Guided Exercise: The Kubernetes and OpenShift Command-Line Interfaces

·

8 min read

Access an OpenShift cluster using the command-line to get information about cluster services and nodes.

Outcomes

  • Use the OpenShift web console to locate the installation file for the oc OpenShift command-line interface.

  • Get and use a token from the web console to access the cluster from the command line.

  • Identify key differences between the kubectl and oc command-line tools.

  • Identify the main components of OpenShift and Kubernetes.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command ensures that all resources are available for this exercise.

[student@workstation ~]$ lab start cli-interfaces

Procedure 2.1. Instructions

  1. Log in to the OpenShift web console as the developer user. Locate the installation file for the oc OpenShift command-line interface (CLI).

    1. Open a web browser and then navigate to https://console-openshift-console.apps.ocp4.example.com.

    2. Click Red Hat Identity Management and log in as the developer user with the developer password.

    3. Locate the installation file for the oc CLI. From the OpenShift web console, select HelpCommand line tools. The Help menu is represented by a ? icon.

      The oc binary is available for multiple operating systems and architectures. For each operating system and architecture, the oc binary also includes the kubectl binary.

      NOTE

      You do not need to download or install the oc and kubectl binaries, which are already installed on the workstation machine.

  2. Download an authorization token from the web console. Then, use the token and the oc command to log in to the OpenShift cluster.

    1. From the Command Line Tools page, click the Copy login command link.

    2. The link opens a login page. Click Red Hat Identity Management and log in as the developer user with the developer password.

    3. A web page is displayed. Click the Display token link to show your API token and the login command.

    4. Copy the oc login command to your clipboard. Open a terminal window and then use the copied command to log in to the cluster with your token.

       [student@workstation ~]$ oc login --token=sha256-fypX...Ot6A \
         --server=https://api.ocp4.example.com:6443
       Logged into "https://api.ocp4.example.com:6443" as "developer" using the token provided.
       ...output omitted...
      
  3. Compare the available commands for the kubectl and oc commands.

    1. Use the help command to list and review the available commands for the kubectl command.

       [student@workstation ~]$ kubectl help
       kubectl controls the Kubernetes cluster manager.
      
        Find more information at: https://kubernetes.io/docs/reference/kubectl/
      
       Basic Commands (Beginner):
         create          Create a resource from a file or from stdin
         expose          Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service
         run             Run a particular image on the cluster
         set             Set specific features on objects
      
       Basic Commands (Intermediate):
         explain         Get documentation for a resource
         get             Display one or many resources
         edit            Edit a resource on the server
         delete          Delete resources by file names, stdin, resources and names, or by resources and label selector
       ...output omitted....
      

      Notice that the kubectl command does not provide a login command.

    2. Examine the available subcommands and options for the kubectl create command by using the --help option.

       [student@workstation ~]$ kubectl create --help
       Create a resource from a file or from stdin.
      
        JSON and YAML formats are accepted.
      
       Examples:
         # Create a pod using the data in pod.json
         kubectl create -f ./pod.json
       ...output omitted....
       Available Commands:
         clusterrole           Create a cluster role
         clusterrolebinding    Create a cluster role binding for a particular cluster role
         configmap             Create a config map from a local file, directory or literal value
         cronjob               Create a cron job with the specified name
         deployment            Create a deployment with the specified name
       ...output omitted...
       Options:
           --allow-missing-template-keys=true:
           If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to
           golang and jsonpath output formats.
      
           --dry-run='none':
           Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without
           sending it. If server strategy, submit server-side request without persisting the resource.
       ...output omitted....
       Usage:
         kubectl create -f FILENAME [options]
      
       Use "kubectl <command> --help" for more information about a given command.
       Use "kubectl options" for a list of global command-line options (applies to all commands).
      

      You can use the --help option with any kubectl command. The --help option provides information about a command, including the available subcommands and options, and the command syntax.

    3. List and review the available commands for the oc binary by using the help command.

       [student@workstation ~]$ oc help
       OpenShift Client
      
       This client helps you develop, build, deploy, and run your applications on any
       OpenShift or Kubernetes cluster. It also includes the administrative
       commands for managing a cluster under the 'adm' subcommand.
      
       Basic Commands:
         login             Log in to a server
         new-project       Request a new project
         new-app           Create a new application
         status            Show an overview of the current project
         project           Switch to another project
         projects          Display existing projects
         explain           Get documentation for a resource
       ...output omitted....
      

      The oc command supports the same capabilities as the kubectl command. The oc command provides additional commands to natively support an OpenShift cluster. For example, the new-project command creates a project, which is a Kubernetes namespace, in the OpenShift cluster. The new-app command is unique to the oc command. It creates applications by using existing source code or prebuilt images.

    4. Use the --help option with the oc create command to view the available subcommands and options.

       [student@workstation ~]$ oc create --help
       Create a resource from a file or from stdin.
      
        JSON and YAML formats are accepted.
      
       Examples:
         # Create a pod using the data in pod.json
         oc create -f ./pod.json
       ...output omitted...
      
