Openshift : Display the expiry date of the OpenShift Console TLS certificate

Hello from openshift! I have a question for you. When will expires your Openshift Router TLS (console) certificate?

Here is a short solution to learn this info. Let's start!

At first, login to your Openshift cluster. Then, create a variable for router tls certificate hostname :

console=$(oc get route -n openshift-console console \
>  -o jsonpath='{.spec.host}')

After defining router hostname variable, check it :

echo $console 
console-openshift-console.apps.ocp4.ozgurkkisa.com

And finally we are gonna learn what is the expiration of our beloved Router TLS certificate by running

curl https://$console -k -v 2>&1 | grep 'expire date'
*  expire date: Jun 22 16:43:53 2022 GMT

Therefore, we have learned our OpenShift Router TLS certificate expiration date. By this you can write a to-do and prepare yourself to replacing this certificate.

Thats it!

Comments

Openshift/K8S : Get routes hostnames and learn their reachability

Undoubtedly, route have a key role to accessing your pods and their applications inside. You may want to learn your whole Kubernetes or Openshift routes and their hostnames. Also you want to learn reachability of them. Here comes a shortcut! First step is creating a variable : hosts=$(oc get route -A \ -o jsonpath='{.items[*].spec.host}') You can ensure that just getting the hostnames, rather than any other info by running : echo $hosts After this point we need a series of shell command to get names and HTTP status of our routes. For this task, write out the codes shown below : for host in $hosts ; do \ curl https://$host -k -w "%{url_effective} %{http_code}\n" -o /dev/null -s ; \ done https://oauth-openshift.apps.ocp4.ozgurkkisa.com/ 403 https://console-openshift-console.apps.ocp4.ozgurkkisa.com/ 200 https://downloads-openshift-console.apps.ocp4.ozgurkkisa.com/ 200 https://alertmanager-main-openshift-monitoring.apps.ocp4.ozgurkkisa.com/ 403 https://grafan

K8S/OPENSHIFT: POD CRASHING,SECURITY CONTEXT CONTRAINTS PROBLEM?

Your new daily given task is creating a new app in a new namespace. You investigated and found your image. Then you started to create your app. After app created you checked and realized that the your new apps pod is not starting! Here look at this example. I Used gitlab here as an instance. [ozgurk@myworkstation ~]$ oc new-app --name gitlab \ > --docker-image quay.io/redhattraining/gitlab-ce:8.4.3-ce.0 --> Creating resources ... imagestream.image.openshift.io "gitlab" created deployment.apps "gitlab" created service "gitlab" created --> Success Until here, everything looking normal. Check your pod status : [ozgurk@myworkstation ~]$ oc get pods NAME READY STATUS RESTARTS AGE gitlab-6d61db3479-yyjl 0/1 Error 1 43s As seen above, our pod is in a trouble. It's better to start investigation from pod logs. [ozgurk@myworkstation ~]$ oc logs pod/ gitlab-6d61db3479-yyjl ===========

OPENSHIFT/K8S: Enable HTPasswd Authentication for your Openshift Cluster

Openshift provides different kind of authentication mechanisms for authentication. Openshift comes with a default kubeadmin user as a factory default. In addition to default admin, in real world you want different users with different permission levels to separate roles. You can use Ldap, Github or Github Enterprise, Keystone Server, OpenID Connect or HTPasswd authentication. All these methods are named as Identity providers.All methods are external solutions or requires additional servers/services to deploy to authenticate except HTPasswd authentication. HTPasswd authentication consist of simple and locally managed password files. Simply, you define usernames and equivalent password for them. htpasswd file contains a list of users and their secrets. HTPasswd files keeps users password encrypted by several encryption algorithms like, MD5(default), SHA1, SHA256 and Bcrypt (Most secure for htpasswd.) Screenshot 1- A simple and sample htpasswd file A simple htpasswd file is similar to

Ozgur's notes...

Search This Blog