | \
+ openssl x509 -text -noout | \
+ grep "X509v3 Subject" -A 1
+  X509v3 Subject Alternative Name: critical
+    URI:spiffe://cluster.local/ns/mtls/sa/POD_NAME
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -923,4 +923,45 @@ oc get pods -o name | xargs -L 1 oc logs [--tail 1 [-c <conatiner-name>]]
 curl -s \
    -w 'HTTP code: %{http_code}\nTime: %{time_total}s\n' \
    "$SVC_URL"
+```
+
+### retrieving a POD Name dynamically
+
+```
+INGRESS_POD=$(oc -n istio-system get pods -l istio=ingressgateway -o jsonpath='{.items..metadata.name}')
+oc -n istio-system exec $INGRESS_POD -- ls /etc/istio/customer-certs
+```
+
+### creating a inline json patch file and applying to a resource
+
+```
+cat > gateway-patch.json << EOF
+[{
+  "op": "add",
+  "path": "/spec/template/spec/containers/0/volumeMounts/0",
+  "value": {
+    "mountPath": "/etc/istio/customer-certs",
+    "name": "customer-certs",
+    "readOnly": true
+  }
+},
+{
+  "op": "add",
+  "path": "/spec/template/spec/volumes/0",
+  "value": {
+  "name": "customer-certs",
+    "secret": {
+      "secretName": "istio-ingressgateway-customer-certs",
+      "optional": true
+    }
+  }
+}]
+EOF
+```
+
+applying the patch
+
+```
+oc -n istio-system patch --type=json deploy istio-ingressgateway -p "$(cat gateway-patch.json)"
+
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -916,4 +916,11 @@ oc patch dc/mysql --patch \
 ### tail logs for all pods at once
 ```
 oc get pods -o name | xargs -L 1 oc logs [--tail 1 [-c <conatiner-name>]]
+```
+
+### print response fields with `curl`
+```
+curl -s \
+   -w 'HTTP code: %{http_code}\nTime: %{time_total}s\n' \
+   "$SVC_URL"
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -910,4 +910,10 @@ ruby:2.6 refers to rhel8/ruby-26 from the Red Hat Container Catalog.
 ```bash
 oc patch dc/mysql --patch \
 '{"spec":{"strategy":{"recreateParams":{"post":{"failurePolicy": "Abort","execNewPod":{"containerName":"mysql","command":["/bin/sh","-c","curl -L -s https://github.com/RedHatTraining/DO288-apps/releases/download/OCP-4.1-1/import.sh -o /tmp/import.sh&&chmod 755 /tmp/import.sh&&/tmp/import.sh"]}}}}}}'
+```
+
+## oc CLI + bash tricks
+### tail logs for all pods at once
+```
+oc get pods -o name | xargs -L 1 oc logs [--tail 1 [-c <conatiner-name>]]
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -904,4 +904,10 @@ An image stream resource can define multiple image stream tags. An image stream
 ```
 ruby:2.5 refers to rhel8/ruby-25 from the Red Hat Container Catalog.
 ruby:2.6 refers to rhel8/ruby-26 from the Red Hat Container Catalog.
+```
+
+## DeploymentConfig Post-deployment (lifecycle) hook sample
+```bash
+oc patch dc/mysql --patch \
+'{"spec":{"strategy":{"recreateParams":{"post":{"failurePolicy": "Abort","execNewPod":{"containerName":"mysql","command":["/bin/sh","-c","curl -L -s https://github.com/RedHatTraining/DO288-apps/releases/download/OCP-4.1-1/import.sh -o /tmp/import.sh&&chmod 755 /tmp/import.sh&&/tmp/import.sh"]}}}}}}'
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -841,6 +841,11 @@ for pv in $(oc get pv|awk '{print $1}' | grep pv | grep -v NAME); do oc patch pv
 oc patch -n user1 dc/events -p '{ "metadata" : { "annotations" : { "app.openshift.io/connects-to" : "invoice-events,inventory-events" } }, "spec": { "template": { "spec": { "containers": [ { "name": "events", "env": [ { "name": "AMQP_HOST", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.host" } } }, { "name": "AMQP_PORT", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.port.amqp" } } } ] } ] } } } }'
 ```
 
