Weekly Tips and Notes

The tips and notes for the week are included, I hope they help you.

TIP: Check the System Admins on OpenShift

A quick one to find the cluster-admins…

❯ oc --kubeconfig=./openstack-upi/auth/kubeconfig get clusterrolebindings -o json | jq -r '.items[] | select(.metadata.name=="cluster-admins") | .subjects[].name' | sort -u

Ref: https://serverfault.com/questions/862728/how-to-list-users-with-role-cluster-admin-in-openshift

Tip: Can I act as kube-admin?

I needed to double check if I could act as kube:admin.

❯ oc --kubeconfig=./openstack-upi/auth/kubeconfig auth can-i create pod -A

Ref: https://docs.openshift.com/container-platform/4.12/cli_reference/openshift_cli/developer-cli-commands.html#oc-auth-can-i

Blog Post: Advanced debugging techniques for OpenShift Container Platform on Power

In this blog post, I am showing how to use advanced debugging techniques for OpenShift Container Platform on Power using bpftrace and lsof. This blog post unlocks the steps to debug complicated problems and you can follow these steps to debug the problems in your application or your cluster.

It’s a solid blog on how to do advanced debugging on Red Hat OpenShift Container Platform on IBM Power.

Ref: https://community.ibm.com/community/user/powerdeveloper/blogs/gaurav-bankar/2023/04/04/advanced-debugging-techniques-for-openshift-contai

Tip: Double check the payload / architecture type

To double check the Payload loaded in your cluster (amd64, multi, arm64, ppc64le, s390x).

You can run:

# oc get clusterversion version -o json | jq '.status.conditions[] | select(.type == "ReleaseAccepted")'
  "lastTransitionTime": "2023-04-04T13:27:49Z",
  "message": "Payload loaded version=\"4.13.0-rc.2\" image=\"quay.io/openshift-release-dev/ocp-release@sha256:09178ffe61123dbb6df7b91bea11cbdb0bb1168c4150fca712b170dbe4ad13e9\" architecture=\"Multi\"",
  "reason": "PayloadLoaded",
  "status": "True",
  "type": "ReleaseAccepted"

Blog Post: Open Source Container images for Power now available in IBM Container Registry

The IBM teams have added support for a variety of Open Source tools, and you can pull them from the ppc64le-oss registry.

The IBM Linux on Power team is pleased to announce that we are centralizing our public open source container images in the IBM Container Registry (ICR). This should assure end users that IBM has authentically built these containers in a secure environment. Formerly, the indicator that a container was built by IBM was that they were in Docker Hub under the ibmcom namespace. The migration to the IBM Container Registry will add clarity to their origin.

docker pull icr.io/ppc64le-oss/mongodb-ppc64le:4.4.18
docker pull icr.io/ppc64le-oss/mongodb-ppc64le:4.4.17

Tip: findmnt / sfdisk are super helpful.

Thanks to linode I learned about findmnt and sfdisk

# Declare native filesystem and reload with partprobe
echo 'type=83' | sfdisk ${storage_device} || partprobe

# Format the disk
mkfs.xfs "${storage_device}1"

# Mount the fs to our storage folder.
mount -t xfs /dev/mapper/mpathb1 /<<Please replace with actual>
# findmnt
TARGET                         SOURCE      FSTYPE      OPTIONS
/                              /dev/sda3   xfs         rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|-/proc                        proc        proc        rw,nosuid,nodev,noexec,relatime
| `-/proc/sys/fs/binfmt_misc   systemd-1   autofs      rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10696
|   `-/proc/sys/fs/binfmt_misc binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime
|-/sys                         sysfs       sysfs       rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/kernel/security       securityfs  securityfs  rw,nosuid,nodev,noexec,relatime
| |-/sys/fs/cgroup             cgroup2     cgroup2     rw,nosuid,nodev,noexec,relatime,seclabel,nsdelegate,memory_recursiveprot
| |-/sys/fs/pstore             pstore      pstore      rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/fs/bpf                none        bpf         rw,nosuid,nodev,noexec,relatime,mode=700
| |-/sys/fs/selinux            selinuxfs   selinuxfs   rw,nosuid,noexec,relatime
| |-/sys/kernel/tracing        tracefs     tracefs     rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/kernel/debug          debugfs     debugfs     rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/kernel/config         configfs    configfs    rw,nosuid,nodev,noexec,relatime
| `-/sys/fs/fuse/connections   fusectl     fusectl     rw,nosuid,nodev,noexec,relatime
|-/dev                         devtmpfs    devtmpfs    rw,nosuid,seclabel,size=7779520k,nr_inodes=121555,mode=755,inode64
| |-/dev/shm                   tmpfs       tmpfs       rw,nosuid,nodev,seclabel,inode64
| |-/dev/pts                   devpts      devpts      rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000
| |-/dev/mqueue                mqueue      mqueue      rw,nosuid,nodev,noexec,relatime,seclabel
| `-/dev/hugepages             hugetlbfs   hugetlbfs   rw,relatime,seclabel,pagesize=16M
|-/run                         tmpfs       tmpfs       rw,nosuid,nodev,seclabel,size=3126208k,nr_inodes=819200,mode=755,inode64
| `-/run/user/0                tmpfs       tmpfs       rw,nosuid,nodev,relatime,seclabel,size=1563072k,nr_inodes=390768,mode=700,inode64
|-/var/lib/nfs/rpc_pipefs      rpc_pipefs  rpc_pipefs  rw,relatime
`-/boot                        /dev/sdb2   xfs         rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota







Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.