OpenShift Template Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Browse Existing Templates with Web Console

Project -> Add to Project -> Browse Catalog

Get a List of Templates for a Specific Project

oc get templates -n openshift

Create Templates from Existing Objects

oc export all --as-template=<template-name> <template-file-name>

Upload a Template to the Current Project

oc create -f <template-file.json|yaml>

Creating a Template

https://blog.openshift.com/part-2-creating-a-template-a-technical-walkthrough/

Modify the Template for New Projects

https://docs.openshift.com/container-platform/latest/admin_guide/managing_projects.html#modifying-the-template-for-new-projects

1. Start with the current default project template:

oadm create-bootstrap-project-template -o yaml > new-project-template.yaml

It will produce a file similar to this: default new project template

2. The file content can be modified by adding new objects or modifying existing objects.

3. Once the template has been modified, it must be loaded into the default namespace:

oc create -f ./new-project-template.yaml -n default

The newly created template can then be displayed with:

oc get templates -n default
NAME              DESCRIPTION   PARAMETERS    OBJECTS
project-request                 5 (5 blank)   6

4. Modify master-config.yaml projectRequestTemplate as follows:

...
projectConfig:
  projectRequestTemplate: "default/project-request"
  ...

The "project-request" name comes from the oadm-generated template:

apiVersion: v1
kind: Template
metadata:
  [...]
  name: project-request

"default" is the name of the default project.

5. Restart the master nodes as described here: Master Operations.

6. When a new project request is submitted, the API substitutes the following parameters into the template:

  • PROJECT_NAME: the name of the project. Required.
  • PROJECT_DISPLAYNAME: the display name of the project. May be empty.
  • PROJECT_DESCRIPTION: the description of the project. May be empty.
  • PROJECT_ADMIN_USER: the username of the administrating user.
  • PROJECT_REQUESTING_USER: the username of the requesting user.

Access to the API is granted to user with the "self-provisioner" role and the "self-provisioners" cluster role binding. This role is available to all authenticated users by default.

Use a Template

Apply an Off-Line Template

oc project <target-project>

oc process -f ./template-file.yaml --param SOME_PARAM=something | oc create -f -

Generate a Random Password

...
parameters:
- description: Random password generation.
  displayName: A randomly generated password.
  from: '[a-zA-Z0-9]{16}'
  generate: expression
  name: RANDOMLY_GENERATED_PASSWORD
  required: true
...