       Available Commands:
         build                  Create a new build
         clusterresourcequota   Create a cluster resource quota
         clusterrole            Create a cluster role
         clusterrolebinding     Create a cluster role binding for a particular cluster role
         configmap              Create a config map from a local file, directory or literal value
         cronjob                Create a cron job with the specified name
         deployment             Create a deployment with the specified name
         deploymentconfig       Create a deployment config with default options that uses a given image
       ...output omitted....
       Options:
           --allow-missing-template-keys=true:
           If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to
           golang and jsonpath output formats.
      
           --dry-run='none':
           Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without
           sending it. If server strategy, submit server-side request without persisting the resource.
       ...output omitted...
       Usage:
         oc create -f FILENAME [options]
       ....output omitted....
      

      The oc create command includes the same subcommands and options as the kubectl create command, and provides additional subcommands for OpenShift resources. For example, you can use the oc create command to create OpenShift resources such as a deployment configuration, a route, and an image stream.

  4. Identify the components and Kubernetes resources of an OpenShift cluster by using the terminal. Unless otherwise noted, all commands are available for the oc and kubectl commands.

    1. In a terminal, use the oc login command to log in to the cluster as the admin user with the redhatocp password. Regular cluster users, such as the developer user, cannot list resources at a cluster scope.

       [student@workstation ~]$ oc login -u admin -p redhatocp
       Login successful
       ...output omitted...
      
    2. Identify the cluster version with the version command.

       [student@workstation ~]$ oc version
       Client Version: 4.12.0
       Kustomize Version: v4.5.7
       Server Version: 4.12.0
       Kubernetes Version: v1.25.4+77bec7a
      
    3. Use the cluster-info command to identify the URL for the Kubernetes control plane.

       [student@workstation ~]$ oc cluster-info
       Kubernetes control plane is running at https://api.ocp4.example.com:6443
      
       To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
      
    4. Identify the supported API versions by using the api-versions command.

       [student@workstation ~]$ oc api-versions
       admissionregistration.k8s.io/v1
       apiextensions.k8s.io/v1
       apiregistration.k8s.io/v1
       apiserver.openshift.io/v1
       apps.openshift.io/v1
       apps/v1
       ...output omitted....
      
    5. List cluster operators with the get clusteroperator command.

       [student@workstation ~]$ oc get clusteroperator
       NAME                        VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE ...
       authentication              4.12.0    True        False         False      18d
       baremetal                   4.12.0    True        False         False      18d
       cloud-controller-manager    4.12.0    True        False         False      18d
       cloud-credential            4.12.0    True        False         False      18d
       cluster-autoscaler          4.12.0    True        False         False      18d
       config-operator             4.12.0    True        False         False      18d
       console                     4.12.0    True        False         False      18d
       control-plane-machine-set   4.12.0    True        False         False      18d
       csi-snapshot-controller     4.12.0    True        False         False      18d
       dns                         4.12.0    True        False         False      5h24m
       etcd                        4.12.0    True        False         False      18d
       image-registry              4.12.0    True        False         False      18d
       ingress                     4.12.0    True        False         False      18d
       ...output omitted...
      
    6. Use the get command to list pods in the openshift-api project. Specify the project with the -n option.

       [student@workstation ~]$ oc get pods -n openshift-apiserver
       NAME                         READY   STATUS    RESTARTS   AGE
       apiserver-68c9485699-ndqlc   2/2     Running   2          18d
      
    7. Use the oc status command to retrieve the status of resources in the openshift-authentication project.

       [student@workstation ~]$ oc status -n openshift-authentication
       In project openshift-authentication on server https://api.ocp4.example.com:6443
      
       https://oauth-openshift.apps.ocp4.example.com (passthrough) to pod port 6443 (svc/oauth-openshift)
         deployment/oauth-openshift deploys quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7d75...6c86
           deployment #7 running for 2 weeks - 1 pod
           deployment #6 deployed 2 weeks ago
           deployment #4 deployed 2 weeks ago
           deployment #3 deployed 2 weeks ago
           deployment #2 deployed 2 weeks ago
           deployment #1 deployed 2 weeks ago
       ...output omitted...
      
    8. Use the explain command to list the description and available fields for services resources.

       [student@workstation ~]$ oc explain services
       KIND:     Service
       VERSION:  v1
      
       DESCRIPTION:
            Service is a named abstraction of software service (for example, mysql)
            consisting of local port (for example 3306) that the proxy listens on, and
            the selector that determines which pods will answer requests sent through
            the proxy.
      
       FIELDS:
          apiVersion    <string>
            APIVersion defines the versioned schema of this representation of an
            object. Servers should convert recognized schemas to the latest internal
            value, and may reject unrecognized values.
       ...output omitted...
      
    9. Use the get command to list cluster nodes.

       [student@workstation ~]$ oc get nodes
       NAME       STATUS   ROLES                         AGE   VERSION
       master01   Ready    control-plane,master,worker   18d   v1.25.4+77bec7a
      

      A single node exists in the cluster.

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish cli-interfaces