Instantiate Template via OC cli - Openshift 4 - openshift

Instantiate Template from openshift UI seems very straight forward but while creating custom templates & Instantiate Template from OC cli with below steps is not working:-
oc login
oc create -f testtemplate.json
oc get templates
oc process --parameters -n 23002 builder27 --> This command is not showing successfully created template & openshift UI showed this template was created
Below is the error while doing last command -
Need some clue if approach is right & this is permission issue with the user.

Related

Cannot see own created temapltes in openshift via OC commands

Developer Catalog have dozens of templates provided by default & After creating own custom templates either via openshift console or via oc create command the teamplate when listed does not shows up which are self created.
$ oc get templates -n openshift
Lists all default teamplates but does not appers the self created one.
After creating from oc command like below:
$ oc create -f testtemplate.json
This also does not list the created template.
Please suggest any clue if there is any restrictions on it & path forward.
You Should add the default namespace on the question.
Otherwise, might using the -n option with the name of the project -n <namespace> to list/create templates.
-- Create template
$ oc create -f testtemplate -n target-namespace
-- Listing all templates in target-namespace project
$ oc get templates -n target-namespace
How about add annotations for metadata to your custom template like existing Templates ? Refer Writing the template description for more details.

Openshift oc new-app how to maps secrets of another pod?

I have a project/namespace in Openshift 3.9. It has one Mysql db pod, the credentials details are stored as secrets.
While deploying my Springboot application, in Openshift UI, I change the Deployment Configuration to map the dynamic variables from my APP to Mysql secrets.
Now I want to automate this step, and how do I mention/pass these secrets while using the oc new-app cmd. I am using below command, but not sure on how to pass/map variables to secrets.
oc new-app redhat-openjdk18-openshift~https://github.com/xyzasdkjasnda/openshift-mysql
Somewhere I saw a workaround like below,
oc new-app
redhat-openjdk18-openshift~https://github.com/xyzasdkjasnda/openshift-mysql
| jq '.items[] | select(.kind == "DeploymentConfig") |
.spec.template.spec.containers[0].env +=
[{"name":"db_name","valueFrom":{"secretKeyRef":{"key":"database-name","name":"mysql"}}},{"name":"db_username","valueFrom":{"secretKeyRef":{"key":"database-user","name":"mysql"}}},{"name":"db_password","valueFrom":{"secretKeyRef":{"key":"database-password","name":"mysql"}}}]'
| \
oc apply --filename -
While oc new-app seems convenient, it usually is preferred to explicitly create a DeploymentConfig (or Deployment) file and check it into a code repo; use oc create -f <deployment-filename> to create the actual object in OpenShift.
See Example #3 here for how to populate environment variables with values from Secrets - that is what the "workaround" does.
Alternatively, you can still use oc new-app to create a new application, including building it from source code, which will create the DeploymentConfig you can then edit to add the environment variables from Secrets configuration.

Apply changes dynamically when OpenShift template is modified (and applied)

I defined a template (let's call it template.yaml) with a service, deploymentconfig, buildconfig and imagestream, applied it with oc apply -f template.yaml and ran oc new-app app-name to create new app from the template. What the app basically does is to build a Node.js application with S2I, write it to a new ImageStream and deploy it to a pod with the necessary service exposed.
Now I've decided to make some changes to the template and have applied it on OpenShift. How do I go about ensuring that all resources in the said template also get reconfigured without having to delete all resources associated with that template and recreating it again?
I think the template is only used to create the related resource first time. Even though you modify the template, it's not associated with created resources. So you should recreate or modify each resource that is modified.
But you can modify simply all resources created by template using the following cmd.
# oc apply -f template_modified.yaml | oc replace -f -
I hope it help you
The correct command turned out to be:
$ oc apply -f template_modified.yaml
$ oc process -f template_modified.yaml | oc replace -f -
That worked for me on OpenShift 3.9.

How do you create a deployment configuration in OpenShift? Is it automatic for new-app based on a docker image?

I'm creating a new-app based on an image stream that corresponds to a docker image in a private OpenShift docker registry. The command is:
oc new-app mynamespace/my-image:latest -n=my-project
Question 1: Does this command automatically create a deployment configuration (dc) that can be referrenced as dc/my-image? Is this deployment configuration associated with my-project?
Question 2: What is the oc command to create a deployment configuration? The OpenShift developer guide has a section titled Creating a Deployment Configuration, but surprisingly it does not say how to create a DC or give any examples. It just shows a JSON structure and says DCs can be managed with the oc command.
Yes, your command will create stuff in the specified project. You can check what objects are created using the oc get command. i.e. to check what DCs you have, you'd do oc get dc or oc get deploymentconfigs.
Other useful commands are oc describe - similar to get but more information. oc status -v - see more broad information about project including warnings and errors.
You create DC and any other resource types using the oc create command. e.g. you copy the example DC off the URL you link to and put it into a file. Finally you do oc create -f mydc.yaml. Both YAML and JSON are supported.
As you see some commands can create DCs by themselves without you providing them with YAML or JSON. You can later modify existing resources with oc edit service/my-app. There is the oc patch command suitable for scripting.
You can see existing resource YAML doing oc get dc/myds -o yaml. Same with any other resource. Keep in mind you are presently using the desired project or use the -n option as you are doing in your example.
Not that hard once you understand some basics and learn to use the oc describe and oc logs command to debug issues with your images/pods. e.g. oc describe pod/my-app-1-asdfg, oc logs my-app-1-asdfg, oc logs -f dc/my-app.
HTH

Using service accounts to automate deployments is failing

We are trying to automate the build and deployment of containers to projects created in openshift v3.3. From the documentation I can see that we will need to leverage service accounts to do this but the documentation is hard to follow and the examples I have found in the blogs don't complete the task. My workflow is as follows with examples oc commands I use:
BUILDER_TOKEN='xxx'
DEPLOYER_TOKEN='xxx'
# build and push the image works as expected
docker build -t registry.xyz.com/want/want:latest .
docker login --username=<someuser> --password=${BUILDER_TOKEN} registry.xyz.com
docker push registry.xyz.com/<repo>/<image>:<tag>
# This fails with error
oc login https://api.xyz.com --token=${DEPLOYER_TOKEN}
oc project <someproject>
oc new-app registry.xyz.com/<repo>/<image>:<tag>
Notice I login into the rest api interface, select the project and create the app but this fails with the following errors:
error: User "system:serviceaccount:want:deployer" cannot create deploymentconfigs in project "default"
error: User "system:serviceaccount:want:deployer" cannot create services in project "default"
Any ideas?
Service accounts only have permission in their owning project by default. You would need to grant deployer access to deploy in other projects.
OK so it seems that using a service account to accomplish this is not the best way to go about things. This is not helped by the documentation. The use case above is very common and the correct approach is to simply evoke the new-app with the image name and corresponding tag:
oc new-app ${APP}:${TAG}
There is no need to mess around with service accounts.