diff --git a/modules/oc-adm-by-example-content.adoc b/modules/oc-adm-by-example-content.adoc index 3c3fa936f201..cc59c54dd670 100644 --- a/modules/oc-adm-by-example-content.adoc +++ b/modules/oc-adm-by-example-content.adoc @@ -80,12 +80,12 @@ Deny a certificate signing request == oc adm copy-to-node -Copies specified files to the node. +Copy specified files to the node .Example usage [source,bash,options="nowrap"] ---- - # copy a new bootstrap kubeconfig file to node-0 + # Copy a new bootstrap kubeconfig file to node-0 oc adm copy-to-node --copy=new-bootstrap-kubeconfig=/etc/kubernetes/kubeconfig node/node-0 ---- @@ -340,31 +340,72 @@ Create a new project +== oc adm node-image create +Create an ISO image for booting the nodes to be added to the target cluster + +.Example usage +[source,bash,options="nowrap"] +---- + # Create the ISO image and download it in the current folder + oc adm node-image create + + # Use a different assets folder + oc adm node-image create --dir=/tmp/assets + + # Specify a custom image name + oc adm node-image create -o=my-node.iso + + # Create an ISO to add a single node without using the configuration file + oc adm node-image create --mac-address=00:d8:e7:c7:4b:bb + + # Create an ISO to add a single node with a root device hint and without + # using the configuration file + oc adm node-image create --mac-address=00:d8:e7:c7:4b:bb --root-device-hint=deviceName:/dev/sda +---- + + + +== oc adm node-image monitor +Monitor new nodes being added to an OpenShift cluster + +.Example usage +[source,bash,options="nowrap"] +---- + # Monitor a single node being added to a cluster + oc adm node-image monitor --ip-addresses 192.168.111.83 + + # Monitor multiple nodes being added to a cluster by separating each + IP address with a comma + oc adm node-image monitor --ip-addresses 192.168.111.83,192.168.111.84 +---- + + + == oc adm node-logs Display and filter node logs .Example usage [source,bash,options="nowrap"] ---- - # Show kubelet logs from all masters + # Show kubelet logs from all control plane nodes oc adm node-logs --role master -u kubelet - # See what logs are available in masters in /var/log + # See what logs are available in control plane nodes in /var/log oc adm node-logs --role master --path=/ - # Display cron log file from all masters + # Display cron log file from all control plane nodes oc adm node-logs --role master --path=cron ---- == oc adm ocp-certificates monitor-certificates -Watch platform certificates. +Watch platform certificates .Example usage [source,bash,options="nowrap"] ---- - # Watch platform certificates. + # Watch platform certificates oc adm ocp-certificates monitor-certificates ---- @@ -376,7 +417,7 @@ Regenerate client and serving certificates of an OpenShift cluster .Example usage [source,bash,options="nowrap"] ---- - # Regenerate a leaf certificate contained in a particular secret. + # Regenerate a leaf certificate contained in a particular secret oc adm ocp-certificates regenerate-leaf -n openshift-config-managed secret/kube-controller-manager-client-cert-key ---- @@ -403,7 +444,7 @@ Regenerate the top level certificates in an OpenShift cluster .Example usage [source,bash,options="nowrap"] ---- - # Regenerate the signing certificate contained in a particular secret. + # Regenerate the signing certificate contained in a particular secret oc adm ocp-certificates regenerate-top-level -n openshift-kube-apiserver-operator secret/loadbalancer-serving-signer-key ---- @@ -484,6 +525,30 @@ Make project network global +== oc adm policy add-cluster-role-to-group +Add a role to groups for all projects in the cluster + +.Example usage +[source,bash,options="nowrap"] +---- + # Add the 'cluster-admin' cluster role to the 'cluster-admins' group + oc adm policy add-cluster-role-to-group cluster-admin cluster-admins +---- + + + +== oc adm policy add-cluster-role-to-user +Add a role to users for all projects in the cluster + +.Example usage +[source,bash,options="nowrap"] +---- + # Add the 'system:build-strategy-docker' cluster role to the 'devuser' user + oc adm policy add-cluster-role-to-user system:build-strategy-docker devuser +---- + + + == oc adm policy add-role-to-user Add a role to users or service accounts for the current project @@ -526,6 +591,30 @@ Add a security context constraint to users or a service account +== oc adm policy remove-cluster-role-from-group +Remove a role from groups for all projects in the cluster + +.Example usage +[source,bash,options="nowrap"] +---- + # Remove the 'cluster-admin' cluster role from the 'cluster-admins' group + oc adm policy remove-cluster-role-from-group cluster-admin cluster-admins +---- + + + +== oc adm policy remove-cluster-role-from-user +Remove a role from users for all projects in the cluster + +.Example usage +[source,bash,options="nowrap"] +---- + # Remove the 'system:build-strategy-docker' cluster role from the 'devuser' user + oc adm policy remove-cluster-role-from-user system:build-strategy-docker devuser +---- + + + == oc adm policy scc-review Check which service account can create a pod @@ -687,7 +776,7 @@ Lists rendered MachineConfigs in an OpenShift cluster == oc adm reboot-machine-config-pool -Initiate reboot of the specified MachineConfigPool. +Initiate reboot of the specified MachineConfigPool .Example usage [source,bash,options="nowrap"] @@ -800,18 +889,18 @@ Create a new OpenShift release == oc adm restart-kubelet -Restarts kubelet on the specified nodes +Restart kubelet on the specified nodes .Example usage [source,bash,options="nowrap"] ---- - # Restart all the nodes, 10% at a time + # Restart all the nodes, 10% at a time oc adm restart-kubelet nodes --all --directive=RemoveKubeletKubeconfig - # Restart all the nodes, 20 nodes at a time + # Restart all the nodes, 20 nodes at a time oc adm restart-kubelet nodes --all --parallelism=20 --directive=RemoveKubeletKubeconfig - # Restart all the nodes, 15% at a time + # Restart all the nodes, 15% at a time oc adm restart-kubelet nodes --all --parallelism=15% --directive=RemoveKubeletKubeconfig # Restart all the masters at the same time @@ -976,12 +1065,12 @@ Wait for nodes to reboot after running `oc adm reboot-machine-config-pool` == oc adm wait-for-stable-cluster -wait for the platform operators to become stable +Wait for the platform operators to become stable .Example usage [source,bash,options="nowrap"] ---- - # Wait for all clusteroperators to become stable + # Wait for all cluster operators to become stable oc adm wait-for-stable-cluster # Consider operators to be stable if they report as such for 5 minutes straight diff --git a/modules/oc-by-example-content.adoc b/modules/oc-by-example-content.adoc index 2b046138e811..7be238dd07f1 100644 --- a/modules/oc-by-example-content.adoc +++ b/modules/oc-by-example-content.adoc @@ -453,7 +453,7 @@ Display users defined in the kubeconfig == oc config new-admin-kubeconfig -Generate, make the server trust, and display a new admin.kubeconfig. +Generate, make the server trust, and display a new admin.kubeconfig .Example usage [source,bash,options="nowrap"] @@ -465,7 +465,7 @@ Generate, make the server trust, and display a new admin.kubeconfig. == oc config new-kubelet-bootstrap-kubeconfig -Generate, make the server trust, and display a new kubelet /etc/kubernetes/kubeconfig. +Generate, make the server trust, and display a new kubelet /etc/kubernetes/kubeconfig .Example usage [source,bash,options="nowrap"] @@ -477,7 +477,7 @@ Generate, make the server trust, and display a new kubelet /etc/kubernetes/kubec == oc config refresh-ca-bundle -Update the OpenShift CA bundle by contacting the apiserver. +Update the OpenShift CA bundle by contacting the API server .Example usage [source,bash,options="nowrap"] @@ -488,7 +488,7 @@ Update the OpenShift CA bundle by contacting the apiserver. # Refresh the CA bundle for the cluster named e2e in your kubeconfig oc config refresh-ca-bundle e2e - # Print the CA bundle from the current OpenShift cluster's apiserver. + # Print the CA bundle from the current OpenShift cluster's API server oc config refresh-ca-bundle --dry-run ---- @@ -591,6 +591,9 @@ Set a user entry in kubeconfig # Enable new exec auth plugin for the "cluster-admin" entry oc config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1 + # Enable new exec auth plugin for the "cluster-admin" entry with interactive mode + oc config set-credentials cluster-admin --exec-command=/path/to/the/executable --exec-api-version=client.authentication.k8s.io/v1beta1 --exec-interactive-mode=Never + # Define new exec auth plugin arguments for the "cluster-admin" entry oc config set-credentials cluster-admin --exec-arg=arg1 --exec-arg=arg2 @@ -819,6 +822,9 @@ Create a deployment with the specified name # Create a deployment named my-dep that runs the busybox image and expose port 5701 oc create deployment my-dep --image=busybox --port=5701 + + # Create a deployment named my-dep that runs multiple containers + oc create deployment my-dep --image=busybox:latest --image=ubuntu:latest --image=nginx ---- @@ -1127,7 +1133,7 @@ Create a TLS secret [source,bash,options="nowrap"] ---- # Create a new TLS secret named tls-secret with the given key pair - oc create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key + oc create secret tls tls-secret --cert=path/to/tls.crt --key=path/to/tls.key ---- @@ -1261,8 +1267,8 @@ Launch a new instance of a pod for debugging # Debug a node as an administrator oc debug node/master-1 - # Debug a Windows Node - # Note: the chosen image must match the Windows Server version (2019, 2022) of the Node + # Debug a Windows node + # Note: the chosen image must match the Windows Server version (2019, 2022) of the node oc debug node/win-worker-1 --image=mcr.microsoft.com/powershell:lts-nanoserver-ltsc2022 # Launch a shell in a pod using the provided image stream tag @@ -1569,10 +1575,10 @@ Experimental: Get token from external OIDC issuer as credentials exec plugin .Example usage [source,bash,options="nowrap"] ---- - # Starts an auth code flow to the issuer url with the client id and the given extra scopes + # Starts an auth code flow to the issuer URL with the client ID and the given extra scopes oc get-token --client-id=client-id --issuer-url=test.issuer.url --extra-scopes=email,profile - # Starts an authe code flow to the issuer url with a different callback address. + # Starts an auth code flow to the issuer URL with a different callback address oc get-token --client-id=client-id --issuer-url=test.issuer.url --callback-address=127.0.0.1:8343 ---- @@ -1737,8 +1743,7 @@ Mirror images from one repository to another # Copy specific os/arch manifest of a multi-architecture image # Run 'oc image info myregistry.com/myimage:latest' to see available os/arch for multi-arch images - # Note that with multi-arch images, this results in a new manifest list digest that includes only - # the filtered manifests + # Note that with multi-arch images, this results in a new manifest list digest that includes only the filtered manifests oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \ --filter-by-os=os/arch @@ -1753,8 +1758,8 @@ Mirror images from one repository to another # Copy specific os/arch manifest of a multi-architecture image # Run 'oc image info myregistry.com/myimage:latest' to see available os/arch for multi-arch images - # Note that the target registry may reject a manifest list if the platform specific images do not all - # exist. You must use a registry with sparse registry support enabled. + # Note that the target registry may reject a manifest list if the platform specific images do not all exist + # You must use a registry with sparse registry support enabled oc image mirror myregistry.com/myimage:latest=myregistry.com/other:test \ --filter-by-os=linux/386 \ --keep-manifest-list=true @@ -1856,7 +1861,7 @@ Log in to a server # Log in to the given server through a browser oc login localhost:8443 --web --callback-port 8280 - # Log in to the external OIDC issuer through Auth Code + PKCE by starting a local server listening port 8080 + # Log in to the external OIDC issuer through Auth Code + PKCE by starting a local server listening on port 8080 oc login localhost:8443 --exec-plugin=oc-oidc --client-id=client-id --extra-scopes=email,profile --callback-port=8080 ---- @@ -3003,7 +3008,7 @@ Print the client and server version information # Print the OpenShift client, kube-apiserver, and openshift-apiserver version information for the current context oc version - # Print the OpenShift client, kube-apiserver, and openshift-apiserver version numbers for the current context in json format + # Print the OpenShift client, kube-apiserver, and openshift-apiserver version numbers for the current context in JSON format oc version --output json # Print the OpenShift client version information for the current context