Skip to content

Instantly share code, notes, and snippets.

@dmc5179

dmc5179/openshift-api-example.md

Created January 22, 2022 17:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dmc5179/0f39555afb423c62e1410de2625bb0bc to your computer and use it in GitHub Desktop.
Save dmc5179/0f39555afb423c62e1410de2625bb0bc to your computer and use it in GitHub Desktop.
Download ZIP
Calling the OpenShift API from inside a pod
Raw
openshift-api-example.md
  • Create a user for the pods that will call the OpenShift API
oc create sa rest-api-user
  • Assign the user privileges. Note: This is an example, a lesser set of permissions should be used where possible
oc policy add-role-to-user admin -z rest-api-edit
  • Launch the controller job
cat <<EOF | oc create -f -
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: controller
  labels:
    app: controller
spec:
  replicas: 1
  selector:
    matchLabels:
      app: controller
  template:
    metadata:
      labels:
        app: controller
    spec:
      securityContext: {}
      serviceAccount: rest-api-user
      serviceAccountName: rest-api-user
      containers:
      - image: quay.io/danclark/oc-cli:4.9.17
        imagePullPolicy: Always
        name: controller
        command:
          - 'sleep'
        args:
          - 'infinity'
EOF
  • Inside the controller container, call the OpenShift API using the service account user's token:
cat <<EOF | oc create -f
---
kind: Job
metadata:
  name: pi
spec:
  parallelism: 1    
  completions: 1    
  activeDeadlineSeconds: 1800 
  backoffLimit: 6   
  template:         
    metadata:
      name: pi
    spec:
      containers:
      - name: pi
        image: perl
        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
      restartPolicy: OnFailure
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment