Lab: Kubernetes and OpenShift Command-Line Interfaces and APIs

·

5 min read

Find detailed information about your OpenShift cluster and assess its health by querying its Kubernetes resources.

Outcomes

  • Use the command line to retrieve information about the cluster resources.

  • Identify cluster operators and API resources.

  • List the available namespaced resources.

  • Identify the resources that belong to the core API group.

  • List the resource types that the OpenShift configuration API group provides.

  • List the resource usage of containers in a pod.

  • Use the JSONPath filter to get the number of allocatable pods and compute resources for a node.

  • List the memory and CPU usage of all pods in the cluster.

  • Use jq filters to retrieve the conditions status of a pod.

  • View cluster events and alerts.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

[student@workstation ~]$ lab start cli-review

The API URL of your OpenShift cluster is https://api.ocp4.example.com:6443, and the oc command is already installed on your workstation machine.

Procedure 2.4. Instructions

The API URL of your OpenShift cluster is https://api.ocp4.example.com:6443, and the oc command is already installed on your workstation machine.

Log in to the OpenShift cluster as the developer user with the developer password.

Use the cli-review project for your work.

  1. Log in to the OpenShift cluster and create the cli-review project.

    1. Log in to the OpenShift cluster.

       [student@workstation ~]$ oc login -u developer -p developer \
         https://api.ocp4.example.com:6443
       ...output omitted...
      
    2. Create the cli-review project.

       [student@workstation ~]$ oc new-project cli-review
       Now using project "storage-review" on server "https://api.ocp4.example.com:6443".
       ...output omitted...
      

Hide Solution

  1. Use the oc command to list the following information for the cluster:

    • Retrieve the cluster version.

    • Identify the supported API versions.

    • Identify the fields for the pod.spec.securityContext object.

  1. Identify the cluster version.

     [student@workstation ~]$ oc version
     Client Version: 4.12.0
     Kustomize Version: v4.5.7
     Kubernetes Version: v1.25.4+77bec7a
    
  2. Identify the supported API versions.

     [student@workstation ~]$ oc api-versions
     admissionregistration.k8s.io/v1
     apiextensions.k8s.io/v1
     apiregistration.k8s.io/v1
     apiserver.openshift.io/v1
     apps.openshift.io/v1
     apps/v1
     ...output omitted...
    
  3. Identify the fields for the pod.spec.securityContext object.

     [student@workstation ~]$ oc explain pod.spec.securityContext
     KIND:     Pod
     VERSION:  v1
    
     RESOURCE: securityContext <object>
    
     DESCRIPTION:
     ...output omitted...
    

Hide Solution

  1. From the terminal, log in to the OpenShift cluster as the admin user with the redhatocp password. Then, use the command line to identify the following cluster resources:

    • List the cluster operators.

    • Identify the available namespaced resources.

    • Identify the resources that belong to the core API group.

    • List the resource types that the oauth.openshift.io API group provides.

    • List the events in the openshift-image-registry namespace.

Show Solution

  1. Identify the following information about the cluster services and its nodes:

    • Retrieve the conditions status of the etcd-master01 pod in the openshift-etcd namespace by using jq filters to limit the output.

    • List the compute resource usage of the containers in the etcd-master01 pod in the openshift-etcd namespace.

    • Get the number of allocatable pods for the master01 node by using a JSONPath filter.

    • List the memory and CPU usage of all pods in the cluster.

    • Retrieve the compute resource consumption of the master01 node.

    • Retrieve the capacity and allocatable CPU for the master01 node by using a JSONPath filter.

  1. Retrieve the conditions status of the etcd-master01 pod in the openshift-etcd namespace. Use jq filters to limit the output to the .status.conditions attribute of the pod.

     [student@workstation ~]$ oc get pods etcd-master01 -n openshift-etcd \
       -o json | jq .status.conditions
     [
       {
         "lastProbeTime": null,
         "lastTransitionTime": "2023-03-12T16:40:35Z",
         "status": "True",
         "type": "Initialized"
       },
       {
         "lastProbeTime": null,
         "lastTransitionTime": "2023-03-12T16:40:47Z",
         "status": "True",
         "type": "Ready"
       },
       {
         "lastProbeTime": null,
         "lastTransitionTime": "2023-03-12T16:40:47Z",
         "status": "True",
         "type": "ContainersReady"
       },
       {
         "lastProbeTime": null,
         "lastTransitionTime": "2023-03-12T16:40:23Z",
         "status": "True",
         "type": "PodScheduled"
       }
     ]
    
