OpenShift Template Operations

From NovaOrdis Knowledge Base
Revision as of 23:37, 12 February 2018 by Ovidiu (talk | contribs) (→‎Parameters)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Internal

Template Examples

https://github.com/NovaOrdis/playground/tree/master/openshift/templates

Browse Existing Templates with Web Console

Project -> Add to Project -> Browse Catalog

Get a List of Templates for a Specific Project

oc get templates -n openshift

Look at a Template

oc get -o yaml template <template-name> -n openshift

Edit a Template

oc edit template <template-name> [-n template-namespace]

Create Templates from Existing Objects

oc export all --as-template=<template-name> > <template-file-name>.yaml

Exporting a Deployment Configuration as Template

oc export dc/session-servlet --as-template=novaordis-deployment-configuration > ./novaordis-deployment-configuration.yaml

Other Template Export Examples

oc export ds/logging-fluentd --as-template=daemonset-template

Upload a Template to the Current Project

The following command takes the template declare in file and uploads it "as is" in the namespace, making it available to the project users as a project template. It does not create the objects defined in the template. After creation, the template will be available under templates/<template-name>, where <template-name> is declared in the template as "metadata.name".

oc create -f <template-file.json|yaml>

Creating a Template

https://blog.openshift.com/part-2-creating-a-template-a-technical-walkthrough/

Modify the Template for New Projects

https://docs.openshift.com/container-platform/latest/admin_guide/managing_projects.html#modifying-the-template-for-new-projects

1. Start with the current default project template:

oadm create-bootstrap-project-template -o yaml > new-project-template.yaml

It will produce a file similar to this: default new project template

2. The file content can be modified by adding new objects or modifying existing objects.

3. Once the template has been modified, it must be loaded into the default namespace:

oc create -f ./new-project-template.yaml -n default

The newly created template can then be displayed with:

oc get templates -n default
NAME              DESCRIPTION   PARAMETERS    OBJECTS
project-request                 5 (5 blank)   6

4. Modify master-config.yaml projectRequestTemplate as follows:

...
projectConfig:
  projectRequestTemplate: "default/project-request"
  ...

The "project-request" name comes from the oadm-generated template:

apiVersion: v1
kind: Template
metadata:
  [...]
  name: project-request

"default" is the name of the default project.

5. Restart the master nodes as described here: Master Operations.

6. When a new project request is submitted, the API substitutes the following parameters into the template:

  • PROJECT_NAME: the name of the project. Required.
  • PROJECT_DISPLAYNAME: the display name of the project. May be empty.
  • PROJECT_DESCRIPTION: the description of the project. May be empty.
  • PROJECT_ADMIN_USER: the username of the administrating user.
  • PROJECT_REQUESTING_USER: the username of the requesting user.

Access to the API is granted to user with the "self-provisioner" role and the "self-provisioners" cluster role binding. This role is available to all authenticated users by default.

Use a Template

Apply an Off-Line Template

oc project <target-project>

oc process -f ./template-file.yaml --param SOME_PARAM=something | oc create -f -

Parameters

Parameter that Can Be Overridden in 'generate' Phase

parameters:
- name: PASSWORD 
  value: password
  displayName: A password.
  description: A password.
  required: true
...

The variables can be referred in the template as ${PASSWORD}. The value can be overridden with -p|--param during the oc process phase with:

oc process ... --param PASSWORD=something
oc process ... -p PASSWORD=something

Randomly-Generated Password

...
parameters:
- description: Random password generation.
  displayName: A randomly generated password.
  from: '[a-zA-Z0-9]{16}'
  generate: expression
  name: RANDOMLY_GENERATED_PASSWORD
  required: true
...