Red Hat Summit Red Hat Summitサポートコンソール開発者トライアルの開始お問い合わせ

このコンテンツは選択した言語では利用できません。

Chapter 2. Preparing Resources

2.1. Projects
リンクのコピー

2.1.1. Description of Resource
リンクのコピー

Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In typical clusters, cluster administrators, rather than project administrators, can alter project quotas.

Listing or watching projects will return only projects the user has the reader role on.

An OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the ProjectRequest resource.

2.1.2. Creating a New Project as Administrator
リンクのコピー

2.1.2.1. Request Breakdown
リンクのコピー

Creating a new project as an administrator requires one request:

  1. A POST request to the projects resource.

The POST request to the projects resource uses a Project configuration in the request body.

2.1.2.2. POST Request to Create a New Project
リンクのコピー

Request Header 

curl -k -v \
-X POST \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/projects
Copy to Clipboard Toggle word wrap

Request Body 

apiVersion: v1
kind: Project
metadata:
  name: {$PROJECT_NAME}
Copy to Clipboard Toggle word wrap

2.1.3. Creating a New Project as User
リンクのコピー

2.1.3.1. Request Breakdown
リンクのコピー

Creating a new project as a user requires one request:

  1. A POST request to the projectrequests resource.

The POST request uses a ProjectRequest configuration in the request body.

2.1.3.2. POST Request to Create a New Project
リンクのコピー

Request Header 

curl -k -v \
-X POST \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/projectrequests
Copy to Clipboard Toggle word wrap

Request Body 

apiVersion: v1
kind: ProjectRequest
metadata:
  name: {$PROJECT_NAME}
Copy to Clipboard Toggle word wrap

2.1.4. Listing all Projects in an Environment
リンクのコピー

2.1.4.1. Request Breakdown
リンクのコピー

Listing all the projects in an environment requires one request:

  1. A GET request to the projects resource.

The GET request returns a ProjectList configuration.

2.1.4.2. GET Request to List all Projects
リンクのコピー

Request Header 

curl -k -v \
-X GET \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/projects
Copy to Clipboard Toggle word wrap

2.1.5. Listing a Specific Project
リンクのコピー

2.1.5.1. Request Breakdown
リンクのコピー

Listing the details for a project requires three requests:

  1. A GET request to the project name in the projects resource.
  2. A GET request to the resourcequotas subresource of the project namespace.
  3. A GET request to the limitranges subresource of the project namespace.

These requests return the Project, ResourceQuotaList, and LimitRangeList configurations respectively for the project namespace.

2.1.5.2. GET Request to List the Project Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/projects
Copy to Clipboard Toggle word wrap

2.1.5.3. GET Request to List the ResourceQuotaList Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/resourcequotas
Copy to Clipboard Toggle word wrap

2.1.5.4. GET Request to List the LimitRangeList Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/limitranges
Copy to Clipboard Toggle word wrap

2.1.6. Deleting a Project
リンクのコピー

2.1.6.1. Request Breakdown
リンクのコピー

Deleting a project requires one request:

  1. A DELETE request to the project namespace in the projects resource of the namespace.

The DELETE request returns a code: 200 and the project is deleted.

2.1.6.2. DELETE Request to Delete a Project
リンクのコピー

Request Header 

curl -k -v \
-X DELETE  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/projects/{$PROJECT}
Copy to Clipboard Toggle word wrap

2.2. Service Accounts
リンクのコピー

2.2.1. Description of Resource
リンクのコピー

ServiceAccount binds together:

  • a name, understood by users, and perhaps by peripheral systems, for an identity
  • a principal that can be authenticated and authorized
  • a set of secrets

2.2.2. Creating a New Service Account
リンクのコピー

2.2.2.1. Request Breakdown
リンクのコピー

Creating a new service account requires one request:

  1. A POST request to the serviceaccounts subresource of the namespace.

The POST request uses a ServiceAccount configuration in the request body.

2.2.2.2. POST Request to Create a New Service Account
リンクのコピー

Request Header 

curl -k -v \
-X POST \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts
Copy to Clipboard Toggle word wrap

Request Body 

apiVersion: v1
kind: ServiceAccount
metadata:
  name: {$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

2.2.3. Listing All Service Accounts in an Environment
リンクのコピー

2.2.3.1. Request Breakdown
リンクのコピー

Listing all the service accounts in an environment requires one request:

  1. A GET request to the serviceaccounts resource.

The GET request returns the ServiceAccountList, listing the details of all service accounts in the environment.

2.2.3.2. GET Request to Return All Service Accounts in an Environment
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/serviceaccounts
Copy to Clipboard Toggle word wrap

2.2.4. Listing all Service Accounts in a Namespace
リンクのコピー

2.2.4.1. Request Breakdown
リンクのコピー

Listing all the service accounts in a namespace requires one request:

  1. A GET request to the serviceaccounts subresource of the namespace.

The GET request returns the ServiceAccountList, listing the details of all service accounts in the namespace.

2.2.4.2. GET Request to Return Service Accounts in Namespace
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts
Copy to Clipboard Toggle word wrap

2.2.5. Listing a Specific Service Account Configuration
リンクのコピー

2.2.5.1. Request Breakdown
リンクのコピー

Listing a specific service account configuration requires one request:

  1. A GET request to the service account name in the serviceaccounts subresource of the namespace.

The GET request returns the ServiceAccount configuration for the specified service account.

2.2.5.2. GET Request to Return Specific Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

2.2.6. Adding a Role to a Service Account
リンクのコピー

2.2.6.1. Request Breakdown
リンクのコピー

Adding a role to a service account requires two requests, where the second request type is dependent on the response of the first:

  1. A GET request to the policybindings subresource of the namespace.
  2. A POST request to the rolebindings subresource of the namespace (if the role has not been previously bound to an object in the namespace) +. OR
  3. A PUT request to the role name in the rolebindings subresource of the namespace.

The GET request returns the PolicyBindingList, listing all the RoleBinding configurations in the namespace.

Create a RoleBinding with a POST request to bind an object to a role. Once the role binding exists in the namespace, binding another object to that role requires modification of the RoleBinding with a PUT request.

2.2.6.2. GET Request to Return PolicyBindingList in Namespace
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/namespaces/{$PROJECT}/policybindings
Copy to Clipboard Toggle word wrap

The GET request returns a list of the role bindings that are present in the namespace.

Response Body Snippet 

...
RoleBindings:
  name: {$ROLE}
  roleBinding:
    metadata:
      name: {$ROLE}
      namespace: {$PROJECT}
      uid: {$UID}
      resourceVersion: "{$VERSION_NUMBER}"
    roleRef:
      name: {$ROLE}
    subjects:
    - kind: ServiceAccount
      name: {$SERVICEACCOUNT}
      namespace: {$PROJECT}
    userNames:
    - system:serviceaccount:{$PROJECT}:{$SERVICEACCOUNT}
...
Copy to Clipboard Toggle word wrap

If the intended role is not listed, send a POST request to create the RoleBinding configuration. Include the service account as a subject for the role, and the system:serviceaccount:{$PROJECT}:{$SERVICEACCOUNT} user name that distinguishes the service account.

If the role is listed, as in the response in the example above, update the returned RoleBinding configuration with the subject and userName of the service account being added to the role and send it as a PUT request to the role name in the rolebindings subresource of the namespace.

2.2.6.3. POST Request to Create a RoleBinding in a Namespace
リンクのコピー

Request Header 

curl -k -v \
-X POST \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/namespaces/{$PROJECT}/rolebindings
Copy to Clipboard Toggle word wrap

Request Body 

kind: RoleBinding
metadata:
  name: {$ROLE}
  namespace: {$PROJECT}
roleRef:
  name: {$ROLE}
subjects:
- kind: ServiceAccount
  name: {$SERVICEACCOUNT}
  namespace: {$PROJECT}
userNames:
- system:serviceaccount:{$PROJECT}:{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

2.2.6.4. PUT Request to Add a Service Account to an Existing Role
リンクのコピー

Request Header 

curl -k -v \
-X PUTv \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/oapi/v1/namespaces/{$PROJECT}/rolebindings/{$ROLE}
Copy to Clipboard Toggle word wrap

Request Body 

kind: RoleBinding
metadata:
  name: {$ROLE}
  namespace: {$PROJECT}
  uid: {$UID}
  resourceVersion: "{$VERSION_NUMBER}"
roleRef:
  name: {$ROLE}
subjects:
- kind: ServiceAccount
  name: {$SERVICEACCOUNT}
  namespace: {$PROJECT}
subjects:
- kind: ServiceAccount
  name: {$SERVICEACCOUNT-2}
  namespace: {$PROJECT}
userNames:
- system:serviceaccount:{$PROJECT}:{$SERVICEACCOUNT}
- system:serviceaccount:{$PROJECT}:{$SERVICEACCOUNT-2}
Copy to Clipboard Toggle word wrap

2.2.7. Linking a Secret to a Service Account
リンクのコピー

2.2.7.1. Request Breakdown
リンクのコピー

Linking a secret to a service account requires two requests:

  1. A GET request to the service account name in the serviceaccounts subresource of the namespace.
  2. A PUT request with updated secrets parameter to the service account name in the serviceaccounts subresource of the namespace.

The GET request returns the ServiceAccount configuration.

The PUT request uses the returned ServiceAccount configuration with an updated secrets parameter to include the secret to link to the service account.

2.2.7.2. GET Request to Return Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
...
Copy to Clipboard Toggle word wrap

2.2.7.3. PUT Request to Add Secret to Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X PUT  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
- name: {$SECRET_NAME}
...
Copy to Clipboard Toggle word wrap

2.2.8. Unlinking a Secret from a Service Account
リンクのコピー

2.2.8.1. Request Breakdown
リンクのコピー

Unlinking a secret from a service account requires two requests:

  1. A GET request to the service account name in the serviceaccounts subresource of the namespace.
  2. A PUT request with modified secrets parameter to the service account name in the serviceaccounts subresource of the namespace.

The GET request returns the ServiceAccount configuration.

The PUT request uses the returned ServiceAccount configuration with a modified secrets parameter to unlink the secret from the service account.

2.2.8.2. GET Request to Return Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
- name: {$SECRET_NAME}
...
Copy to Clipboard Toggle word wrap

2.2.8.3. PUT Request to Remove Secret from Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X PUT  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
...
Copy to Clipboard Toggle word wrap

2.2.9. Deleting a Service Account
リンクのコピー

2.2.9.1. Request Breakdown
リンクのコピー

Deleting a service account requires one request:

  1. A DELETE request to the service account name in the serviceaccounts subresource of the namespace.

The DELETE request returns a code: 200 and the service account is deleted.

2.2.9.2. DELETE Request to Delete Service Account
リンクのコピー

Request Header 

curl -k -v \
-X DELETE  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

2.3. Secrets
リンクのコピー

2.3.1. Description of Resource
リンクのコピー

The Secret resource type provides a mechanism to hold sensitive information such as passwords, OpenShift Container Platform client configuration files, dockercfg files, private source repository credentials, and so on. Secrets decouple sensitive content from the pods.

2.3.2. Creating Secrets from File
リンクのコピー

2.3.2.1. Request Breakdown
リンクのコピー

Creating a new secret requires one request:

  1. A POST request to the secrets subresource of the namespace.

The POST request to the secret subresource uses a Secret configuration in the request body.

2.3.2.2. POST Request to Create a New Secret
リンクのコピー

Request Header 

curl -k -v \
-X POST \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/secrets
Copy to Clipboard Toggle word wrap

Request Body 

apiVersion: v1
kind: Secret
metadata:
  name: {$SECRET}
  namespace: {$PROJECT}
data:
  username: ZGVtby11c2Vy
  password: cGFzc3dvcmQ=
  ca.crt: {$BASE64-ENCODED-CERTIFICATE}
type: kubernetes.io/basic-auth
Copy to Clipboard Toggle word wrap
Expand
Table 2.1. data Parameter Descriptions
Parameter NameDescriptionAdditional Notes

{$FILENAME}

Base64-encoded contents of file, where the {$FILENAME} parameter is the plaintext file name

If the file is already encrypted, the type field for the secret needs a value of 'Opaque'. See the example secret configuration for an example.

username

Base64-encoded user name for basic authentication

 

password

Base64-encoded password for the supplied basic authentication user name

 

ca.crt

Base64-encoded contents of certificate file

 

ssh-privatekey

Base64-encoded contents of SSH private key file

 

2.3.3. Listing Secrets in an Environment
リンクのコピー

2.3.3.1. Request Breakdown
リンクのコピー

Listing all the secrets in an environment requires one request:

  1. A GET request to the secrets resource.

The GET request to the secrets resource returns returns the SecretList, listing the details for all secrets in the environment.