+### Patch a ConfigMap
+```
+oc patch configmap/myconf --patch '{"data":{"key1":"newvalue1"}}'
+```
+
 ### Verify if a giver Service Account has a given `rolebinding`
 ```
 oc get rolebinding -o wide -A | grep -E 'NAME|ClusterRole/view|namespace/sa_name'

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,6 +1,10 @@
 # My Openshift Cheatsheet
 
-### Openshift build secrets for cloning git repos using SSH Keys
+### Openshift Secrets
+
+"There are different secret types which can be used to enforce usernames and keys in the secret object: service-account-token, basic-auth, ssh-auth, tls and opaque. The default type is opaque. The opaque type does not perform any validation, and allows unstructured key:value pairs that can contain arbitrary values.
+
+Data is stored inside a secret resource using base64 encoding. When data from a secret is injected into a container, the data is decoded and either mounted as a file, or injected as environment variables inside the container."
 
 * To create ssh secret:
 ```

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -867,4 +867,32 @@ oc get ClusterServiceVersion --all-namespaces
 oc get subs -n openshift-operators
 oc api-resources
 oc explain <resource name>[.json attribute]
+```
+
+## Openshift Image Streams and Tags
+
+The OpenShift community recommends using image stream resources **to refer to container images instead of using direct references to container images**. **An image stream resource points to a container image** either in the internal registry or in an external registry, and stores metadata such as available tags and image content checksums.
+
+Having container image metadata in an image stream allows OpenShift to perform operations, such as image caching, based on this data instead of going to a registry server every time. It also allows using either notification or pooling strategies to react to image content updates.
+
+Build configurations and deployment configurations use image stream events to perform operations such as:
+
+Triggering a new S2I build because the builder image was updated.
+
+Triggering a new deployment of pods for an application because the application container image was updated in an external registry.
+
+The easiest way to create an image stream is by using the oc import-image command with the `--confirm` option. The following example creates an image stream named myis for the acme/awesome container image that comes from the insecure registry at `registry.acme.example.com`:
+
+```
+[user@host ~]$ oc import-image myis --confirm \
+--from registry.acme.example.com:5000/acme/awesome --insecure
+```
+
+The openshift project provides a number of image streams for the benefit of all OpenShift cluster users. You can create your own image streams in the current project using both the oc new-app command as well as using OpenShift templates.
+
+An image stream resource can define multiple image stream tags. An image stream tag can either point to a different container image tag or to a different container image name. This means you can use simpler, shorter names for common images, such as S2I builder images, and use different names or registries for variations of the same image. For example, the ruby image stream from the openshift project defines the following image stream tags:
+
+```
+ruby:2.5 refers to rhel8/ruby-25 from the Red Hat Container Catalog.
+ruby:2.6 refers to rhel8/ruby-26 from the Red Hat Container Catalog.
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -858,4 +858,13 @@ oc get service --all-namespaces -o json  | jq '.items[]
      "labels": .metadata.labels,
      "annotations": .metadata.annotations
    } '
+```
+
+### Operators troubleshutting stuff
+
+```
+oc get ClusterServiceVersion --all-namespaces
+oc get subs -n openshift-operators
+oc api-resources
+oc explain <resource name>[.json attribute]
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -840,4 +840,22 @@ oc patch -n user1 dc/events -p '{ "metadata" : { "annotations" : { "app.openshif
 ### Verify if a giver Service Account has a given `rolebinding`
 ```
 oc get rolebinding -o wide -A | grep -E 'NAME|ClusterRole/view|namespace/sa_name'
+```
+
+### Using `jq` utility to search/filter through a `oc get` json output:
+```bash
+#!/bin/bash
+
+oc get service --all-namespaces -o json  | jq '.items[]
+ | select(
+    .metadata.labels."discovery.3scale.net" == "true"
+    and .metadata.annotations."discovery.3scale.net/port"
+    and .metadata.annotations."discovery.3scale.net/scheme"
+   )
+ | {
+     "service-name": .metadata.name,
+     "service-namespace": .metadata.namespace,
+     "labels": .metadata.labels,
+     "annotations": .metadata.annotations
+   } '
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -835,4 +835,9 @@ for pv in $(oc get pv|awk '{print $1}' | grep pv | grep -v NAME); do oc patch pv
 
 ```
 oc patch -n user1 dc/events -p '{ "metadata" : { "annotations" : { "app.openshift.io/connects-to" : "invoice-events,inventory-events" } }, "spec": { "template": { "spec": { "containers": [ { "name": "events", "env": [ { "name": "AMQP_HOST", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.host" } } }, { "name": "AMQP_PORT", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.port.amqp" } } } ] } ] } } } }'
+```
+
+### Verify if a giver Service Account has a given `rolebinding`
+```
+oc get rolebinding -o wide -A | grep -E 'NAME|ClusterRole/view|namespace/sa_name'
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -833,6 +833,6 @@ for pv in $(oc get pv|awk '{print $1}' | grep pv | grep -v NAME); do oc patch pv
 
 ### Patch a DC on OCP 4 to set env vars from a ConfigMap
 
-````
+```
 oc patch -n user1 dc/events -p '{ "metadata" : { "annotations" : { "app.openshift.io/connects-to" : "invoice-events,inventory-events" } }, "spec": { "template": { "spec": { "containers": [ { "name": "events", "env": [ { "name": "AMQP_HOST", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.host" } } }, { "name": "AMQP_PORT", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.port.amqp" } } } ] } ] } } } }'
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -829,4 +829,10 @@ for pv in $(oc get pv|awk '{print $1}' | grep pv | grep -v NAME); do oc patch pv
   - ReadWriteOnce
   - ReadOnlyMany
   persistentVolumeReclaimPolicy: Recycle"
+```
+
+### Patch a DC on OCP 4 to set env vars from a ConfigMap
+
+````
+oc patch -n user1 dc/events -p '{ "metadata" : { "annotations" : { "app.openshift.io/connects-to" : "invoice-events,inventory-events" } }, "spec": { "template": { "spec": { "containers": [ { "name": "events", "env": [ { "name": "AMQP_HOST", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.host" } } }, { "name": "AMQP_PORT", "valueFrom": { "configMapKeyRef": { "name": "amq-config", "key": "service.port.amqp" } } } ] } ] } } } }'
 ```
diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,37 +1,37 @@
 # My Openshift Cheatsheet
 
 ### Openshift build secrets for cloning git repos using SSH Keys
-|SSH Key Authentication | oc Command Syntax      |
-|-----------------------| -----------------------|
-|To create ssh secret:  |
-```
 
+* To create ssh secret:
+```
 oc create secret generic sshsecret \
     --from-file=ssh-privatekey=$HOME/.ssh/id_rsa
-``` 
-|
-|-----------------------|-------------------------|
-
-
 ```
-To create SSH-based authentication secret with .gitconfig file:
 
+ * To create SSH-based authentication secret with .gitconfig file:
+```
 oc create secret generic sshsecret               \
     --from-file=ssh-privatekey=$HOME/.ssh/id_rsa \
     --from-file=.gitconfig=</path/to/file>
-To create secret that combines .gitconfig file and CA certificate:
+```
 
+* To create secret that combines .gitconfig file and CA certificate:
+```
 oc create secret generic sshsecret           \
     --from-file=ca.crt=<path/to/certificate> \
     --from-file=.gitconfig=</path/to/file>
-To create basic authentication secret with CA certificate file:
+```
 
+* To create basic authentication secret with CA certificate file:
+```
 oc create secret generic <secret_name>  \
     --from-literal=username=<user_name> \
     --from-literal=password=<password>  \
     --from-file=ca.crt=<path/to/certificate>
-To create basic authentication secret with .gitconfig file and CA certificate file:
+```
 
+* To create basic authentication secret with .gitconfig file and CA certificate file:
+```
 oc create secret generic <secret_name>     \
     --from-literal=username=<user_name>    \
     --from-literal=password=<password>     \

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -3,7 +3,8 @@
 ### Openshift build secrets for cloning git repos using SSH Keys
 |SSH Key Authentication | oc Command Syntax      |
 |-----------------------| -----------------------|
-|To create ssh secret:  |```
+|To create ssh secret:  |
+```
 
 oc create secret generic sshsecret \
     --from-file=ssh-privatekey=$HOME/.ssh/id_rsa

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,5 +1,43 @@
 # My Openshift Cheatsheet
 
+### Openshift build secrets for cloning git repos using SSH Keys
+|SSH Key Authentication | oc Command Syntax      |
+|-----------------------| -----------------------|
+|To create ssh secret:  |```
+
+oc create secret generic sshsecret \
+    --from-file=ssh-privatekey=$HOME/.ssh/id_rsa
+``` 
+|
+|-----------------------|-------------------------|
+
+
+```
+To create SSH-based authentication secret with .gitconfig file:
+
+oc create secret generic sshsecret               \
+    --from-file=ssh-privatekey=$HOME/.ssh/id_rsa \
+    --from-file=.gitconfig=</path/to/file>
+To create secret that combines .gitconfig file and CA certificate:
+
+oc create secret generic sshsecret           \
+    --from-file=ca.crt=<path/to/certificate> \
+    --from-file=.gitconfig=</path/to/file>
+To create basic authentication secret with CA certificate file:
+
+oc create secret generic <secret_name>  \
+    --from-literal=username=<user_name> \
+    --from-literal=password=<password>  \
+    --from-file=ca.crt=<path/to/certificate>
+To create basic authentication secret with .gitconfig file and CA certificate file:
+
+oc create secret generic <secret_name>     \
+    --from-literal=username=<user_name>    \
+    --from-literal=password=<password>     \
+    --from-file=.gitconfig=</path/to/file> \
+    --from-file=ca.crt=<path/to/certificate>
+```
+
 ### Examine the **cluster** quota defined for the environment:
 
 ```

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -20,6 +20,30 @@ RUN set -x && \ 2
     yum clean all
 ```
 
+### Docker push to ocp internal registry
+
+```
+01. oc extract -n default secrets/registry-certificates --keys=registry.crt
+02. REGISTRY=$(oc get routes -n default docker-registry -o jsonpath='{.spec.host}')
+03. mkdir -p /etc/containers/certs.d/${REGISTRY}
+04. mv registry.crt /etc/containers/certs.d/${REGISTRY}/
+
+05. oc adm new-project openshift-pipeline
+06. oc create -n openshift-pipeline serviceaccount pipeline
+07. SA_SECRET=$(oc get secret -n openshift-pipeline | grep pipeline-token | cut -d ' ' -f 1 | head -n 1)
+08. SA_PASSWORD=$(oc get secret -n openshift-pipeline ${SA_SECRET} -o jsonpath='{.data.token}' | base64 -d)
+09. oc adm policy add-cluster-role-to-user system:image-builder system:serviceaccount:openshift-pipeline:pipeline
+
+10. docker login ${REGISTRY} -u unused -p ${SA_PASSWORD}
+11. docker pull docker.io/library/hello-world
+12. docker tag docker.io/library/hello-world ${REGISTRY}/openshift-pipeline/helloworld
+13. docker push ${REGISTRY}/openshift-pipeline/helloworld
+
+14. oc new-project demo-project
+15. oc policy add-role-to-user system:image-puller system:serviceaccount:demo-project:default -n openshift-pipeline
+16. oc new-app --image-stream=openshift-pipeline/helloworld:latest
+```
+
 ### Creates a service to point to an external service addr (DNS or IP)
 
 ```

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -6,7 +6,7 @@
 $ oc describe AppliedClusterResourceQuota
 ```
 
-### Install paks using yum in a Dockerfile
+### Install pkgs using yum in a Dockerfile
 
 ```
 # Install Runtime Environment

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,5 +1,10 @@
 # My Openshift Cheatsheet
 
+### Examine the **cluster** quota defined for the environment:
+
+```
+$ oc describe AppliedClusterResourceQuota
+```
 
 ### Install paks using yum in a Dockerfile
 

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,6 +1,20 @@
 # My Openshift Cheatsheet
 
 
+### Install paks using yum in a Dockerfile
+
+```
+# Install Runtime Environment
+RUN set -x && \ 2
+    yum clean all && \
+    REPOLIST=rhel-7-server-rpms,rhel-7-server-optional-rpms,rhel-7-server-thirdparty-oracle-java-rpms \
+    INSTALL_PKGS="tar java-1.8.0-oracle-devel" && \
+    yum -y update-minimal --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs \
+      --security --sec-severity=Important --sec-severity=Critical && \
+    yum -y install --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
+    yum clean all
+```
+
 ### Creates a service to point to an external service addr (DNS or IP)
 
 ```
@@ -9,8 +23,11 @@ oc create service externalname myservice \
 ```
 
 > A typical service creates endpoint resources dynamically, based on the selector attribute of the service. The oc status and oc get all commands do not display these resources. You can use the oc get endpoints command to display them.
+
 > If you use the oc create service externalname --external-name command to create a service, the command also creates an endpoint resource that points to the host name or IP address given as argument.
+
 > If you do not use the --external-name option, it does not create an endpoint resource. In this case, you need to use the oc create -f command and a resource definition file to explicitly create the endpoint resources.
+
 > If you create an endpoint from a file, you can define multiple IP addresses for the same external service, and rely on the OpenShift service load-balancing features. In this scenario, OpenShift does not add or remove addresses to account for the availability of each instance. An external application needs to update the list of IP addresses in the endpoint resource.
 
 ### Patching a DeploymentConfig from the CLI

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -9,12 +9,9 @@ oc create service externalname myservice \
 ```
 
 > A typical service creates endpoint resources dynamically, based on the selector attribute of the service. The oc status and oc get all commands do not display these resources. You can use the oc get endpoints command to display them.
-
-If you use the oc create service externalname --external-name command to create a service, the command also creates an endpoint resource that points to the host name or IP address given as argument.
-
-If you do not use the --external-name option, it does not create an endpoint resource. In this case, you need to use the oc create -f command and a resource definition file to explicitly create the endpoint resources.
-
-If you create an endpoint from a file, you can define multiple IP addresses for the same external service, and rely on the OpenShift service load-balancing features. In this scenario, OpenShift does not add or remove addresses to account for the availability of each instance. An external application needs to update the list of IP addresses in the endpoint resource.
+> If you use the oc create service externalname --external-name command to create a service, the command also creates an endpoint resource that points to the host name or IP address given as argument.
+> If you do not use the --external-name option, it does not create an endpoint resource. In this case, you need to use the oc create -f command and a resource definition file to explicitly create the endpoint resources.
+> If you create an endpoint from a file, you can define multiple IP addresses for the same external service, and rely on the OpenShift service load-balancing features. In this scenario, OpenShift does not add or remove addresses to account for the availability of each instance. An external application needs to update the list of IP addresses in the endpoint resource.
 
 ### Patching a DeploymentConfig from the CLI
 

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,6 +1,21 @@
 # My Openshift Cheatsheet
 
 
+### Creates a service to point to an external service addr (DNS or IP)
+
+```
+oc create service externalname myservice \
+    --external-name myhost.example.com
+```
+
+> A typical service creates endpoint resources dynamically, based on the selector attribute of the service. The oc status and oc get all commands do not display these resources. You can use the oc get endpoints command to display them.
+
+If you use the oc create service externalname --external-name command to create a service, the command also creates an endpoint resource that points to the host name or IP address given as argument.
+
+If you do not use the --external-name option, it does not create an endpoint resource. In this case, you need to use the oc create -f command and a resource definition file to explicitly create the endpoint resources.
+
+If you create an endpoint from a file, you can define multiple IP addresses for the same external service, and rely on the OpenShift service load-balancing features. In this scenario, OpenShift does not add or remove addresses to account for the availability of each instance. An external application needs to update the list of IP addresses in the endpoint resource.
+
 ### Patching a DeploymentConfig from the CLI
 
  * this example removes an config attribute using JSON path

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,6 +1,20 @@
 # My Openshift Cheatsheet
 
 
+### Patching a DeploymentConfig from the CLI
+
+ * this example removes an config attribute using JSON path
+```
+oc patch dc/mysql --type=json \
+    -p='[{"op":"remove", "path": "/spec/strategy/rollingParams"}]'
+```
+
+* this example cnhage an existing attribute value using JSON format
+```
+oc patch dc/mysql --patch \
+    '{"spec":{"strategy":{"type":"Recreate"}}}'
+```
+
 ### Creating a Custom template by exporting existing resources
 > The oc export command can create a resource definition file by using the --as-template option. Without the --as-template option, the oc export command only generates a list of resources. With the --as-template option, the oc export command wraps the list inside a template resource definition. After you export a set of resources to a template file, you can add annotations and parameters as desired.
 

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -134,13 +134,19 @@ oc secrets new-basicauth gogs-basicauth --username=<your gogs login> --password=
 oc set build-secret --source bc/tasks gogs-basicauth
 ```
 
+### Adding a volume in a given DeploymentConfig
+
+```
+oc set volume dc/myAppDC --add --overwrite --name....
+``` 
+
 ### Create a configmap file and mount as a volume on DC
 ```
 oc create configmap myconfigfile --from-file=./configfile.txt
 oc set volumes dc/printenv --add --overwrite=true --name=config-volume --mount-path=/data -t configmap --configmap-name=myconfigfile
 ```
 
-* create a secret via CLI
+### create a secret via CLI
 ```
 oc create secret generic mysec --from-literal=app_user=superuser --from-literal=app_password=topsecret
 oc env dc/printenv --from=secret/mysec

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -30,6 +30,12 @@ oc set triggers dc/datagrid-app --from-image=customdg:1.0 -c datagrid-app
 
 ```
 
+#### List only paramaters of a given template file definition
+
+```
+oc process -f mytemplate.yaml --parameters
+``` 
+
 ### Copy file content from a specific image to local file system
 
 ```

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -12,6 +12,10 @@ oc export is,bc,dc,svc,route --as-template > mytemplate.yml
 
 > Depending on your needs, add more resource types to the previous command. For example, add secret before bc and dc. It is safe to add pvc to the end of the list of resource types because a deployment waits for persistent volume claim to bind.
 
+> The oc export command does not generate resource definitions that are ready to use in a template. These resource definitions contain runtime information that is not needed in a template, and some of it could prevent the template from working at all. Examples of runtime information are attributes such as status, creationTimeStamp, image, and tags, besides most annotations that start with the openshift.io/generated-by prefix.
+
+> Some resource types, such as secrets, require special handling. It is not possible to initialize key values inside the data attribute using template parameters. The data attribute from a secret resource needs to be replaced by the stringData attribute and all key values need to be unencoded.
+
 ### Logging Aggregation throubleshooting
  * https://access.redhat.com/articles/3136551
 

diff --git a/openshift-cheatsheet.md b/openshift-cheatsheet.md
@@ -1,5 +1,17 @@
 # My Openshift Cheatsheet
 
+
+### Creating a Custom template by exporting existing resources
+> The oc export command can create a resource definition file by using the --as-template option. Without the --as-template option, the oc export command only generates a list of resources. With the --as-template option, the oc export command wraps the list inside a template resource definition. After you export a set of resources to a template file, you can add annotations and parameters as desired.
+
+> The order in which you list the resources in the oc export command is important. You need to export dependent resources first, and then the resources that depend on them. For example, you need to export image streams before the build configurations and deployment configurations that reference those image streams.
+
+```
+oc export is,bc,dc,svc,route --as-template > mytemplate.yml
+```
+
+> Depending on your needs, add more resource types to the previous command. For example, add secret before bc and dc. It is safe to add pvc to the end of the list of resource types because a deployment waits for persistent volume claim to bind.
+
 ### Logging Aggregation throubleshooting
  * https://access.redhat.com/articles/3136551
No results found