Most common Openshift CLI commands with examples.
oc completion bash > ~/.oc_bash_completion.sh
echo "source ~/.oc_bash_completion.sh" >> ~/.bashrc
source ~/.bashrc
oc login -u user -p password https://ocp-api
cp ~/.bashrc ~/.bashrc.bak
echo 'alias ocplogin="oc login -u user -p password https://ocp-api"' >> ~/.bashrc
source ~/.bashrc
oc version
oc cluster-info
oc api-versions
Create new project:
oc new-project test
Fetch project info like UID and GID:
oc describe project test
oc get pods --show-lables
oc get pod my-pod -o json | jq .spec.containers[0].image
oc get pod my-pod -o jsonpath --template={.spec.containers[0].image}
oc get node master01 -o jsonpath=\
'{"Allocatable:\n"}{.status.allocatable}{"\n\n"}{"Capacity:\n"}{.status.capacity{"\n"}'
oc get pod my-pod -o go-template='{{(index .spec.containers).image}}'
oc get pods -o custom-columns=Pod:.metadata.name,Container:.spec.containers[].name,\
Phase:.status.phase,IP:.status.podIP,Ports:.spec.containers[].ports[].containerPort
oc get pods -o yaml | yq -r - 'items[*].metadata.name'
oc get pod my-pod -o template --template={{.spec.containers[0].image}}
Run a pod and attach a session:
oc run -it my-app --image registry.access.redhat.com/ubi9/ubi --command -- /bin/bash
Add restart option:
oc run -it my-app --image registry.access.redhat.com/ubi9/ubi\
--restart Never --command -- /bin/bash
Auto delete pod:
oc run -it my-app --rm --image registry.access.redhat.com/ubi9/ubi\
--restart Never --command -- /bin/bash
Add environment variables:
oc run -it my-app \
--env MY_VAR=myenvvariable \
--rm \
--image registry.access.redhat.com/ubi9/ubi \
--restart Never \
--command -- /bin/bash
Execute a command in a running container:
oc exec my-app -- date
Select the container if the POD has multiple containers
oc exec my-app -c contaier1 -- date
Attach a session to a running container
oc exec my-app -c contaier1 -it -- bash
Retrieve the logs of a container:
oc logs my-app --tail=10
Retrieve the logs of the previous container instance if exists:
oc logs my-app --tail=10 -p
Follow the logs
oc logs my-app --tail=10 -f
oc get events --sort-by='.metadata.creationTimestamp'
oc get events --sort-by='.metadata.creationTimestamp' -A
oc get events --sort-by='.lastTimestamp'
oc get events -A --output-watch-events=true --watch-only
oc explain pod.spec --recursive
oc explain pod.spec.securityContext --recursive
oc api-resources
oc api-resources --namespaced
oc api-resources --api-group ''
oc api-resources --api-group 'oauth.openshift.io'
Update fields of a resource
oc patch pod valid-pod --type='json' \
-p='[{"op": "replace", "path": "/spec/containers/0/image", \
"value":"http://registry.access.redhat.com/ubi8/httpd-24"}]'
Copy files to and from Containers
oc cp pod:pod/dir /local/dir
Remove container access
oc port-forward podname EXTERNAL_PORT:CONTAINER_POD
Connect to running container
oc rsh pod-name
oc rsh deployment/my-deployment
You can use this command to inspect, configure, and retrieve information about container images.
Inspects and retrieves information about a container image:
oc image info registry.access.redhat.com/ubi9/httpd-24:1-233 --filter-by-os amd64
oc get operators
oc get clusteroperators
oc describe clusteroperators openshift-apiserver
oc create is my-is
oc create istag my-is:v1.0 \
--from-image myremote-repo/my-remote-image:tag
Enable image stream resolution for the my-is image stream so that Kubernetes resources in the current project can use it.
oc set image-lookup my-is
oc set image-lookup
Detected changes in IS
oc set triggers deployment/my-depl \
--from-image my-is:1 --containers my-container
oc set triggers deployment/my-depl
oc get deployment my-depl \
-o jsonpath='{.metadata.annotations.image\.openshift\.io/triggers}' | jq .
Update Image stream tag
oc tag myregitry/myimage:new-image-tag existing-is:existing-istag
Move alias to another istag
oc tag --help new-image-stream-tag existing-alias
Create a new application by specifying source code, templates, and/or images.
oc new-app -l team=red --template mysql-persistent \
-p MYSQL_USER=developer \
-p MYSQL_PASSWORD=developer
oc new-app --name db-image -l team=blue \
--image registry.ocp4.example.com:8443/rhel9/mysql-80:1 \
-e MYSQL_USER=developer \
-e MYSQL_PASSWORD=developer \
-e MYSQL_ROOT_PASSWORD=redhat
oc create job \
date-job \
--image registry.access.redhat.com/ubi8/ubi \
-- /bin/bash -c "date"
oc create cronjob date-cronjob \
--image registry.access.redhat.com/ubi8/ubi \
--schedule "*/1 * * * *" \
-- date
oc create deployment \
my-deployment \
--image registry.access.redhat.com/ubi8/ubi \
--replicas
From literal
oc create secret generic my_secret_name\
--from-literal key1=value1 --from-literal key2=value2
From file
oc create secret generic my_secret_name\
--from-file key1=/path/to/file
TLS secret
oc create secret tls my_secret_name\
--cert /path/to/cert --key /path/to/key
From literal
oc create cm my-config --from-literal key1=value1
Configure application resources. This commands help you make changes to existing application resources.
oc set env deployment/my-db MYSQL_USER=developer \
MYSQL_PASSWORD=developer \
MYSQL_DATABASE=samepledb
From secret
oc set env deployment/my-deployment --from secret/my-secret
Type secret
oc set volume deployment/mydeployment --add\
--type secret --secret-name my-secret --mount-path /app-secret
Type configmap
oc set volume deployment/mydeployment --add\
--type configmap --configmap-name my-configmap --mount-path /app-configs
Type PersistentVolumeClaim
oc set volume deployment/mydeployment --add \
--name my-volume \
--type persistentVolumeClaim \
--claim-mode rwo \
--claim-size 15Gi \
--mount-path /var/mydata \
--claim-class storage-class \
--claim-name my-pvc
Specify compute resource requirements (cpu, memory) for any resource that defines a pod template.
oc set resources deployment my-dep --requests cpu=10m,memory=1gi
Set or remove a liveness, readiness or startup probe from a pod or pod template.
oc set prove deployment/my-deployment --readiness \
--initial-delay-seconds 7\
--get-url http://:8080/health
oc set image deployment/mydeployment my-container-name-in-pod=my-image
Expose containers internally as services or externally via routes
oc expose deployment/db --port 8080
oc expose service nginx
oc expose service nginx --hostname api.aps.acme.com
Set a new size for a deployment, replica set, replication controller, or stateful set.
oc scale deployment test --replicas 2
Creates an autoscaler that automatically chooses and sets the number of pods that run in a Kubernetes cluster.
oc autoscale deployment/my-deployment --min 1 --max 8 --cpu-percent 70 --memory-percent 95
Start a new rollout, view its status or history, rollback to a previous revision of your app.
oc rollout pause deployment/myapp
oc rollout resume deployment/myapp
oc rollout undo deployment/myapp --to-revision 1
oc rollout status deployment/myapp
oc rollout history deployment/myapp --revision 1
Note:
The CHANGE-CAUSE column provides a user-defined message that describes the revision. You can store the message in the kubernetes.io/change-cause deployment annotation after every rollout.
oc rollout history deployment/myapp --revision 1
Update the annotations on one or more resources.
# Enable sticky session on a route
oc annotate route test router.openshift.io/cookie_name="my-sticky-session"
Show usage statistics of resources on the server
oc adm top pods -A --sum
oc adm top pods etcd-master01 -n openshift-etcd --containers
oc adm top node
oc adm node-logs master01
oc adm node-logs master01 -u crio
oc adm node-logs master01 -u crio --tail 10
oc debug node/master01
chroot /host
systemctl status crio
systemctl is-active crio
systemctl status kubelet
systemctl is-active kubelet
crictl ps # list containers on the node
crictl ps --name my-container-name # filters the containers by name
crictl ps --name my-container-name -o json | jq .containers[0].id # Gets the contaier ID <e.g 27943ae4f3024>
crictl inspect -o json 27943ae4f3024 | jq .info.pid # Gets the container PID <e.g 43453>
crictl inspect 27943ae4f3024 | grep pid # Gets the container PID as well <e.g 43453>
lsns -p 43453 # lists the system namespaces of a container.
nsenter -t 43453 -p -r ps -ef # executes the ps -ef command within the process namespace of a running container.
oc adm must-gather --dest-dir /tmp
oc adm inspect clusteroperator/kube-apiserver --dest-dir /tmp/
oc adm inspect clusteroperator/kube-apiserver --dest-dir /tmp/ --since 5m
skopeo list-tags docker://repo/image
skopeo inspect --config docker://reg/image:tag