The following is a good diagram of the various services running. Note, we can use infranodes to pull those cluster services from the compute nodes (things like registry, observability, monitoring, etc). Diagram from the docs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: tekton.dev/v1beta1 | |
kind: Task | |
metadata: | |
name: dotnet-build-publish | |
namespace: dotnet | |
spec: | |
steps: | |
- env: | |
- name: WORKSPACE_SSL_CA_DIRECTORY_BOUND | |
value: $(workspaces.ssl-ca-directory.bound) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Taken from: https://www.redhat.com/architect/openshift-usage-metrics | |
for project in `oc get project|grep -v NAME`; \ | |
do echo $project; \ | |
oc project $project 2> /dev/null; \ | |
oc adm top pods; \ | |
done; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://www.redhat.com/sysadmin/openshift-terminating-state |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# create namespace | |
oc new-project vista | |
# sa | |
# can use default, this is convenient but not best practice | |
# oc adm policy add-scc-to-user anyuid -z default | |
oc create sa root | |
oc adm policy add-scc-to-user privileged -z root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# delete config map | |
oc delete configmap custom-ca -n openshift-config | |
# re-create it | |
oc create configmap custom-ca --from-file=ca-bundle.crt=</path/to/example-ca.crt> -n openshift-config | |
# make sure config map is being used | |
oc patch proxy/cluster --type=merge --patch='{"spec":{"trustedCA":{"name":"custom-ca"}}}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# create admin and user1 with password `openshift` | |
htpasswd -c -B -b ./openshift.htpasswd admin openshift | |
htpasswd -B -b ./openshift.htpasswd user1 openshift | |
# add secret with username/passwords | |
oc create secret generic htpass-secret --from-file=htpasswd=./openshift.htpasswd -n openshift-config | |
# setup identity provider to use that secret |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: podman-priv | |
spec: | |
containers: | |
- name: priv | |
image: quay.io/podman/stable:v4.4.1 | |
args: | |
- sleep |
The code for this project is here git@github.com:jkeam/spring-petclinic-pac.git
and the file we should be using is .gitlab-ci-kube.yml
so in the repo that's in GitLab, make sure to blow away the original .gitlab-ci.yml
and rename .gitlab-ci-kube.yml
to .gitlab-ci.yml
.
Something like below: