Category Archives: minishift

allow to set userID

title: “allow to set userID”
date: 2020-01-18T21:00:02
slug: allow-docker-users

oc adm policy add-scc-to-user anyuid -z default -n emqx-openshift

where z = Service Account, get Service accounts with:

oc get sa -n prometheus

Add scc to All Users (sa) in a Namespace:

oc adm policy add-scc-to-group anyuid system:serviceaccounts:prometheus

Add privileged right to user

oc adm policy add-scc-to-user privileged -nkubevirt -z ayoung

EMQX

title: “EMQX”
date: 2020-01-18T15:09:53
slug: emqx

kind: "BuildConfig"
apiVersion: "v1"
metadata:
 name: "emqx-openshift"
spec:
 runPolicy: "Serial"
 source:
 git:
 uri: "https://github.com/xforze/emqx-openshift.git"
 strategy:
 dockerStrategy:
 noCache: true
 type: docker
 output:
 to:
 kind: "ImageStreamTag"
 name: "emqx-openshift:latest"

apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
 name: emqx-openshift

apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
 name: emqx-openshift
spec:
 securityContext:
 runAsUser: 999
 replicas: 1
 template:
 metadata:
 annotations:
 openshift.io/generated-by: OpenShiftWebConsole
 creationTimestamp: null
 labels:
 app: emqx-openshift
 deploymentconfig: emqx-openshift
 spec:
 containers:
 - image: >-
 172.30.1.1:5000/emqx-openshift/emqx-openshift@sha256:d2b501278f6d2d797a35143915adcc0e9218547e89e6c2c27c4f6f9898020f0e
 imagePullPolicy: Always
 name: emqx-openshift
 dnsPolicy: ClusterFirst
 restartPolicy: Always
 schedulerName: default-scheduler
 terminationGracePeriodSeconds: 30
 test: false
 triggers:
 - type: ConfigChange
 - imageChangeParams:
 automatic: true
 containerNames:
 - emqx-openshift
 from:
 kind: ImageStreamTag
 name: 'emqx-openshift:latest'
 namespace: emqx-openshift
 lastTriggeredImage: >-
 172.30.1.1:5000/emqx-openshift/emqx-openshift@sha256:d2b501278f6d2d797a35143915adcc0e9218547e89e6c2c27c4f6f9898020f0e
 type: ImageChange

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
 name: emqx
 namespace: emqx-openshift
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: view
subjects:
- kind: ServiceAccount
 name: default
 namespace: emqx-openshift
---
apiVersion: v1
kind: Service
metadata:
 name: emqx-openshift
 namespace: emqx-openshift
spec:
 clusterIP: 172.30.149.223
 externalIPs:
 - 192.168.1.27
 - 192.168.1.22
 externalTrafficPolicy: Cluster
 ports:
 - name: emqx-openshift
 nodePort: 32063
 port: 18083
 protocol: TCP
 targetPort: 18083
 - name: emqx-openshift-11883
 nodePort: 31548
 port: 11883
 protocol: TCP
 targetPort: 11883
 - name: emqx-openshift-1883
 nodePort: 32764
 port: 1883
 protocol: TCP
 targetPort: 1883
 - name: emqx-openshift-8883
 nodePort: 31726
 port: 8883
 protocol: TCP
 targetPort: 8883
 - name: emqx-openshift-9091
 nodePort: 31821
 port: 9091
 protocol: TCP
 targetPort: 9091
 selector:
 deploymentconfig: emqx-openshift
 sessionAffinity: None
 type: LoadBalancer

Enable externalIP

title: “Enable externalIP”
date: 2020-01-18T14:36:25
slug: enable-externalip

vi /mnt/sda1/var/lib/minishift/base/kube-apiserver/master-config.yaml

networkConfig:
 clusterNetworks:
 - cidr: 10.128.0.0/14
 hostSubnetLength: 9
 externalIPNetworkCIDRs:
 - 192.168.0.0/16
 ingressIPNetworkCIDR: 172.29.0.0/16

Docker Build Config & Deploy App

title: “Docker Build Config & Deploy App”
date: 2020-01-18T10:51:24
slug: docker-build-config

kind: "BuildConfig"
apiVersion: "v1"
metadata:
 name: "my-webapp-docker"
spec:
 runPolicy: "Serial"
 triggers:
 -
 type: "GitHub"
 github:
 secret: "secret101"
 - type: "Generic"
 generic:
 secret: "secret101"
 -
 type: "ImageChange"
 source:
 git:
 uri: "https://github.com/xforze/python-test.git"
 strategy:
 dockerStrategy:
 noCache: true
 type: docker
 output:
 to:
 kind: "ImageStreamTag"
 name: "webapp-sample:latest"

Create a new ImageStream:

apiVersion: image.openshift.io/v1
kind: ImageStream
metadata:
 name: webapp-sample

Deploy the Application

apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
 name: webapp-sample
spec:
 replicas: 1
 paused: false
 strategy:
 type: Rolling
 template:
 metadata:
 labels:
 name: webapp-sample
 spec:
 containers:
 - image: >-
 172.30.1.1:5000/my-webapp/webapp-sample:latest
 imagePullPolicy: Always
 name: webapp-sample
 restartPolicy: Always
 triggers:
 - type: ConfigChange
 - imageChangeParams:
 automatic: true
 containerNames:
 - webapp-sample
 from:
 kind: ImageStreamTag
 name: 'webapp-sample:latest'
 lastTriggeredImage: >-
 172.30.1.1:5000/my-webapp/webapp-sample:latest
 type: ImageChange

Create a Service:

apiVersion: v1
kind: Service
metadata:
 name: webapp-sample
spec:
 selector:
 deploymentconfig: webapp-sample
 ports:
 ports:
 - name: web
 port: 8080
 protocol: TCP
 targetPort: 8080

Create a Service with external IP:

apiVersion: v1
kind: Service
metadata:
 name: webapp-sample
spec:
 externalIPs:
 - 192.168.42.132
 ports:
 - port: 8080
 protocol: TCP
 selector:
 deploymentconfig: webapp-sample
 type: LoadBalancer

Add Role to User

title: “Add Role to User”
date: 2020-01-18T09:36:46
slug: add-role-to-user

oc adm policy add-cluster-role-to-user cluster-admin administrator
cluster role "cluster-admin" added: "administrator"

Curl the Api

title: “Curl the Api”
date: 2020-01-18T09:17:25
slug: curl-the-api

Login as Developer:

oc login
Authentication required for https://192.168.42.132:8443 (openshift)
Username: debeloper
Password:
Login successful.

Get the User Token:

oc whoami -t
uVBxWxgBPwa3B\_92d4Avckq974cUIW6BvBFxpdXNLDw

Curl the API:

curl -k https://192.168.42.132:8443/oapi/v1/users -H "Authorization: Bearer uVBxWxgBPwa3B\_92d4Avckq974cUIW6BvBFxpdXNLDw"