OCP Snippets

#tech/snippets

OCP Allowed Image Registries

spec:
  registrySources:
  allowedRegistries:
  - quay.io
  - registry.redhat.io
  - image-registry.openshift-image-registry.svc:5000
  - registry.example.com:5000
  insecureRegistries:
  - registry.ocp.home.lab:8443

Security Context

# Check what scc policy is required
oc get deployment/argocd-redis -o yaml | oc adm policy scc-subject-review -f -

# Create a service account
oc create sa argocd-sa

# Add create service account to SCC
 oc adm policy add-scc-to-user nonroot-v2 -z argocd-sa
 
 # Assign service account to deployment
 oc set sa deploy argocd-redis argocd-sa

OCP OAuth LDAP Configuration

spec:
  identityProviders:
    - ldap:
        attributes:
          email:
            - userPrincipalName
          id:
            - distinguishedName
          name:
            - givenName
          preferredUsername:
            - sAMAccountName
        bindDN: 'CN=ldapadmin,CN=Users,DC=punydev,DC=me'
        bindPassword:
          name: ldap-bind-password-phm6r
        insecure: true
        url: 'ldap://ad.punydev.me:389/dc=punydev,dc=me?sAMAccountName'
      mappingMethod: claim
      name: ActiveDirectory
      type: LDAP

DaemonSet/Deployment Node Env

env:
 - name: WAZUH_MANAGER_IP
   value: 172.18.0.4
 - name: WAZUH_AGENT_NAME
   valueFrom:
     fieldRef:
       apiVersion: v1
       fieldPath: spec.nodeName

Kubernetes Snippets

Use arg and cmd in Deployment

apiVersion: v1
kind: Deployment 
metadata:
  name: command-demo
  labels:
    purpose: demonstrate-command
spec:
  containers:
  - name: command-demo-container
    image: debian
    command: ["/bin/sh"]
    args: ["-c," "sleep infinity"]
  restartPolicy: OnFailure