pichuang

PLAY [localhost] ***************************************************************

TASK [Test Case 1] *************************************************************
changed: [localhost]

TASK [debug] *******************************************************************
ok: [localhost] => {
    "msg": "who is handsome man? smallplane"
}

pichuang

---
apiVersion: batch/v1
kind: Job
metadata:
  generateName: work-queue-
spec:
  template:
    spec:
      containers:
      - name: work

pichuang

#!/bin/bash
BACKUP_DIR="~/etcd_backup/backup/backup.epq0825v"
master_nodes=(master0.dmz.ocp4.local master1.dmz.ocp4.local master2.dmz.ocp4.local)

cd $BACKUP

for node in "${master_nodes[@]}"
do
    scp -i ~/.ssh/dmz-ocp4-rsa $BACKUP_DIR/* core@$node:~/
    ssh -i ~/.ssh/dmz-ocp4-rsa core@$node sudo /usr/local/bin/cluster-restore.sh /home/core/

pichuang

#!/bin/bash

# Ref: https://docs.openshift.com/container-platform/4.6/backup_and_restore/graceful-cluster-shutdown.html

# !!!IMPORTANT!!!
# DO THE ETCD BACKUP FISRT
# https://gist.github.com/pichuang/53aef7091245c55a91a5f0bd56fa3256

non_master_nodes=$(oc get nodes --selector='!node-role.kubernetes.io/master' -o jsonpath='{.items[*].metadata.name}')
for node in ${non_master_nodes[@]}

pichuang

#!/bin/bash
etcd_node=`oc get pods -n openshift-etcd -l app=etcd -o=jsonpath='{.items[0].spec.nodeName}'`
ssh -i ~/.ssh/dmz-ocp4-rsa core@$etcd_node

id=$(sudo crictl ps --name etcdctl | awk 'FNR==2{ print $1}') && sudo crictl exec -it $id /bin/bash
ETCDCTL_ENDPOINTS=$(etcdctl member list | awk -F', ' '{printf "%s%s",sep,$5; sep=","}')
rev=$(etcdctl endpoint status --write-out="json" |  egrep -o '"revision":[0-9]*' | egrep -o '[0-9]*' -m1)
etcdctl compact $rev
unset ETCDCTL_ENDPOINTS
etcdctl --command-timeout=30s --endpoints=https://localhost:2379 defrag

pichuang

#!/bin/bash

# Ref: https://docs.openshift.com/container-platform/4.6/backup_and_restore/backing-up-etcd.html

etcd_node=`oc get pods -n openshift-etcd -l app=etcd -o=jsonpath='{.items[0].spec.nodeName}'`
ssh -i ~/.ssh/dmz-ocp4-rsa core@$etcd_node

id=$(sudo crictl ps --name etcdctl | awk 'FNR==2{ print $1}') && sudo crictl exec -it $id /bin/bash
etcdctl member list -w table
etcdctl endpoint health --cluster

pichuang

#!/bin/bash
healthy=$(oc get etcd -o=jsonpath='{range .items[0].status.conditions[?(@.type=="EtcdMembersAvailable")]}{.message}{"\n"}')
if [ "$healthy" != "3 members are available" ]; then
  echo "check to see if something is broken"
  exit 1
fi
if [ ! -d ./backup ]; then mkdir ./backup; fi
backupdir=$(mktemp -dt "backup.XXXXXXXX" --tmpdir=./backup)
# get etcd's node name
etcd_node=`oc get pods -n openshift-etcd -l app=etcd -o=jsonpath='{.items[0].spec.nodeName}'`

pichuang

apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
  creationTimestamp: null
  labels:
    machine.openshift.io/cluster-api-cluster: dmz-nwccb
  name: dmz-nwccb-worker
  namespace: openshift-machine-api
spec:
  replicas: 1

pichuang

application-ui                                  Requests:100m  Limites:
cert-manager                                    Requests:100m  Limites:300m
cainjector                                      Requests:100m  Limites:200m
cert-manager-webhook                            Requests:100m  Limites:200m
configmap-watcher                               Requests:100m  Limites:200m
hcm-ui-api                                      Requests:50m   Limites:
hcm-ui                                          Requests:100m  Limites:
console-header                                  Requests:200m  Limites:
etcd                                            Requests:      Limites:
etcd                                            Requests:      Limites:

pichuang

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes: