The tips and notes for the week are included, I hope they help you.
TIP: Check the System Admins on OpenShift
A quick one to find the cluster-admins…
❯ oc --kubeconfig=./openstack-upi/auth/kubeconfig get clusterrolebindings -o json | jq -r '.items[] | select(.metadata.name=="cluster-admins") | .subjects[].name' | sort -u
system:admin
system:cluster-admins
Ref: https://serverfault.com/questions/862728/how-to-list-users-with-role-cluster-admin-in-openshift
Tip: Can I act as kube-admin?
I needed to double check if I could act as kube:admin.
❯ oc --kubeconfig=./openstack-upi/auth/kubeconfig auth can-i create pod -A
yes
Blog Post: Advanced debugging techniques for OpenShift Container Platform on Power
In this blog post, I am showing how to use advanced debugging techniques for OpenShift Container Platform on Power using bpftrace and lsof. This blog post unlocks the steps to debug complicated problems and you can follow these steps to debug the problems in your application or your cluster.
It’s a solid blog on how to do advanced debugging on Red Hat OpenShift Container Platform on IBM Power.
Tip: Double check the payload / architecture type
To double check the Payload loaded in your cluster (amd64, multi, arm64, ppc64le, s390x).
You can run:
# oc get clusterversion version -o json | jq '.status.conditions[] | select(.type == "ReleaseAccepted")'
{
"lastTransitionTime": "2023-04-04T13:27:49Z",
"message": "Payload loaded version=\"4.13.0-rc.2\" image=\"quay.io/openshift-release-dev/ocp-release@sha256:09178ffe61123dbb6df7b91bea11cbdb0bb1168c4150fca712b170dbe4ad13e9\" architecture=\"Multi\"",
"reason": "PayloadLoaded",
"status": "True",
"type": "ReleaseAccepted"
}
Blog Post: Open Source Container images for Power now available in IBM Container Registry
The IBM teams have added support for a variety of Open Source tools, and you can pull them from the ppc64le-oss registry.
The IBM Linux on Power team is pleased to announce that we are centralizing our public open source container images in the IBM Container Registry (ICR). This should assure end users that IBM has authentically built these containers in a secure environment. Formerly, the indicator that a container was built by IBM was that they were in Docker Hub under the ibmcom namespace. The migration to the IBM Container Registry will add clarity to their origin.
https://community.ibm.com/community/user/powerdeveloper/blogs/priya-seth/2023/04/05/open-source-containers-for-power-in-icrmongodb 4.4.18 docker pull icr.io/ppc64le-oss/mongodb-ppc64le:4.4.18 4.4.17 docker pull icr.io/ppc64le-oss/mongodb-ppc64le:4.4.17
Tip: findmnt / sfdisk are super helpful.
Thanks to linode I learned about findmnt
and sfdisk
# Declare native filesystem and reload with partprobe
echo 'type=83' | sfdisk ${storage_device} || partprobe
# Format the disk
mkfs.xfs "${storage_device}1"
# Mount the fs to our storage folder.
mount -t xfs /dev/mapper/mpathb1 /<<Please replace with actual>
# findmnt
TARGET SOURCE FSTYPE OPTIONS
/ /dev/sda3 xfs rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
|-/proc proc proc rw,nosuid,nodev,noexec,relatime
| `-/proc/sys/fs/binfmt_misc systemd-1 autofs rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10696
| `-/proc/sys/fs/binfmt_misc binfmt_misc binfmt_misc rw,nosuid,nodev,noexec,relatime
|-/sys sysfs sysfs rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/kernel/security securityfs securityfs rw,nosuid,nodev,noexec,relatime
| |-/sys/fs/cgroup cgroup2 cgroup2 rw,nosuid,nodev,noexec,relatime,seclabel,nsdelegate,memory_recursiveprot
| |-/sys/fs/pstore pstore pstore rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/fs/bpf none bpf rw,nosuid,nodev,noexec,relatime,mode=700
| |-/sys/fs/selinux selinuxfs selinuxfs rw,nosuid,noexec,relatime
| |-/sys/kernel/tracing tracefs tracefs rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/kernel/debug debugfs debugfs rw,nosuid,nodev,noexec,relatime,seclabel
| |-/sys/kernel/config configfs configfs rw,nosuid,nodev,noexec,relatime
| `-/sys/fs/fuse/connections fusectl fusectl rw,nosuid,nodev,noexec,relatime
|-/dev devtmpfs devtmpfs rw,nosuid,seclabel,size=7779520k,nr_inodes=121555,mode=755,inode64
| |-/dev/shm tmpfs tmpfs rw,nosuid,nodev,seclabel,inode64
| |-/dev/pts devpts devpts rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000
| |-/dev/mqueue mqueue mqueue rw,nosuid,nodev,noexec,relatime,seclabel
| `-/dev/hugepages hugetlbfs hugetlbfs rw,relatime,seclabel,pagesize=16M
|-/run tmpfs tmpfs rw,nosuid,nodev,seclabel,size=3126208k,nr_inodes=819200,mode=755,inode64
| `-/run/user/0 tmpfs tmpfs rw,nosuid,nodev,relatime,seclabel,size=1563072k,nr_inodes=390768,mode=700,inode64
|-/var/lib/nfs/rpc_pipefs rpc_pipefs rpc_pipefs rw,relatime
`-/boot /dev/sdb2 xfs rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
Leave a Reply