openshift
diff --git a/‎modules/oc-adm-by-example-content.adoc
Lines changed: 130 additions & 24 deletions b/‎modules/oc-adm-by-example-content.adoc
Lines changed: 130 additions & 24 deletions
@@ -43,14 +43,14 @@ Mirror an operator-registry catalog
   oc adm catalog mirror file:///local/index/my/image:latest my-airgapped-registry.com
   
   # Configure a cluster to use a mirrored registry
-  oc apply -f manifests/imageContentSourcePolicy.yaml
+  oc apply -f manifests/imageDigestMirrorSet.yaml
   
   # Edit the mirroring mappings and mirror with "oc image mirror" manually
   oc adm catalog mirror --manifests-only quay.io/my/image:latest myregistry.com
   oc image mirror -f manifests/mapping.txt
   
-  # Delete all ImageContentSourcePolicies generated by oc adm catalog mirror
-  oc delete imagecontentsourcepolicy -l operators.openshift.org/catalog=true
+  # Delete all ImageDigestMirrorSets generated by oc adm catalog mirror
+  oc delete imagedigestmirrorset -l operators.openshift.org/catalog=true
 ----
 
 
@@ -79,6 +79,10 @@ Deny a certificate signing request
 
 
 
+== oc adm copy-to-node
+Copies specified files to the node.
+
+
 == oc adm cordon
 Mark node as unschedulable
 
@@ -193,13 +197,13 @@ Remove old OpenShift groups referencing missing records from an external provide
   # Prune all orphaned groups
   oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm
   
-  # Prune all orphaned groups except the ones from the blacklist file
-  oc adm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+  # Prune all orphaned groups except the ones from the denylist file
+  oc adm groups prune --blacklist=/path/to/denylist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
   
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist file
-  oc adm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+  # Prune all orphaned groups from a list of specific groups specified in an allowlist file
+  oc adm groups prune --whitelist=/path/to/allowlist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
   
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist
+  # Prune all orphaned groups from a list of specific groups specified in a list
   oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
 ----
 
@@ -229,8 +233,8 @@ Sync OpenShift groups with records from an external provider
   # Sync all groups except the ones from the blacklist file with an LDAP server
   oc adm groups sync --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
   
-  # Sync specific groups specified in a whitelist file with an LDAP server
-  oc adm groups sync --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml --confirm
+  # Sync specific groups specified in an allowlist file with an LDAP server
+  oc adm groups sync --whitelist=/path/to/allowlist.txt --sync-config=/path/to/sync-config.yaml --confirm
   
   # Sync all OpenShift groups that have been synced previously with an LDAP server
   oc adm groups sync --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm
@@ -263,12 +267,12 @@ Collect debugging data for a given resource
 
 
 == oc adm migrate icsp
-Update imagecontentsourcepolicy file(s) to imagedigestmirrorset file(s).
+Update imagecontentsourcepolicy file(s) to imagedigestmirrorset file(s)
 
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # update the imagecontentsourcepolicy.yaml to new imagedigestmirrorset file under directory mydir
+  # Update the imagecontentsourcepolicy.yaml file to a new imagedigestmirrorset file under the mydir directory
   oc adm migrate icsp imagecontentsourcepolicy.yaml --dest-dir mydir
 ----
 
@@ -310,7 +314,7 @@ Launch a new instance of a pod for gathering debug information
   # Gather information using a specific image stream plug-in
   oc adm must-gather --image-stream=openshift/must-gather:latest
   
-  # Gather information using a specific image, command, and pod-dir
+  # Gather information using a specific image, command, and pod directory
   oc adm must-gather --image=my/image:tag --source-dir=/pod/directory -- myspecial-command.sh
 ----
 
@@ -337,7 +341,7 @@ Display and filter node logs
   # Show kubelet logs from all masters
   oc adm node-logs --role master -u kubelet
   
-  # See what logs are available in masters in /var/logs
+  # See what logs are available in masters in /var/log
   oc adm node-logs --role master --path=/
   
   # Display cron log file from all masters
@@ -346,6 +350,61 @@ Display and filter node logs
 
 
 
+== oc adm ocp-certificates monitor-certificates
+Watch platform certificates.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Watch platform certificates.
+  oc adm ocp-certificates monitor-certificates
+----
+
+
+
+== oc adm ocp-certificates regenerate-leaf
+Regenerate client and serving certificates of an OpenShift cluster
+
+
+
+== oc adm ocp-certificates regenerate-machine-config-server-serving-cert
+Regenerate the machine config operator certificates in an OpenShift cluster
+
+
+
+== oc adm ocp-certificates regenerate-top-level
+Regenerate the top level certificates in an OpenShift cluster
+
+
+
+
+== oc adm ocp-certificates remove-old-trust
+Remove old CAs from ConfigMaps representing platform trust bundles in an OpenShift cluster
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  #  Remove only CA certificates created before a certain date from all trust bundles
+  oc adm ocp-certificates remove-old-trust configmaps -A --all --created-before 2023-06-05T14:44:06Z
+----
+
+
+
+== oc adm ocp-certificates update-ignition-ca-bundle-for-machine-config-server
+Update user-data secrets in an OpenShift cluster to use updated MCO certfs
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Regenerate the MCO certs without modifying user-data secrets
+  oc adm certificates regenerate-machine-config-server-serving-cert --update-ignition=false
+  
+  # Update the user-data secrets to use new MCS certs
+  oc adm certificates update-ignition-ca-bundle-for-machine-config-server
+----
+
+
+
 == oc adm pod-network isolate-projects
 Isolate project network
 
@@ -513,13 +572,13 @@ Remove old OpenShift groups referencing missing records from an external provide
   # Prune all orphaned groups
   oc adm prune groups --sync-config=/path/to/ldap-sync-config.yaml --confirm
   
-  # Prune all orphaned groups except the ones from the blacklist file
-  oc adm prune groups --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+  # Prune all orphaned groups except the ones from the denylist file
+  oc adm prune groups --blacklist=/path/to/denylist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
   
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist file
-  oc adm prune groups --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
+  # Prune all orphaned groups from a list of specific groups specified in an allowlist file
+  oc adm prune groups --whitelist=/path/to/allowlist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
   
-  # Prune all orphaned groups from a list of specific groups specified in a whitelist
+  # Prune all orphaned groups from a list of specific groups specified in a list
   oc adm prune groups groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm
 ----
 
@@ -545,7 +604,7 @@ Remove unreferenced images
   # To actually perform the prune operation, the confirm flag must be appended
   oc adm prune images --prune-over-size-limit --confirm
   
-  # Force the insecure http protocol with the particular registry host name
+  # Force the insecure HTTP protocol with the particular registry host name
   oc adm prune images --registry-url=http://registry.example.org --confirm
   
   # Force a secure connection with a custom certificate authority to the particular registry host name
@@ -554,6 +613,24 @@ Remove unreferenced images
 
 
 
+== oc adm reboot-machine-config-pool
+Initiate reboot of the specified MachineConfigPool.
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Reboot all MachineConfigPools
+  oc adm reboot-machine-config-pool mcp/worker mcp/master
+  
+  # Reboot all MachineConfigPools that inherit from worker.  This include all custom MachineConfigPools and infra.
+  oc adm reboot-machine-config-pool mcp/worker
+  
+  # Reboot masters
+  oc adm reboot-machine-config-pool mcp/master
+----
+
+
+
 == oc adm release extract
 Extract the contents of an update payload to disk
 
@@ -567,7 +644,7 @@ Extract the contents of an update payload to disk
   oc adm release extract --credentials-requests --cloud=aws
   
   # Use git to check out the source code for the current cluster release to DIR from linux/s390x image
-  # Note: Wildcard filter is not supported. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported; pass a single os/arch to extract
   oc adm release extract --git=DIR quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x
 ----
 
@@ -592,7 +669,7 @@ Display information about a release
   oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --pullspecs
   
   # Show information about linux/s390x image
-  # Note: Wildcard filter is not supported. Pass a single os/arch to extract
+  # Note: Wildcard filter is not supported; pass a single os/arch to extract
   oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x
 ----
 
@@ -632,7 +709,7 @@ Create a new OpenShift release
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # Create a release from the latest origin images and push to a DockerHub repo
+  # Create a release from the latest origin images and push to a DockerHub repository
   oc adm release new --from-image-stream=4.11 -n origin --to-image docker.io/mycompany/myrepo:latest
   
   # Create a new release with updated metadata from a previous release
@@ -649,6 +726,11 @@ Create a new OpenShift release
 
 
 
+== oc adm restart-kubelet
+Restarts kubelet on the specified nodes
+
+
+
 == oc adm taint
 Update the taints on one or more nodes
 
@@ -752,7 +834,7 @@ Upgrade a cluster or adjust the upgrade channel
 .Example usage
 [source,bash,options="nowrap"]
 ----
-  # Review the available cluster updates
+  # View the update status and available cluster updates
   oc adm upgrade
   
   # Update to the latest version
@@ -785,3 +867,27 @@ Verify the image identity contained in the image signature
 ----
 
 
+
+== oc adm wait-for-node-reboot
+Wait for nodes to reboot after running `oc adm reboot-machine-config-pool`
+
+.Example usage
+[source,bash,options="nowrap"]
+----
+  # Wait for all nodes to complete a requested reboot from 'oc adm reboot-machine-config-pool mcp/worker mcp/master'
+  oc adm wait-for-node-reboot nodes --all
+  
+  # Wait for masters to complete a requested reboot from 'oc adm reboot-machine-config-pool mcp/master'
+  oc adm wait-for-node-reboot nodes -l node-role.kubernetes.io/master
+  
+  # Wait for masters to complete a specific reboot
+  oc adm wait-for-node-reboot nodes -l node-role.kubernetes.io/master --reboot-number=4
+----
+
+
+
+== oc adm wait-for-stable-cluster
+wait for the platform operators to become stable
+
+
+