Ozgur's notes...

Openshift and Kubernetes uses images to deploy containers for your projects. If you have a customized image and simply you want to use the same image in your another namespace  or project. In this case you have two options, Either you pull image from image registry that customized image come from or pull it from another project. You may not  use first option if your Kubernetes or Openshift environment is  closed to external or company policies denies it. Second option is a bit of complicated but also  useful too. Also you can scriptize it  for further use. Therefore, it comes! [ozgurkkisa@workstation ~]$ oc policy add-role-to-group \ -n project-common system:image-puller \ system:serviceaccounts:project-new clusterrole.rbac.authorization.k8s.io/system:image-puller added: "system:serviceaccounts:youruser-expose-image"  At the example above, you give image-puller access permission from project named project-common to serviceaccounts in project named project-...

 Unlike virtualization, in modern containerization technologies Kubernetes or Openshift doesn't include embedded storage with containers. Altough a standard vm contains embedded storage due to requirement of operation systems, already comes with virtual disks and it's storage space.  In Kubernetes,  Openshift and other variants, as an Administrator, you need to preconfigure the storage for for your containers/pods. You or your administrator needs to provide your node to persistent storage space(s). This spaces can be traditional block storage (iscsi, fc), file storage (cifs,nfs) or cloud storage (s3,azure files,ebs). Whatever technology you use, you need a Persistent Volume Claim (PVC) to provide persistent storage space to containers.  As a first task, I recommend you to create a resource quota for your PVC to limit exhausting storage space. I'm going to tell openshift to limit "the project" or "namespace" to use total 500GB storage space and maximum al...

 As an engineer, administrator, operator, or developer, sometimes you need to learn certificate information from an application, host system, or whatever else. Almost all modern browsers allow you to get certificate information by simply clicking a red/green or crossed lock icon or following page information agents. But sometimes you can't use browsers, and you can't leave your CLI session due to a lack of connection problem or other factors. You can use the OpenSSL CLI tool to get basic certificate information on Linux. Openssl is a handy tool that allows you to save a bunch of certificate-based requirements, including getting certificates, renewing, generating a new one and of course getting information from them. In this article, you simply get the certificate information from a saved certificate. [ozgurkkisa@workstation]$ openssl x509 -in \ wildcard-api.pem -noout -subject -issuer -ext 'subjectAltName' -dates subject=C = US, ST = NC, L = Raleigh, O = "Red Ha...

Hello from openshift! I have a question for you. When will expires your Openshift Router TLS (console) certificate? Here is a short solution to learn this info. Let's start! At first, login to your Openshift cluster. Then, create a variable for router tls certificate hostname : console=$(oc get route -n openshift-console console \ > -o jsonpath='{.spec.host}') After defining router hostname variable, check it : echo $console console-openshift-console.apps.ocp4.ozgurkkisa.com   And finally we are gonna learn what is the expiration of  our beloved Router TLS certificate by running curl https://$console -k -v 2>&1 | grep 'expire date' * expire date: Jun 22 16:43:53 2022 GMT Therefore, we have learned our OpenShift Router TLS certificate expiration date. By this you can write a to-do and  prepare yourself to replacing this certificate. Thats it!

  Undoubtedly, route have a key role to accessing your pods and their applications inside.  You may want to learn your whole Kubernetes or Openshift routes and their hostnames. Also you want to learn reachability of them. Here comes a shortcut! First step is creating a variable : hosts=$(oc get route -A \ -o jsonpath='{.items[*].spec.host}') You can ensure that just getting the hostnames,  rather than any other info by running : echo $hosts After this point we need a series of shell command to get names and HTTP status of our routes. For this task, write out the codes shown below :  for host in $hosts ; do \ curl https://$host -k -w "%{url_effective} %{http_code}\n" -o /dev/null -s ; \ done https://oauth-openshift.apps.ocp4.ozgurkkisa.com/ 403 https://console-openshift-console.apps.ocp4.ozgurkkisa.com/ 200 https://downloads-openshift-console.apps.ocp4.ozgurkkisa.com/ 200 https://alertmanager-main-openshift-monitoring.apps.ocp4.ozgurkkisa.com/ 403 https://grafa...