diff --git a/modules/oc-adm-by-example-content.adoc b/modules/oc-adm-by-example-content.adoc index f3dcbd4657..ddc35ae0fb 100644 --- a/modules/oc-adm-by-example-content.adoc +++ b/modules/oc-adm-by-example-content.adoc @@ -78,281 +78,6 @@ Deny a certificate signing request -== oc adm completion -Output shell completion code for the specified shell (bash or zsh) - -.Example usage -[source,bash,options="nowrap"] ----- - # Installing bash completion on macOS using homebrew - ## If running Bash 3.2 included with macOS - brew install bash-completion - ## or, if running Bash 4.1+ - brew install bash-completion@2 - ## If oc is installed via homebrew, this should start working immediately - ## If you've installed via other means, you may need add the completion to your completion directory - oc completion bash > $(brew --prefix)/etc/bash_completion.d/oc - - - # Installing bash completion on Linux - ## If bash-completion is not installed on Linux, install the 'bash-completion' package - ## via your distribution's package manager. - ## Load the oc completion code for bash into the current shell - source <(oc completion bash) - ## Write bash completion code to a file and source it from .bash_profile - oc completion bash > ~/.kube/completion.bash.inc - printf " - # Kubectl shell completion - source '$HOME/.kube/completion.bash.inc' - " >> $HOME/.bash_profile - source $HOME/.bash_profile - - # Load the oc completion code for zsh[1] into the current shell - source <(oc completion zsh) - # Set the oc completion code for zsh[1] to autoload on startup - oc completion zsh > "${fpath[1]}/_oc" ----- - - - -== oc adm config current-context -Display the current-context - -.Example usage -[source,bash,options="nowrap"] ----- - # Display the current-context - oc config current-context ----- - - - -== oc adm config delete-cluster -Delete the specified cluster from the kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # Delete the minikube cluster - oc config delete-cluster minikube ----- - - - -== oc adm config delete-context -Delete the specified context from the kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # Delete the context for the minikube cluster - oc config delete-context minikube ----- - - - -== oc adm config delete-user -Delete the specified user from the kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # Delete the minikube user - oc config delete-user minikube ----- - - - -== oc adm config get-clusters -Display clusters defined in the kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # List the clusters that oc knows about - oc config get-clusters ----- - - - -== oc adm config get-contexts -Describe one or many contexts - -.Example usage -[source,bash,options="nowrap"] ----- - # List all the contexts in your kubeconfig file - oc config get-contexts - - # Describe one context in your kubeconfig file - oc config get-contexts my-context ----- - - - -== oc adm config get-users -Display users defined in the kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # List the users that oc knows about - oc config get-users ----- - - - -== oc adm config rename-context -Rename a context from the kubeconfig file - -.Example usage -[source,bash,options="nowrap"] ----- - # Rename the context 'old-name' to 'new-name' in your kubeconfig file - oc config rename-context old-name new-name ----- - - - -== oc adm config set -Set an individual value in a kubeconfig file - -.Example usage -[source,bash,options="nowrap"] ----- - # Set the server field on the my-cluster cluster to https://1.2.3.4 - oc config set clusters.my-cluster.server https://1.2.3.4 - - # Set the certificate-authority-data field on the my-cluster cluster - oc config set clusters.my-cluster.certificate-authority-data $(echo "cert_data_here" | base64 -i -) - - # Set the cluster field in the my-context context to my-cluster - oc config set contexts.my-context.cluster my-cluster - - # Set the client-key-data field in the cluster-admin user using --set-raw-bytes option - oc config set users.cluster-admin.client-key-data cert_data_here --set-raw-bytes=true ----- - - - -== oc adm config set-cluster -Set a cluster entry in kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # Set only the server field on the e2e cluster entry without touching other values - oc config set-cluster e2e --server=https://1.2.3.4 - - # Embed certificate authority data for the e2e cluster entry - oc config set-cluster e2e --embed-certs --certificate-authority=~/.kube/e2e/kubernetes.ca.crt - - # Disable cert checking for the dev cluster entry - oc config set-cluster e2e --insecure-skip-tls-verify=true - - # Set custom TLS server name to use for validation for the e2e cluster entry - oc config set-cluster e2e --tls-server-name=my-cluster-name ----- - - - -== oc adm config set-context -Set a context entry in kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # Set the user field on the gce context entry without touching other values - oc config set-context gce --user=cluster-admin ----- - - - -== oc adm config set-credentials -Set a user entry in kubeconfig - -.Example usage -[source,bash,options="nowrap"] ----- - # Set only the "client-key" field on the "cluster-admin" - # entry, without touching other values - oc config set-credentials cluster-admin --client-key=~/.kube/admin.key - - # Set basic auth for the "cluster-admin" entry - oc config set-credentials cluster-admin --username=admin --password=uXFGweU9l35qcif - - # Embed client certificate data in the "cluster-admin" entry - oc config set-credentials cluster-admin --client-certificate=~/.kube/admin.crt --embed-certs=true - - # Enable the Google Compute Platform auth provider for the "cluster-admin" entry - oc config set-credentials cluster-admin --auth-provider=gcp - - # Enable the OpenID Connect auth provider for the "cluster-admin" entry with additional args - oc config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-id=foo --auth-provider-arg=client-secret=bar - - # Remove the "client-secret" config value for the OpenID Connect auth provider for the "cluster-admin" entry - oc config set-credentials cluster-admin --auth-provider=oidc --auth-provider-arg=client-secret- - - # Enable new exec auth plugin for the "cluster-admin" entry - oc config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1 - - # Define new exec auth plugin args for the "cluster-admin" entry - oc config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2 - - # Create or update exec auth plugin environment variables for the "cluster-admin" entry - oc config set-credentials cluster-admin --exec-env=key1=val1 --exec-env=key2=val2 - - # Remove exec auth plugin environment variables for the "cluster-admin" entry - oc config set-credentials cluster-admin --exec-env=var-to-remove- ----- - - - -== oc adm config unset -Unset an individual value in a kubeconfig file - -.Example usage -[source,bash,options="nowrap"] ----- - # Unset the current-context - oc config unset current-context - - # Unset namespace in foo context - oc config unset contexts.foo.namespace ----- - - - -== oc adm config use-context -Set the current-context in a kubeconfig file - -.Example usage -[source,bash,options="nowrap"] ----- - # Use the context for the minikube cluster - oc config use-context minikube ----- - - - -== oc adm config view -Display merged kubeconfig settings or a specified kubeconfig file - -.Example usage -[source,bash,options="nowrap"] ----- - # Show merged kubeconfig settings - oc config view - - # Show merged kubeconfig settings and raw certificate data - oc config view --raw - - # Get the password for the e2e user - oc config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}' ----- - - - == oc adm cordon Mark node as unschedulable @@ -660,10 +385,10 @@ Add a role to users or service accounts for the current project [source,bash,options="nowrap"] ---- # Add the 'view' role to user1 for the current project - oc policy add-role-to-user view user1 + oc adm policy add-role-to-user view user1 # Add the 'edit' role to serviceaccount1 for the current project - oc policy add-role-to-user edit -z serviceaccount1 + oc adm policy add-role-to-user edit -z serviceaccount1 ---- @@ -703,16 +428,16 @@ Check which service account can create a pod ---- # Check whether service accounts sa1 and sa2 can admit a pod with a template pod spec specified in my_resource.yaml # Service Account specified in myresource.yaml file is ignored - oc policy scc-review -z sa1,sa2 -f my_resource.yaml + oc adm policy scc-review -z sa1,sa2 -f my_resource.yaml # Check whether service accounts system:serviceaccount:bob:default can admit a pod with a template pod spec specified in my_resource.yaml - oc policy scc-review -z system:serviceaccount:bob:default -f my_resource.yaml + oc adm policy scc-review -z system:serviceaccount:bob:default -f my_resource.yaml # Check whether the service account specified in my_resource_with_sa.yaml can admit the pod - oc policy scc-review -f my_resource_with_sa.yaml + oc adm policy scc-review -f my_resource_with_sa.yaml # Check whether the default service account can admit the pod; default is taken since no service account is defined in myresource_with_no_sa.yaml - oc policy scc-review -f myresource_with_no_sa.yaml + oc adm policy scc-review -f myresource_with_no_sa.yaml ---- @@ -724,13 +449,13 @@ Check whether a user or a service account can create a pod [source,bash,options="nowrap"] ---- # Check whether user bob can create a pod specified in myresource.yaml - oc policy scc-subject-review -u bob -f myresource.yaml + oc adm policy scc-subject-review -u bob -f myresource.yaml # Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml - oc policy scc-subject-review -u bob -g projectAdmin -f myresource.yaml + oc adm policy scc-subject-review -u bob -g projectAdmin -f myresource.yaml # Check whether a service account specified in the pod template spec in myresourcewithsa.yaml can create the pod - oc policy scc-subject-review -f myresourcewithsa.yaml + oc adm policy scc-subject-review -f myresourcewithsa.yaml ---- @@ -1000,6 +725,21 @@ Mark node as schedulable +== oc adm upgrade +Upgrade a cluster + +.Example usage +[source,bash,options="nowrap"] +---- + # Review the available cluster updates + oc adm upgrade + + # Update to the latest version + oc adm upgrade --to-latest=true +---- + + + == oc adm verify-image-signature Verify the image identity contained in the image signature diff --git a/modules/oc-by-example-content.adoc b/modules/oc-by-example-content.adoc index 4a6b49f5d6..f9eba80f2d 100644 --- a/modules/oc-by-example-content.adoc +++ b/modules/oc-by-example-content.adoc @@ -286,7 +286,7 @@ Dump relevant information for debugging and diagnosis == oc completion -Output shell completion code for the specified shell (bash or zsh) +Output shell completion code for the specified shell (bash, zsh or fish) .Example usage [source,bash,options="nowrap"] @@ -318,6 +318,25 @@ Output shell completion code for the specified shell (bash or zsh) source <(oc completion zsh) # Set the oc completion code for zsh[1] to autoload on startup oc completion zsh > "${fpath[1]}/_oc" + + + # Load the oc completion code for fish[2] into the current shell + oc completion fish | source + # To load completions for each session, execute once: + oc completion fish > ~/.config/fish/completions/oc.fish + + # Load the oc completion code for powershell into the current shell + oc completion powershell | Out-String | Invoke-Expression + # Set oc completion code for powershell to run on startup + ## Save completion code to a script and execute in the profile + oc completion powershell > $HOME\.kube\completion.ps1 + Add-Content $PROFILE "$HOME\.kube\completion.ps1" + ## Execute completion code in the profile + Add-Content $PROFILE "if (Get-Command oc -ErrorAction SilentlyContinue) { + oc completion powershell | Out-String | Invoke-Expression + }" + ## Add completion code directly to the $PROFILE script + oc completion powershell >> $PROFILE ---- @@ -694,7 +713,7 @@ Create a config map from a local file, directory or literal value oc create configmap my-config --from-file=path/to/bar # Create a new config map named my-config from an env file - oc create configmap my-config --from-env-file=path/to/bar.env + oc create configmap my-config --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env ---- @@ -1023,8 +1042,8 @@ Create a secret from a local file, directory, or literal value # Create a new secret named my-secret using a combination of a file and a literal oc create secret generic my-secret --from-file=ssh-privatekey=path/to/id_rsa --from-literal=passphrase=topsecret - # Create a new secret named my-secret from an env file - oc create secret generic my-secret --from-env-file=path/to/bar.env + # Create a new secret named my-secret from env files + oc create secret generic my-secret --from-env-file=path/to/foo.env --from-env-file=path/to/bar.env ---- @@ -1218,8 +1237,8 @@ Show details of a specific resource or group of resources # Describe pods by label name=myLabel oc describe po -l name=myLabel - # Describe all pods managed by the 'frontend' replication controller (rc-created pods - # get the name of the rc as a prefix in the pod the name) + # Describe all pods managed by the 'frontend' replication controller + # (rc-created pods get the name of the rc as a prefix in the pod name) oc describe pods frontend ---- @@ -1261,18 +1280,6 @@ Edit a resource on the server -== oc ex dockergc -Perform garbage collection to free space in docker storage - -.Example usage -[source,bash,options="nowrap"] ----- - # Perform garbage collection with the default settings - oc ex dockergc ----- - - - == oc exec Execute a command in a container @@ -2345,9 +2352,6 @@ Link secrets to a service account # Add an image pull secret to a service account to automatically use it for both pulling and pushing build images oc secrets link builder builder-image-secret --for=pull,mount - - # If the cluster's serviceAccountConfig is operating with limitSecretReferences: True, secrets must be added to the pod's service account whitelist in order to be available to the pod - oc secrets link pod-sa pod-secret ---- @@ -2869,6 +2873,9 @@ Experimental: Wait for a specific condition on one or many resources # The default value of status condition is true; you can set it to false oc wait --for=condition=Ready=false pod/busybox1 + # Wait for the pod "busybox1" to contain the status phase to be "Running". + oc wait --for=jsonpath='{.status.phase}'=Running pod/busybox1 + # Wait for the pod "busybox1" to be deleted, with a timeout of 60s, after having issued the "delete" command oc delete pod/busybox1 oc wait --for=delete pod/busybox1 --timeout=60s