oc-cli-commands

Most common Openshift CLI commands with examples.

OC AUTO-COMPLETION

OC AUTO-COMPLETION BASH

oc completion bash > ~/.oc_bash_completion.sh
echo "source ~/.oc_bash_completion.sh" >> ~/.bashrc
source ~/.bashrc

OC LOGIN

oc login -u user -p password https://ocp-api

OC LOGIN ALIAS

cp ~/.bashrc ~/.bashrc.bak
echo 'alias ocplogin="oc login -u user -p password https://ocp-api"' >> ~/.bashrc
source ~/.bashrc

OC VERSION

oc version

oc cluster-info

oc api-versions

OC PROJECT

Create new project:

oc new-project test

Fetch project info like UID and GID:

oc describe project test

OC GET

OC GET SHOW LABELS

oc get pods --show-lables

OC GET JSON

oc get pod my-pod -o json | jq .spec.containers[0].image

OC GET JSONPATH

oc get pod my-pod -o jsonpath --template={.spec.containers[0].image}

oc get node master01 -o jsonpath=\
'{"Allocatable:\n"}{.status.allocatable}{"\n\n"}{"Capacity:\n"}{.status.capacity{"\n"}'

OC GET GO-TEMPLATE

oc get pod my-pod -o go-template='{{(index .spec.containers).image}}'

OC GET CUSTOM COLUMNS

oc get pods -o custom-columns=Pod:.metadata.name,Container:.spec.containers[].name,\
Phase:.status.phase,IP:.status.podIP,Ports:.spec.containers[].ports[].containerPort

OC GET YAML

oc get pods -o yaml | yq -r - 'items[*].metadata.name'

OC GET TEMPLATE

oc get pod my-pod -o template --template={{.spec.containers[0].image}}

OC RUN

Run a pod and attach a session:

oc run -it my-app --image registry.access.redhat.com/ubi9/ubi --command -- /bin/bash

Add restart option:

oc run -it my-app --image registry.access.redhat.com/ubi9/ubi\
 --restart Never --command -- /bin/bash

Auto delete pod:

oc run -it my-app --rm --image registry.access.redhat.com/ubi9/ubi\
 --restart Never --command -- /bin/bash

Add environment variables:

oc run -it my-app \
--env MY_VAR=myenvvariable \
--rm \
--image registry.access.redhat.com/ubi9/ubi \
--restart Never \
--command -- /bin/bash

OC EXEC

Execute a command in a running container:

oc exec my-app -- date

Select the container if the POD has multiple containers

oc exec my-app -c contaier1 -- date

Attach a session to a running container

oc exec my-app -c contaier1 -it -- bash

OC LOGS

Retrieve the logs of a container:

oc logs my-app --tail=10

Retrieve the logs of the previous container instance if exists:

oc logs my-app --tail=10 -p

Follow the logs

oc logs my-app --tail=10 -f

OC EVENTS

oc get events --sort-by='.metadata.creationTimestamp'

oc get events --sort-by='.metadata.creationTimestamp' -A

oc get events --sort-by='.lastTimestamp'

oc get events -A --output-watch-events=true --watch-only

OC EXPLAIN

oc explain pod.spec --recursive

oc explain pod.spec.securityContext --recursive

OC RESOURCES

oc api-resources

oc api-resources --namespaced

oc api-resources --api-group ''

oc api-resources --api-group 'oauth.openshift.io'

OC PATCH

Update fields of a resource

oc patch pod valid-pod --type='json' \
-p='[{"op": "replace", "path": "/spec/containers/0/image", \
"value":"http://registry.access.redhat.com/ubi8/httpd-24"}]'

OC CP

Copy files to and from Containers

oc cp pod:pod/dir /local/dir

OC PORT-FORWARD

Remove container access

oc port-forward podname EXTERNAL_PORT:CONTAINER_POD

OC RSH

Connect to running container

oc rsh pod-name

oc rsh deployment/my-deployment

OC IMAGE

You can use this command to inspect, configure, and retrieve information about container images.

OC IMAGE INFO

Inspects and retrieves information about a container image:

oc image info registry.access.redhat.com/ubi9/httpd-24:1-233 --filter-by-os amd64

OC GET OPERATORS

oc get operators

oc get clusteroperators

OC DESCRIBE OPERATOR

oc describe clusteroperators openshift-apiserver

OC IMAGE STREAMS

OC CREASE IS

oc create is my-is

OC CREATE ISTAG

oc create istag my-is:v1.0 \
 --from-image myremote-repo/my-remote-image:tag

OC SET IMAGE-LOOKUP

Enable image stream resolution for the my-is image stream so that Kubernetes resources in the current project can use it.

oc set image-lookup my-is

oc set image-lookup

OC SET TRIGGERS

Detected changes in IS

oc set triggers deployment/my-depl \
  --from-image my-is:1 --containers my-container

oc set triggers deployment/my-depl

oc get deployment my-depl \
  -o jsonpath='{.metadata.annotations.image\.openshift\.io/triggers}' | jq .

OC TAG

Update Image stream tag

oc tag myregitry/myimage:new-image-tag existing-is:existing-istag

Move alias to another istag

oc tag --help new-image-stream-tag existing-alias

OC NEW-APP

Create a new application by specifying source code, templates, and/or images.

