Red Hat Summit2.8. OpenShift CLI 管理者コマンドリファレンス
このリファレンスは、OpenShift CLI (oc) 管理者コマンドの説明およびコマンド例を示しています。これらのコマンドを使用するには、cluster-admin または同等のパーミッションが必要です。
開発者コマンドは、OpenShift CLI 開発者コマンドリファレンス を参照してください。
oc adm -h を実行して、すべての管理者コマンドを表示するか、oc <command> --help を実行して、特定のコマンドに関する追加情報を取得します。
2.8.1. OpenShift CLI (oc) 管理者コマンド
2.8.1.1. oc adm build-chain
ビルドの入力と依存関係を出力します。
使用例
Build the dependency tree for the 'latest' tag in <image-stream>
# Build the dependency tree for the 'latest' tag in <image-stream>
oc adm build-chain <image-stream>
# Build the dependency tree for the 'v2' tag in dot format and visualize it via the dot utility
oc adm build-chain <image-stream>:v2 -o dot | dot -T svg -o deps.svg
# Build the dependency tree across all namespaces for the specified image stream tag found in the 'test' namespace
oc adm build-chain <image-stream> -n test --all2.8.1.2. oc adm catalog mirror
operator-registry カタログをミラーリングします。
使用例
Mirror an operator-registry image and its contents to a registry
# Mirror an operator-registry image and its contents to a registry
oc adm catalog mirror quay.io/my/image:latest myregistry.com
# Mirror an operator-registry image and its contents to a particular namespace in a registry
oc adm catalog mirror quay.io/my/image:latest myregistry.com/my-namespace
# Mirror to an airgapped registry by first mirroring to files
oc adm catalog mirror quay.io/my/image:latest file:///local/index
oc adm catalog mirror file:///local/index/my/image:latest my-airgapped-registry.com
# Configure a cluster to use a mirrored registry
oc apply -f manifests/imageDigestMirrorSet.yaml
# Edit the mirroring mappings and mirror with "oc image mirror" manually
oc adm catalog mirror --manifests-only quay.io/my/image:latest myregistry.com
oc image mirror -f manifests/mapping.txt
# Delete all ImageDigestMirrorSets generated by oc adm catalog mirror
oc delete imagedigestmirrorset -l operators.openshift.org/catalog=true2.8.1.3. oc adm certificate approve
証明書署名リクエストを承認します。
使用例
Approve CSR 'csr-sqgzp'
# Approve CSR 'csr-sqgzp'
oc adm certificate approve csr-sqgzp2.8.1.4. oc adm certificate deny
証明書署名リクエストを拒否します。
使用例
Deny CSR 'csr-sqgzp'
# Deny CSR 'csr-sqgzp'
oc adm certificate deny csr-sqgzp2.8.1.5. oc adm copy-to-node
指定されたファイルをノードにコピーします。
2.8.1.6. oc adm cordon
ノードにスケジュール対象外 (unschedulable) のマークを付けます。
使用例
Mark node "foo" as unschedulable
# Mark node "foo" as unschedulable
oc adm cordon foo2.8.1.7. oc adm create-bootstrap-project-template
ブートストラッププロジェクトテンプレートを作成します。
使用例
Output a bootstrap project template in YAML format to stdout
# Output a bootstrap project template in YAML format to stdout
oc adm create-bootstrap-project-template -o yaml2.8.1.8. oc adm create-error-template
エラーページのテンプレートを作成します。
使用例
Output a template for the error page to stdout
# Output a template for the error page to stdout
oc adm create-error-template2.8.1.9. oc adm create-login-template
ログインテンプレートを作成します。
使用例
Output a template for the login page to stdout
# Output a template for the login page to stdout
oc adm create-login-template2.8.1.10. oc adm create-provider-selection-template
プロバイダー選択のテンプレートを作成します。
使用例
Output a template for the provider selection page to stdout
# Output a template for the provider selection page to stdout
oc adm create-provider-selection-template2.8.1.11. oc adm drain
ノードをドレイン (解放) してメンテナンスを準備します。
使用例
Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set on it
# Drain node "foo", even if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set on it
oc adm drain foo --force
# As above, but abort if there are pods not managed by a replication controller, replica set, job, daemon set or stateful set, and use a grace period of 15 minutes
oc adm drain foo --grace-period=9002.8.1.12. oc adm groups add-users
ユーザーをグループに追加します。
使用例
Add user1 and user2 to my-group
# Add user1 and user2 to my-group
oc adm groups add-users my-group user1 user22.8.1.13. oc adm groups new
新規グループを作成します。
使用例
Add a group with no users
# Add a group with no users
oc adm groups new my-group
# Add a group with two users
oc adm groups new my-group user1 user2
# Add a group with one user and shorter output
oc adm groups new my-group user1 -o name2.8.1.14. oc adm groups prune
外部プロバイダーから欠落しているレコードを参照する以前の OpenShift グループを削除します。
使用例
Prune all orphaned groups
# Prune all orphaned groups
oc adm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Prune all orphaned groups except the ones from the denylist file
oc adm groups prune --blacklist=/path/to/denylist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Prune all orphaned groups from a list of specific groups specified in an allowlist file
oc adm groups prune --whitelist=/path/to/allowlist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Prune all orphaned groups from a list of specific groups specified in a list
oc adm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm2.8.1.15. oc adm groups remove-users
グループからユーザーを削除します。
使用例
Remove user1 and user2 from my-group
# Remove user1 and user2 from my-group
oc adm groups remove-users my-group user1 user22.8.1.16. oc adm groups sync
OpenShift グループと外部プロバイダーからのレコードを同期します。
使用例
Sync all groups with an LDAP server
# Sync all groups with an LDAP server
oc adm groups sync --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Sync all groups except the ones from the blacklist file with an LDAP server
oc adm groups sync --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Sync specific groups specified in an allowlist file with an LDAP server
oc adm groups sync --whitelist=/path/to/allowlist.txt --sync-config=/path/to/sync-config.yaml --confirm
# Sync all OpenShift groups that have been synced previously with an LDAP server
oc adm groups sync --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Sync specific OpenShift groups if they have been synced previously with an LDAP server
oc adm groups sync groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml --confirm2.8.1.17. oc adm inspect
指定のリソースのデバッグデータを収集します。
使用例
Collect debugging data for the "openshift-apiserver" clusteroperator
# Collect debugging data for the "openshift-apiserver" clusteroperator
oc adm inspect clusteroperator/openshift-apiserver
# Collect debugging data for the "openshift-apiserver" and "kube-apiserver" clusteroperators
oc adm inspect clusteroperator/openshift-apiserver clusteroperator/kube-apiserver
# Collect debugging data for all clusteroperators
oc adm inspect clusteroperator
# Collect debugging data for all clusteroperators and clusterversions
oc adm inspect clusteroperators,clusterversions2.8.1.18. oc adm migrate icsp
imagecontentsourcepolicy ファイルを imagedigestmirrorset ファイルに更新します。
使用例
Update the imagecontentsourcepolicy.yaml file to a new imagedigestmirrorset file under the mydir directory
# Update the imagecontentsourcepolicy.yaml file to a new imagedigestmirrorset file under the mydir directory
oc adm migrate icsp imagecontentsourcepolicy.yaml --dest-dir mydir2.8.1.19. oc adm migrate template-instances
テンプレートインスタンスを更新して、最新の group-version-kinds を参照するようにします。
使用例
Perform a dry-run of updating all objects
# Perform a dry-run of updating all objects
oc adm migrate template-instances
# To actually perform the update, the confirm flag must be appended
oc adm migrate template-instances --confirm2.8.1.20. oc adm must-gather
Pod の新規インスタンスを起動してデバッグ情報を収集します。
使用例
Gather information using the default plug-in image and command, writing into ./must-gather.local.<rand>
# Gather information using the default plug-in image and command, writing into ./must-gather.local.<rand>
oc adm must-gather
# Gather information with a specific local folder to copy to
oc adm must-gather --dest-dir=/local/directory
# Gather audit information
oc adm must-gather -- /usr/bin/gather_audit_logs
# Gather information using multiple plug-in images
oc adm must-gather --image=quay.io/kubevirt/must-gather --image=quay.io/openshift/origin-must-gather
# Gather information using a specific image stream plug-in
oc adm must-gather --image-stream=openshift/must-gather:latest
# Gather information using a specific image, command, and pod directory
oc adm must-gather --image=my/image:tag --source-dir=/pod/directory -- myspecial-command.sh2.8.1.21. oc adm new-project
新規プロジェクトを作成します。
使用例
Create a new project using a node selector
# Create a new project using a node selector
oc adm new-project myproject --node-selector='type=user-node,region=east'2.8.1.22. oc adm node-logs
ノードのログを表示し、フィルターします。
使用例
Show kubelet logs from all masters
# Show kubelet logs from all masters
oc adm node-logs --role master -u kubelet
# See what logs are available in masters in /var/log
oc adm node-logs --role master --path=/
# Display cron log file from all masters
oc adm node-logs --role master --path=cron2.8.1.23. oc adm ocp-certificates monitor-certificates
プラットフォーム証明書を監視します。
使用例
Watch platform certificates.
# Watch platform certificates.
oc adm ocp-certificates monitor-certificates2.8.1.24. oc adm ocp-certificates regenerate-leaf
OpenShift クラスターのクライアント証明書とサービング証明書を再生成する
2.8.1.25. oc adm ocp-certificates regenerate-machine-config-server-serving-cert
OpenShift クラスターで Machine Config Operator 証明書を再生成する
2.8.1.26. oc adm ocp-certificates regenerate-top-level
OpenShift クラスター内のトップレベルの証明書を再生成する
2.8.1.27. oc adm ocp-certificates remove-old-trust
OpenShift クラスター内のプラットフォーム信頼バンドルを表す ConfigMap から古い CA を削除する
使用例
Remove only CA certificates created before a certain date from all trust bundles
# Remove only CA certificates created before a certain date from all trust bundles
oc adm ocp-certificates remove-old-trust configmaps -A --all --created-before 2023-06-05T14:44:06Z2.8.1.28. oc adm ocp-certificates update-ignition-ca-bundle-for-machine-config-server
更新された MCO 証明書を使用するように OpenShift クラスター内のユーザーデータシークレットを更新する
使用例
Regenerate the MCO certs without modifying user-data secrets
# Regenerate the MCO certs without modifying user-data secrets
oc adm certificates regenerate-machine-config-server-serving-cert --update-ignition=false
# Update the user-data secrets to use new MCS certs
oc adm certificates update-ignition-ca-bundle-for-machine-config-server2.8.1.29. oc adm pod-network isolate-projects
プロジェクトネットワークを分離します。
使用例
Provide isolation for project p1
# Provide isolation for project p1
oc adm pod-network isolate-projects <p1>
# Allow all projects with label name=top-secret to have their own isolated project network
oc adm pod-network isolate-projects --selector='name=top-secret'2.8.1.30. oc adm pod-network join-projects
プロジェクトネットワークに参加します。
使用例
Allow project p2 to use project p1 network
# Allow project p2 to use project p1 network
oc adm pod-network join-projects --to=<p1> <p2>
# Allow all projects with label name=top-secret to use project p1 network
oc adm pod-network join-projects --to=<p1> --selector='name=top-secret'2.8.1.31. oc adm pod-network make-projects-global
プロジェクトネットワークをグローバルにします。
使用例
Allow project p1 to access all pods in the cluster and vice versa
# Allow project p1 to access all pods in the cluster and vice versa
oc adm pod-network make-projects-global <p1>
# Allow all projects with label name=share to access all pods in the cluster and vice versa
oc adm pod-network make-projects-global --selector='name=share'2.8.1.32. oc adm policy add-role-to-user
現在のプロジェクトのユーザーまたはサービスアカウントをロールに追加します。
使用例
Add the 'view' role to user1 for the current project
# Add the 'view' role to user1 for the current project
oc adm policy add-role-to-user view user1
# Add the 'edit' role to serviceaccount1 for the current project
oc adm policy add-role-to-user edit -z serviceaccount12.8.1.33. oc adm policy add-scc-to-group
Security Context Constraint オブジェクトをグループに追加します。
使用例
Add the 'restricted' security context constraint to group1 and group2
# Add the 'restricted' security context constraint to group1 and group2
oc adm policy add-scc-to-group restricted group1 group22.8.1.34. oc adm policy add-scc-to-user
Security Context Constraint をユーザーまたはサービスアカウントに追加します。
使用例
Add the 'restricted' security context constraint to user1 and user2
# Add the 'restricted' security context constraint to user1 and user2
oc adm policy add-scc-to-user restricted user1 user2
# Add the 'privileged' security context constraint to serviceaccount1 in the current namespace
oc adm policy add-scc-to-user privileged -z serviceaccount12.8.1.35. oc adm policy scc-review
Pod を作成できるサービスアカウントを確認します。
使用例
Check whether service accounts sa1 and sa2 can admit a pod with a template pod spec specified in my_resource.yaml
# Check whether service accounts sa1 and sa2 can admit a pod with a template pod spec specified in my_resource.yaml
# Service Account specified in myresource.yaml file is ignored
oc adm policy scc-review -z sa1,sa2 -f my_resource.yaml