2.3.3.2. GET Request to Return All Secrets in an Environment
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/secrets
Copy to Clipboard Toggle word wrap

2.3.4. Listing Secrets in a Namespace
リンクのコピー

2.3.4.1. Request Breakdown
リンクのコピー

Listing all the secrets in a namespace requires one request:

  1. A GET request to the secrets subresource of the namespace.

The GET request to the secrets resource returns the SecretList, listing the details of all secrets in the namespace.

2.3.4.2. GET Request to Return Secrets in Namespace
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/secrets
Copy to Clipboard Toggle word wrap

2.3.5. Listing a Specific Secret Configuration
リンクのコピー

2.3.5.1. Request Breakdown
リンクのコピー

Listing a specific secret configuration requires one request:

  1. A GET request to the secret name in the secrets subresource of the namespace.

The GET request returns the Secret configuration for the specified secret.

2.3.5.2. GET Request to Return Specific Secret Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/secrets/{$SECRET}
Copy to Clipboard Toggle word wrap

2.3.6. Linking a Secret to a Service Account
リンクのコピー

2.3.6.1. Request Breakdown
リンクのコピー

Linking a secret to a service account requires two requests:

  1. A GET request to the service account name in the serviceaccounts subresource of the namespace.
  2. A PUT request with updated secrets parameter to the service account name in the serviceaccounts subresource of the namespace.

The GET request returns the ServiceAccount configuration.

The PUT request uses the returned ServiceAccount configuration with an updated secrets parameter to include the secret to link to the service account.

2.3.6.2. GET Request to Return Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
...
Copy to Clipboard Toggle word wrap

2.3.6.3. PUT Request to Add Secret to Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X PUT  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
- name: {$SECRET_NAME}
...
Copy to Clipboard Toggle word wrap

2.3.7. Unlinking a Secret from a Service Account
リンクのコピー

2.3.7.1. Request Breakdown
リンクのコピー

Unlinking a secret from a service account requires two requests:

  1. A GET request to the service account name in the serviceaccounts subresource of the namespace.
  2. A PUT request with modified secrets parameter to the service account name in the serviceaccounts subresource of the namespace.

The GET request returns the ServiceAccount configuration.

The PUT request uses the returned ServiceAccount configuration with a modified secrets parameter to unlink the secret from the service account.

2.3.7.2. GET Request to Return Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
- name: {$SECRET_NAME}
...
Copy to Clipboard Toggle word wrap

2.3.7.3. PUT Request to Remove Secret from Service Account Configuration
リンクのコピー

Request Header 

curl -k -v \
-X PUT  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

Request Body Snippet 

...
secrets:
- name: {$SERVICEACCOUNT}-token-x4tx5
- name: {$SERVICEACCOUNT}-dockercfg-7qfh6
...
Copy to Clipboard Toggle word wrap

2.3.8. Deleting a Service Account
リンクのコピー

2.3.8.1. Request Breakdown
リンクのコピー

Deleting a service account requires one request:

  1. A DELETE request to the service account name in the serviceaccounts subresource of the namespace.

The DELETE request returns a code: 200 and the service account is deleted.

2.3.8.2. DELETE Request to Delete Service Account
リンクのコピー

Request Header 

curl -k -v \
-X DELETE  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/serviceaccounts/{$SERVICEACCOUNT}
Copy to Clipboard Toggle word wrap

2.3.9. Deleting Secrets
リンクのコピー

2.3.9.1. Request Breakdown
リンクのコピー

Deleting a secret requires one request:

  1. A DELETE request to the secret name in the secret subresource of the namespace.

The *DELETE request returns a code: 200 and the secret is deleted.

2.3.9.2. DELETE Request to Delete Secret
リンクのコピー

Request Header 

curl -k -v \
-X DELETE  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/secrets/{$SECRET}
Copy to Clipboard Toggle word wrap

2.4. Persistent Volumes
リンクのコピー

2.4.1. Description of Resource
リンクのコピー

PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node.

2.4.2. Creating a New Persistent Volume
リンクのコピー

2.4.2.1. Request Breakdown
リンクのコピー

Creating a new persistent volume requires one request:

  1. A POST request to the persistentvolumes resource.

The POST request uses a PersistentVolume configuration in the request body.

2.4.2.2. POST Request to Create a Persistent Volume
リンクのコピー

Request Header 

curl -k -v \
-X POST \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/persistentvolumes
Copy to Clipboard Toggle word wrap

Request Body 

kind: PersistentVolume
metadata:
  name: {$VOLUME}
spec:
  capacity:
    storage: {$SIZE}Gi
  accessModes:
  - ReadWriteMany
  nfs:
    path: {$/STORAGE/FILE/PATH}
    server: {$STORAGE_SERVER_HOSTNAME}
Copy to Clipboard Toggle word wrap

2.4.3. Listing All Persistent Volumes in an Environment
リンクのコピー

2.4.3.1. Request Breakdown
リンクのコピー

Listing all the persistent volumes in an environment requires one request:

  1. A GET request to the persistentvolumes resource.

The GET request returns returns the PersistentVolumeList, listing the details of all persistent volumes in the environment.

2.4.3.2. GET Request to Return All Persistent Volumes in an Environment
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/persistentvolumes
Copy to Clipboard Toggle word wrap

2.4.4. Listing a Specific Persistent Volume Configuration
リンクのコピー

2.4.4.1. Request Breakdown
リンクのコピー

Listing a specific persistent volumes configuration requires one request:

  1. A GET request to the persistent volume name in the persistentvolumes resource.

The GET request returns the PersistentVolume configuration for the specified persistent volume.

2.4.4.2. GET Request to Return Specific Persistent Volume Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/persistentvolumes/{$VOLUME}
Copy to Clipboard Toggle word wrap

2.4.5. Deleting a Persistent Volume
リンクのコピー

2.4.5.1. Request Breakdown
リンクのコピー

Deleting a persistent volume requires one request:

  1. A DELETE request to the persistent volume name in the persistentvolumes resource.

The DELETE request returns a code: 200 and the persistent volume is deleted.

2.4.5.2. DELETE Request to Delete Persistent Volume
リンクのコピー

Request Header 

curl -k -v \
-X DELETE  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/persistentvolumes/{$VOLUME}
Copy to Clipboard Toggle word wrap

2.5. Persistent Volume Claims
リンクのコピー

2.5.1. Description of Resource
リンクのコピー

PersistentVolumeClaim is a user’s request for and claim to a persistent volume.

2.5.2. Creating a New Persistent Volume Claim
リンクのコピー

2.5.2.1. Request Breakdown
リンクのコピー

Creating a new persistent volume claim requires one request:

  1. A POST request to the persistentvolumeclaims subresource of the namespace.

The POST request uses a PersistentVolumeClaim configuration in the request body.

2.5.2.2. POST Request to Create a Persistent Volume Claim
リンクのコピー

Request Header 

curl -k -v \
-X POST \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/persistentvolumeclaims
Copy to Clipboard Toggle word wrap

Request Body 

kind: PersistentVolumeClaim
metadata:
  name: {$CLAIM}
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: {$SIZE}Gi
Copy to Clipboard Toggle word wrap

2.5.3. Listing All Persistent Volume Claims in an Environment
リンクのコピー

2.5.3.1. Request Breakdown
リンクのコピー

Listing all the persistent volume claims in an environment requires one request:

  1. A GET request to the persistentvolumeclaims resource.

The GET request returns the PersistentVolumeClaimList, listing the details of all persistent volume claims in the environment.

2.5.3.2. GET Request to Return All Persistent Volume Claims in an Environment
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/persistentvolumeclaims
Copy to Clipboard Toggle word wrap

2.5.4. Listing all Persistent Volume Claims in a Namespace
リンクのコピー

2.5.4.1. Request Breakdown
リンクのコピー

Listing all the persistent volume claims in a namespace requires one request:

  1. A GET request to the persistentvolumeclaims subresource of the namespace.

The GET request returns the PersistentVolumeClaimList, listing the details of all persistent volume claims in the namespace.

2.5.4.2. GET Request to Return Persistent Volume Claims in Namespace
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/persistentvolumeclaims
Copy to Clipboard Toggle word wrap

2.5.5. Listing a Specific Persistent Volume Claim Configuration
リンクのコピー

2.5.5.1. Request Breakdown
リンクのコピー

Listing a specific persistent volume claim configuration requires one request:

  1. A GET request to the persistent volume claim name in the persistentvolumeclaims subresource of the namespace.

The GET request returns the PersistentVolumeClaim configuration for the specified persistent volume claim.

2.5.5.2. GET Request to Return Specific Persistent Volume Claim Configuration
リンクのコピー

Request Header 

curl -k -v \
-X GET  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/persistentvolumeclaims/{$CLAIM}
Copy to Clipboard Toggle word wrap

2.5.6. Adding a Persistent Volume Claim to an Object
リンクのコピー

Persistent volume claims can be added to objects that have a pod template: deploymentconfigs, replication controllers, and pods. However, you can not change a pod’s volumes once it has been created.

If you alter a volume setting on a deployment config, a deployment will be triggered. Changing a replication controller will not affect running pods.

Adding a persistent volume claim to an object configuration requires two requests:

  1. A GET request to the object name in the {$OBJECT} subresource of the namespace.
  2. A PATCH request with updated field values to the object name in the {$OBJECT} subresource of the namespace.

The GET request is optional as the PATCH request body is not determined by the returned configuration, however it can be useful for preparing the PATCH request body.

The syntax for the PATCH request is the same for both deploymentconfig and replicationcontroller objects.

2.5.6.1. PATCH Request to Add Persistent Volume Claim
リンクのコピー

Note

PATCH requests require JSON formatting.

The following PATCH request example adds a persistent volume claim {$CLAIM}, which is bound to persistent volume {$VOLUME), to deploymentconfig {$DEPLOYMENTCONFIG}. The same PATCH can be applied to a replicationcontroller object with modified target:

Request Header 

curl -k -v \
-X PATCH \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/json" \
-H "Content-Type: text/strategic-merge-patch+json" \
{$OCP_CLUSTER}/oapi/v1/namespaces/{$PROJECT}/deploymentconfig/{$DEPLOYMENTCONFIG}
Copy to Clipboard Toggle word wrap

Request Body 

{
    "spec": {
        "template": {
            "spec": {
                "volumes": [
                    {
                        "name": "{$VOLUME}",
                        "persistentVolumeClaim": {
                            "claimName": "{$CLAIM}"
                        }
                    }
                ]
            }
        }
    }
}
Copy to Clipboard Toggle word wrap

2.5.7. Removing a Persistent Volume Claim from an Object
リンクのコピー

If you alter a volume setting on a deployment config, a deployment will be triggered. Changing a replication controller will not affect running pods.

Removing a persistent volume claim from an object configuration requires two requests:

  1. A GET request to the object name in the {$OBJECT} subresource of the namespace.
  2. A PATCH request with a delete $patch type to the object name in the {$OBJECT} subresource of the namespace.

The GET request is optional as the PATCH request body is not determined by the returned configuration, however it can be useful for preparing the PATCH request body.

The syntax for the PATCH request is the same for both deploymentconfig and replicationcontroller objects.

2.5.7.1. PATCH Request to Add Persistent Volume Claim
リンクのコピー

Note

PATCH requests require JSON formatting.

The following PATCH request example adds a persistent volume claim {$CLAIM}, which is bound to persistent volume {$VOLUME), to deploymentconfig {$DEPLOYMENTCONFIG}. The same PATCH can be applied to a replicationcontroller object with modified target:

Request Header 

curl -k -v \
-X PATCH \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/json" \
-H "Content-Type: text/strategic-merge-patch+json" \
{$OCP_CLUSTER}/oapi/v1/namespaces/{$PROJECT}/deploymentconfig/{$DEPLOYMENTCONFIG}
Copy to Clipboard Toggle word wrap

Request Body 

{
    "spec": {
        "template": {
            "spec": {
                "volumes": [
                    {
                        "$patch": "delete",
                        "name": "{$VOLUME}"
                    }
                ]
            }
        }
    }
}
Copy to Clipboard Toggle word wrap

2.5.8. Deleting a Persistent Volume Claim
リンクのコピー

2.5.8.1. Request Breakdown
リンクのコピー

Deleting a persistent volume claim requires one request:

  1. A DELETE request to the persistent volume claim name in the persistentvolumeclaims subresource of the namespace.

The DELETE request returns a code: 200 and the persistent volume claim is deleted.

2.5.8.2. DELETE Request to Delete Persistent Volume Claim
リンクのコピー

Request Header 

curl -k -v \
-X DELETE  \
-H "Authorization: {$BEARER_TOKEN}" \
-H "Accept: application/yaml" \
-H "Content-Type: application/yaml" \
{$OCP_CLUSTER}/api/v1/namespaces/{$PROJECT}/persistentvolumeclaims/{$CLAIM}
Copy to Clipboard Toggle word wrap
トップに戻る
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2025 Red Hat