OC NEW-APP FROM TEMPLATE

oc new-app -l team=red --template mysql-persistent \
  -p MYSQL_USER=developer \
  -p MYSQL_PASSWORD=developer

OC NEW-APP FROM IMAGE

oc new-app --name db-image -l team=blue \
  --image registry.ocp4.example.com:8443/rhel9/mysql-80:1 \
  -e MYSQL_USER=developer \
  -e MYSQL_PASSWORD=developer \
  -e MYSQL_ROOT_PASSWORD=redhat

OC CREATE

OC CREATE JOB

oc create job \
  date-job \
  --image registry.access.redhat.com/ubi8/ubi \
  -- /bin/bash -c "date" 

OC CREATE CRONJOB

oc create cronjob date-cronjob \
    --image registry.access.redhat.com/ubi8/ubi \
    --schedule "*/1 * * * *" \
    -- date

OC CREATE DEPLOYMENT

oc create deployment \
    my-deployment \
    --image registry.access.redhat.com/ubi8/ubi \
    --replicas

OC CREATE SECRET

From literal

oc create secret generic my_secret_name\
 --from-literal key1=value1 --from-literal key2=value2

From file

oc create secret generic my_secret_name\
 --from-file key1=/path/to/file

TLS secret

oc create secret tls my_secret_name\
 --cert /path/to/cert --key /path/to/key

OC CREATE CONFIG MAPS

From literal

oc create cm my-config --from-literal key1=value1

OC SET

Configure application resources. This commands help you make changes to existing application resources.

OC SET ENV

oc set env deployment/my-db MYSQL_USER=developer \
 MYSQL_PASSWORD=developer \
 MYSQL_DATABASE=samepledb

From secret

oc set env deployment/my-deployment --from secret/my-secret

OC SET VOLUME

Type secret

oc set volume deployment/mydeployment --add\
 --type secret --secret-name my-secret --mount-path /app-secret

Type configmap

oc set volume deployment/mydeployment --add\
 --type configmap --configmap-name my-configmap --mount-path /app-configs

Type PersistentVolumeClaim

oc set volume deployment/mydeployment --add \
 --name my-volume \
 --type persistentVolumeClaim \
 --claim-mode rwo \
 --claim-size 15Gi \
 --mount-path /var/mydata \
 --claim-class storage-class \
 --claim-name my-pvc

OC SET RESOURCES

Specify compute resource requirements (cpu, memory) for any resource that defines a pod template.

oc set resources deployment my-dep --requests cpu=10m,memory=1gi

OC SET PROBE

Set or remove a liveness, readiness or startup probe from a pod or pod template.

oc set prove deployment/my-deployment --readiness \
 --initial-delay-seconds 7\
 --get-url http://:8080/health

OC SET IMAGE

oc set image deployment/mydeployment my-container-name-in-pod=my-image

OC EXPOSE

Expose containers internally as services or externally via routes

oc expose deployment/db --port 8080

oc expose service nginx

oc expose service nginx --hostname api.aps.acme.com

OC SCALE

Set a new size for a deployment, replica set, replication controller, or stateful set.

oc scale deployment test --replicas 2

OC AUTOSCALE

Creates an autoscaler that automatically chooses and sets the number of pods that run in a Kubernetes cluster.

oc autoscale deployment/my-deployment --min 1 --max 8 --cpu-percent 70 --memory-percent 95

OC ROLLOUT

Start a new rollout, view its status or history, rollback to a previous revision of your app.

oc rollout pause deployment/myapp

oc rollout resume deployment/myapp

oc rollout undo deployment/myapp  --to-revision 1

oc rollout status deployment/myapp

oc rollout history deployment/myapp --revision 1

Note:

The CHANGE-CAUSE column provides a user-defined message that describes the revision. You can store the message in the kubernetes.io/change-cause deployment annotation after every rollout.

oc rollout history deployment/myapp --revision 1

OC ANNOTATE

Update the annotations on one or more resources.

# Enable sticky session on a route
oc annotate route test router.openshift.io/cookie_name="my-sticky-session"

OC ADM

OC ADM TOP

Show usage statistics of resources on the server

OC ADM TOP PODS

oc adm top pods -A --sum

oc adm top pods etcd-master01 -n openshift-etcd --containers

OC ADM TOP NODE

oc adm top node

OC ADM NODE-LOGs

oc adm node-logs master01

oc adm node-logs master01 -u crio

oc adm node-logs master01 -u crio --tail 10

OC DEBUG

OC DEBUG NODE

oc debug node/master01

chroot /host
systemctl status crio
systemctl is-active crio
systemctl status kubelet
systemctl is-active kubelet
crictl ps # list containers on the node
crictl ps --name my-container-name # filters the containers by name
crictl ps --name my-container-name -o json | jq .containers[0].id # Gets the contaier ID <e.g 27943ae4f3024>
crictl inspect -o json 27943ae4f3024 | jq .info.pid # Gets the container PID <e.g 43453>
crictl inspect 27943ae4f3024 | grep pid # Gets the container PID as well <e.g 43453>
lsns -p 43453 # lists the system namespaces of a container.
nsenter -t 43453 -p -r ps -ef # executes the ps -ef command within the process namespace of a running container.

OC MUST-GATHER

oc adm must-gather --dest-dir /tmp

OC INSPECT

oc adm inspect clusteroperator/kube-apiserver --dest-dir /tmp/

oc adm inspect clusteroperator/kube-apiserver --dest-dir /tmp/ --since 5m

Skopeo

List images tags

skopeo list-tags docker://repo/image

Inspect image

skopeo inspect --config docker://reg/image:tag