# Check whether service accounts system:serviceaccount:bob:default can admit a pod with a template pod spec specified in my_resource.yaml
oc adm policy scc-review -z system:serviceaccount:bob:default -f my_resource.yaml
# Check whether the service account specified in my_resource_with_sa.yaml can admit the pod
oc adm policy scc-review -f my_resource_with_sa.yaml
# Check whether the default service account can admit the pod; default is taken since no service account is defined in myresource_with_no_sa.yaml
oc adm policy scc-review -f myresource_with_no_sa.yaml2.8.1.36. oc adm policy scc-subject-review
ユーザーまたはサービスアカウントが Pod を作成できるかどうかを確認します。
使用例
Check whether user bob can create a pod specified in myresource.yaml
# Check whether user bob can create a pod specified in myresource.yaml
oc adm policy scc-subject-review -u bob -f myresource.yaml
# Check whether user bob who belongs to projectAdmin group can create a pod specified in myresource.yaml
oc adm policy scc-subject-review -u bob -g projectAdmin -f myresource.yaml
# Check whether a service account specified in the pod template spec in myresourcewithsa.yaml can create the pod
oc adm policy scc-subject-review -f myresourcewithsa.yaml2.8.1.37. oc adm prune builds
以前の完了済みおよび失敗したビルドを削除します。
使用例
Dry run deleting older completed and failed builds and also including
# Dry run deleting older completed and failed builds and also including
# all builds whose associated build config no longer exists
oc adm prune builds --orphans
# To actually perform the prune operation, the confirm flag must be appended
oc adm prune builds --orphans --confirm2.8.1.38. oc adm prune deployments
以前の完了済みおよび失敗したデプロイメント設定を削除します。
使用例
Dry run deleting all but the last complete deployment for every deployment config
# Dry run deleting all but the last complete deployment for every deployment config
oc adm prune deployments --keep-complete=1
# To actually perform the prune operation, the confirm flag must be appended
oc adm prune deployments --keep-complete=1 --confirm2.8.1.39. oc adm prune groups
外部プロバイダーから欠落しているレコードを参照する以前の OpenShift グループを削除します。
使用例
Prune all orphaned groups
# Prune all orphaned groups
oc adm prune groups --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Prune all orphaned groups except the ones from the denylist file
oc adm prune groups --blacklist=/path/to/denylist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Prune all orphaned groups from a list of specific groups specified in an allowlist file
oc adm prune groups --whitelist=/path/to/allowlist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm
# Prune all orphaned groups from a list of specific groups specified in a list
oc adm prune groups groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm2.8.1.40. oc adm prune images
参照されていないイメージを削除します。
使用例
See what the prune command would delete if only images and their referrers were more than an hour old
# See what the prune command would delete if only images and their referrers were more than an hour old
# and obsoleted by 3 newer revisions under the same tag were considered
oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m
# To actually perform the prune operation, the confirm flag must be appended
oc adm prune images --keep-tag-revisions=3 --keep-younger-than=60m --confirm
# See what the prune command would delete if we are interested in removing images
# exceeding currently set limit ranges ('openshift.io/Image')
oc adm prune images --prune-over-size-limit
# To actually perform the prune operation, the confirm flag must be appended
oc adm prune images --prune-over-size-limit --confirm
# Force the insecure HTTP protocol with the particular registry host name
oc adm prune images --registry-url=http://registry.example.org --confirm
# Force a secure connection with a custom certificate authority to the particular registry host name
oc adm prune images --registry-url=registry.example.org --certificate-authority=/path/to/custom/ca.crt --confirm2.8.1.41. oc adm reboot-machine-config-pool