  2. List the resource usage of the containers in the etcd-master01 pod in the openshift-etcd namespace.

     [student@workstation ~]$ oc adm top pods etcd-master01 \
       -n openshift-etcd --containers
     POD             NAME           CPU(cores)   MEMORY(bytes)
     etcd-master01   POD            0m           0Mi
     etcd-master01   etcd           54m          1513Mi
     etcd-master01   etcd-metrics   5m           24Mi
     etcd-master01   etcd-readyz    4m           39Mi
     etcd-master01   etcdctl        0m           0Mi
    
  3. Use a JSONPath filter to determine the number of allocatable pods for the master01 node.

     [student@workstation ~]$ oc get node master01 \
       -o jsonpath='{.status.allocatable.pods}{"\n"}'
     250
    
  4. List the memory and CPU usage of all pods in the cluster. Use the --sum option to print the sum of the resource usage. The resource usage on your system probably differs.

     [student@workstation ~]$ oc adm top pods -A --sum
     NAMESPACE                NAME                                                  CPU(cores)   MEMORY(bytes)
     metallb-system           controller-5f6dfd8c4f-ddr8v                           0m           56Mi
     metallb-system           metallb-operator-controller-manager-6666bf5467-n2zsv  0m           50Mi
     metallb-system           metallb-operator-webhook-server-74c46ddb74-tjjj5      0m           26Mi
     metallb-system           speaker-2dds4                                         9m           210Mi
     nfs-client-provisioner   nfs-client-provisioner-79c9d77bf5-cr8n8               0m           16Mi
     ...output omitted...
                                                                                    505m       8982Mi
    
  5. Retrieve the resource consumption of the master01 node.

     [student@workstation ~]$ oc adm top node
     NAME       CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
     master01   1199m        15%    12555Mi         66%
    
  6. Use a JSONPath filter to determine the capacity and allocatable CPU for the master01 node.

     [student@workstation ~]$ oc get node master01 -o jsonpath=\
     'Allocatable: {.status.allocatable.cpu}{"\n"}'\
     'Capacity: {.status.capacity.cpu}{"\n"}'
     Allocatable: 7500m
     Capacity: 8
    

Hide Solution

  1. Retrieve debugging information for the cluster. Specify the /home/student/DO180/labs/cli-review/debugging directory as the destination directory.

    Then, generate debugging information for the kube-apiserver cluster operator. Specify the /home/student/DO180/labs/cli-review/inspect directory as the destination directory. Limit the debugging information to the last five minutes.

    1. Retrieve debugging information for the cluster. Save the output to the /home/student/DO180/labs/cli-review/debugging directory.

       [student@workstation ~]$ oc adm must-gather \
         --dest-dir /home/student/DO180/labs/cli-review/debugging
       [must-gather      ] OUT Using must-gather plug-in image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:07d3...e94c
       ...output omitted...
       Reprinting Cluster State:
       When opening a support case, bugzilla, or issue please include the following summary data along with any other requested information:
       ClusterID: 94ff22c1-88a0-44cf-90f6-0b7b8b545434
       ClusterVersion: Stable at "4.12.0"
       ClusterOperators:
           All healthy and stable
      
    2. Generate debugging information for the kube-apiserver cluster operator. Save the output to the /home/student/DO180/labs/cli-review/inspect directory, and limit the debugging information to the last five minutes.

       [student@workstation ~]$ oc adm inspect clusteroperator kube-apiserver \
         --dest-dir /home/student/DO180/labs/cli-review/inspect --since 5m
       Gathering data for ns/openshift-config...
       Gathering data for ns/openshift-config-managed...
       Gathering data for ns/openshift-kube-apiserver-operator...
       Gathering data for ns/openshift-kube-apiserver...
       Gathering data for ns/metallb-system...
       Gathering data for ns/openshift-monitoring...
       Gathering data for ns/openshift-machine-api...
       Gathering data for ns/openshift-multus...
       Gathering data for ns/openshift-cluster-node-tuning-operator...
       Gathering data for ns/openshift-cluster-storage-operator...
       Wrote inspect data to /home/student/DO180/labs/cli-review/inspect.
      

Hide Solution

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade cli-review

Finish

As the student user on the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish cli-review