jkeam

Deploying OpenShift App From Internal Registry

This describes the steps on how to push an image to your local OpenShift cluster; specifically the internal registry; and then deploy that.

Prerequisites

1. You are logged into the cluster
2. You have the image to push to the cluster on your local computer

docker pull quay.io/jkeam/hello-python

jkeam

#!/bin/bash

oc new-project pipelines-tutorial
oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/pipelines-1.4/01_pipeline/01_apply_manifest_task.yaml
oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/pipelines-1.4/01_pipeline/02_update_deployment_task.yaml
oc create -f https://raw.githubusercontent.com/openshift/pipelines-tutorial/pipelines-1.4/01_pipeline/04_pipeline.yaml
tkn pipeline start build-and-deploy \
    -w name=shared-workspace,volumeClaimTemplateFile=https://gist.githubusercontent.com/jkeam/0a61b51535c00d879adcb4418da8d62e/raw/2126834b525af58a64e108843d81b02620bafc1f/tekton-workspace-pvc.yaml \
    -p deployment-name=pipelines-vote-api \
    -p git-url=https://github.com/openshift/pipelines-vote-api.git \

jkeam

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: source-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 2G

jkeam

          (function(program, execJS) { execJS(program) })(function(global, process, module, exports, require, console, setTimeout, setInterval, clearTimeout, clearInterval, setImmediate, clearImmediate) { (function webpackUniversalModuleDefinition(root, factory) {
	if(typeof exports === 'object' && typeof module === 'object')
		module.exports = factory();
	else if(typeof define === 'function' && define.amd)
		define([], factory);
	else if(typeof exports === 'object')
		exports["sourceMap"] = factory();
	else
		root["sourceMap"] = factory();
})(this, function() {

jkeam

apiVersion: 1.0.0
metadata:
  name: spring-petclinic
projects:
  - name: spring-petclinic
    source:
      location: 'http://gogs-demo-cicd.apps.bah.o1wf.p1.openshiftapps.com/gogs/spring-petclinic.git'
      startPoint: master
      type: git
components:

jkeam

OpenShift Roles

This document details how to give a set of users access to a specific set of namespaces within OpenShift. These namespaces are any that do not include the word openshift in it. The approach we are going to take is to create a Group that has admin access to the namespaces just described. Then we can add whatever user we want to this group.

There are a few basic groups that come pre-created when you install OpenShift. For this, we'll use the local admin (local means specific to a namespace and not cluster wide). From the docs for admin: A project manager. If used in a local binding, an admin has rights to view any resource in the project and modify any resource in the project except for quota. Docs

For the following instructions below, we will be assuming that the user jon exists and wants access to the group named superteam. This group will have admin

jkeam

OpenShift ACM and OpenShift GitOps

Instructions

1. Install GitOps via Operator on hub cluster
2. Install ACM via Operator on hub cluster
3. Attach/Create cluster to manage, say we name the cluster dev
4. Sign into your hub cluster using the oc cli
5. Turn on integration

jkeam

OpenShift GitOps

Steps to install GitOps in OpenShift with SpringBoot Petclinic application.

Prerequisite

1. OpenShift 4.7
2. oc logged in as cluster-admin

Setup

jkeam

Compliance Operator Demo Script

Steps

1. Use right project

oc project openshift-compliance

2. See all profiles

jkeam

#!/bin/bash

cat ~/.kube/config | yq e '.clusters.[].name' - | while read -r line; do oc config unset contexts.$line; done
cat ~/.kube/config | yq e '.contexts.[].name' - | while read -r line; do oc config unset contexts.$line; done
cat ~/.kube/config | yq e '.users.[].name' - | while read -r line; do oc config unset contexts.$line; done
echo 'done'