sudhirpandey · January 29, 2025 21:26 · Aug 26, 2019 · Aug 20, 2019 · Jul 22, 2019 · Apr 24, 2019
diff --git a/oc command lines b/oc command lines
@@ -1,3 +1,6 @@
+#expose console from 443
+oc create route reencrypt master --service kubernetes --port 443 -n default
+
 #nested loops , tags count in IS
 oc get is --template='{{range $i, $is:=.items}}{{ $total :=0 }}{{ range $index, $element :=$is.status.tags }}{{if eq $element.tag "latest"}}{{$is.metadata.name}}{{"\t"}}{{ $index }}{{end}}{{end}}{{"\n"}}{{end}}'
 

diff --git a/oc command lines b/oc command lines
@@ -1,3 +1,6 @@
+#nested loops , tags count in IS
+oc get is --template='{{range $i, $is:=.items}}{{ $total :=0 }}{{ range $index, $element :=$is.status.tags }}{{if eq $element.tag "latest"}}{{$is.metadata.name}}{{"\t"}}{{ $index }}{{end}}{{end}}{{"\n"}}{{end}}'
+
 get complex labels
 oc get nodes --template='{{ with $i := index .items 0 }}{{ index $i.metadata.labels "failure-domain.beta.kubernetes.io/region" }}{{ end }}'
 

diff --git a/oc command lines b/oc command lines
@@ -1,3 +1,6 @@
+get complex labels
+oc get nodes --template='{{ with $i := index .items 0 }}{{ index $i.metadata.labels "failure-domain.beta.kubernetes.io/region" }}{{ end }}'
+
 #patchin resource limits
 oc get limits/resource-limits -o jsonpath='{.spec.limits[0].max.memory}'
 oc patch limits/resource-limits --type=json --patch="[{'op':'replace','path':'/spec/limits/0/max/memory', 'value':'1Gi'}]"

diff --git a/oc command lines b/oc command lines
@@ -79,3 +79,12 @@ curl -k -H "Authorization: Bearer <token>" https://cluster.xxx.xxx.xxx/api/v1/na
           /boot.sh
         command:
         - /bin/sh
+
+## tcpdum in the pod without tcpmdump
+Provided that tcpdump is already installed on node on which the target container is running
+
+1. Get the docker container ID (oc get pod foo -o yaml | grep containerID)
+
+2. Get the PID of the running container on the node where it runs (docker inspect feedfacedeadbeef | grep Pid:)
+
+3. Enter the desired namespaces of said process (nsenter --target 12345 --net /bin/bash) and run binaries (like tcpdump) that live on the host
diff --git a/oc command lines b/oc command lines
@@ -2,6 +2,9 @@
 oc get limits/resource-limits -o jsonpath='{.spec.limits[0].max.memory}'
 oc patch limits/resource-limits --type=json --patch="[{'op':'replace','path':'/spec/limits/0/max/memory', 'value':'1Gi'}]"
 
+#onliner to rollout the deployments in case if resourc limit change
+oc get projects -o jsonpath="{range .items[*]} {.metadata.name}{'\n'}{end}" |xargs -i oc get dc -o jsonpath="{range .items[*]} {.metadata.name}+{.metadata.namespace}{'\n'}{end}" -n {}|xargs -i bash -c 'if [[ "${1#*+}" =~ '^sandbox.*' ]]; then oc scale dc "${1%+*}" --replicas=0 -n "${1#*+}" && sleep 10 && oc scale dc "${1%+*}" --replicas=1 -n "${1#*+}"; fi' - '{}'
+
 #get svc and types
 oc get service --all-namespaces -o=custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,TYPE:.spec.type
 

diff --git a/oc command lines b/oc command lines
@@ -11,6 +11,10 @@ oc get is name -n namespace --template='{{ range $index, $element :=.status.tags
 #To get all the projects
 `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`
 
+oc get projects -o jsonpath="{range .items[*]} {.metadata.name}{'\n'}{end}"
+
+oc get projects -o jsonpath="{.items[*].metadata.name}"
+
 
 #To get all the routes
 `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}'|xargs -i oc get routes --template '{{range .items}}{{ .spec.host}}{{"\n"}}{{end}}' -n {}`

diff --git a/oc command lines b/oc command lines
@@ -1,3 +1,7 @@
+#patchin resource limits
+oc get limits/resource-limits -o jsonpath='{.spec.limits[0].max.memory}'
+oc patch limits/resource-limits --type=json --patch="[{'op':'replace','path':'/spec/limits/0/max/memory', 'value':'1Gi'}]"
+
 #get svc and types
 oc get service --all-namespaces -o=custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,TYPE:.spec.type
 

diff --git a/oc command lines b/oc command lines
@@ -1,3 +1,6 @@
+#get svc and types
+oc get service --all-namespaces -o=custom-columns=NAMESPACE:.metadata.namespace,NAME:.metadata.name,TYPE:.spec.type
+
 #to get all the tags of is
 oc get is name -n namespace --template='{{ range $index, $element :=.status.tags }}{{ $element.tag }}{{"\n"}}{{end}}'
 

diff --git a/oc command lines b/oc command lines
@@ -55,3 +55,13 @@ iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m tcp --dport <port>
 #Api usage with token
 
 curl -k -H "Authorization: Bearer <token>" https://cluster.xxx.xxx.xxx/api/v1/namespaces/monitoring/configmaps
+
+
+#hacking dc to do sed and launch entry point
+
+- args:
+        - -c
+        - /bin/sed -i '/^command=clair/ s/$/ -insecure-tls/' /supervisord.conf &&
+          /boot.sh
+        command:
+        - /bin/sh
diff --git a/oc command lines b/oc command lines
@@ -1,5 +1,5 @@
 #to get all the tags of is
-oc get is sameersbn-gitlab -n infra --template='{{ range $index, $element :=.status.tags }}{{ $element.tag }}{{"\n"}}{{end}}'
+oc get is name -n namespace --template='{{ range $index, $element :=.status.tags }}{{ $element.tag }}{{"\n"}}{{end}}'
 
 #To get all the projects
 `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`

diff --git a/oc command lines b/oc command lines
@@ -1,3 +1,6 @@
+#to get all the tags of is
+oc get is sameersbn-gitlab -n infra --template='{{ range $index, $element :=.status.tags }}{{ $element.tag }}{{"\n"}}{{end}}'
+
 #To get all the projects
 `oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`
 

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -1,6 +0,0 @@
-#To get all the projects
-`oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`
-
-
-#To get all the routes
-`oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}'|xargs -i oc get routes --template '{{range .items}}{{ .spec.host}}{{"\n"}}{{end}}' -n {}`

diff --git a/oc command lines b/oc command lines
@@ -0,0 +1,54 @@
+#To get all the projects
+`oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`
+
+
+#To get all the routes
+`oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}'|xargs -i oc get routes --template '{{range .items}}{{ .spec.host}}{{"\n"}}{{end}}' -n {}`
+
+#Get firts message from the status
+oc get dc service-name --template='{{ range $index, $element :=.status.conditions }}{{ if eq $index 0 }}{{ $element.message }} {{end}}{{end}}'
+
+
+#Get the outputs from desired keys
+oc get svc svcname -o json |jq '.metadata.annotations."prometheus.io/probe"'
+oc get svc svcname --template='{{ index .metadata.annotations "prometheus.io/probe" }}
+
+
+#Patch all the services to have prometheus tags
+PATCH='{"metadata":{"labels":{"team":"xxxx"}}}'
+oc get svc | awk '{print $1}'| tail -n +2 |xargs -i oc patch svc {} -p "$PATCH"
+PATCH='{"metadata":{"annotations":{"prometheus.io/probe":"true"}}}'
+repeat
+
+#capablity check
+oc adm policy who-can create buildConfigs
+oc adm policy who-can create build
+oc adm policy who-can update build
+oc adm policy who-can update buildConfigs
+oc adm policy who-can create builds
+oc policy who-can get imagestreams/layers -n
+
+#Peak into elastic search openshift logging
+oc get secret logging-fluentd --template='{{.data.ca}}' | base64 -d > ca
+oc get secret logging-fluentd --template='{{.data.key}}' | base64 -d > key
+oc get secret logging-fluentd --template='{{.data.cert}}' | base64 -d > cert
+oc port-forward <es pod name> 9200:9200
+curl -s --cacert ca --key key --cert cert https://localhost:9200/_cluster/health | python -mjson.tool
+
+
+#Test port is open in container without network tools
+cat < /dev/tcp/127.0.0.1/22
+
+#haproxy debug the request errors
+echo "show errors"|socat unix-connect:/var/lib/haproxy/run/haproxy.sock stdio
+
+#see contianer interface with host 
+cat /sys/class/net/eth0/iflink
+
+#temporarily allow traffic in cluster
+iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m udp --dport <port> -j ACCEPT
+iptables -I OS_FIREWALL_ALLOW -p udp -m state --state NEW -m tcp --dport <port> -j ACCEPT
+
+#Api usage with token
+
+curl -k -H "Authorization: Bearer <token>" https://cluster.xxx.xxx.xxx/api/v1/namespaces/monitoring/configmaps
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,6 @@
+#To get all the projects
+`oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}`
+
+
+#To get all the routes
+`oc get projects -o name |xargs -i oc get {} --template '{{ .metadata.name }}{{"\n"}}'|xargs -i oc get routes --template '{{range .items}}{{ .spec.host}}{{"\n"}}{{end}}' -n {}`
No results found