指定された MachineConfigPool の再起動を開始します。
使用例
Reboot all MachineConfigPools
# Reboot all MachineConfigPools
oc adm reboot-machine-config-pool mcp/worker mcp/master
# Reboot all MachineConfigPools that inherit from worker. This include all custom MachineConfigPools and infra.
oc adm reboot-machine-config-pool mcp/worker
# Reboot masters
oc adm reboot-machine-config-pool mcp/master2.8.1.42. oc adm release extract
更新ペイロードの内容をディスクに抽出します。
使用例
Use git to check out the source code for the current cluster release to DIR
# Use git to check out the source code for the current cluster release to DIR
oc adm release extract --git=DIR
# Extract cloud credential requests for AWS
oc adm release extract --credentials-requests --cloud=aws
# Use git to check out the source code for the current cluster release to DIR from linux/s390x image
# Note: Wildcard filter is not supported; pass a single os/arch to extract
oc adm release extract --git=DIR quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x2.8.1.43. oc adm release info
リリースに関する情報を表示します。
使用例
Show information about the cluster's current release
# Show information about the cluster's current release
oc adm release info
# Show the source code that comprises a release
oc adm release info 4.11.2 --commit-urls
# Show the source code difference between two releases
oc adm release info 4.11.0 4.11.2 --commits
# Show where the images referenced by the release are located
oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --pullspecs
# Show information about linux/s390x image
# Note: Wildcard filter is not supported; pass a single os/arch to extract
oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.2 --filter-by-os=linux/s390x2.8.1.44. oc adm release mirror
リリースを別のイメージレジストリーの場所にミラーリングします。
使用例
Perform a dry run showing what would be mirrored, including the mirror objects
# Perform a dry run showing what would be mirrored, including the mirror objects
oc adm release mirror 4.11.0 --to myregistry.local/openshift/release \
--release-image-signature-to-dir /tmp/releases --dry-run
# Mirror a release into the current directory
oc adm release mirror 4.11.0 --to file://openshift/release \
--release-image-signature-to-dir /tmp/releases
# Mirror a release to another directory in the default location
oc adm release mirror 4.11.0 --to-dir /tmp/releases
# Upload a release from the current directory to another server
oc adm release mirror --from file://openshift/release --to myregistry.com/openshift/release \
--release-image-signature-to-dir /tmp/releases
# Mirror the 4.11.0 release to repository registry.example.com and apply signatures to connected cluster
oc adm release mirror --from=quay.io/openshift-release-dev/ocp-release:4.11.0-x86_64 \
--to=registry.example.com/your/repository --apply-release-image-signature2.8.1.45. oc adm release new
新しい OpenShift リリースを作成します。
使用例
Create a release from the latest origin images and push to a DockerHub repository
# Create a release from the latest origin images and push to a DockerHub repository
oc adm release new --from-image-stream=4.11 -n origin --to-image docker.io/mycompany/myrepo:latest
# Create a new release with updated metadata from a previous release
oc adm release new --from-release registry.ci.openshift.org/origin/release:v4.11 --name 4.11.1 \
--previous 4.11.0 --metadata ... --to-image docker.io/mycompany/myrepo:latest
# Create a new release and override a single image
oc adm release new --from-release registry.ci.openshift.org/origin/release:v4.11 \
cli=docker.io/mycompany/cli:latest --to-image docker.io/mycompany/myrepo:latest
# Run a verification pass to ensure the release can be reproduced
oc adm release new --from-release registry.ci.openshift.org/origin/release:v4.112.8.1.46. oc adm restart-kubelet
指定されたノードで kubelet を再起動します
2.8.1.47. oc adm taint
1 つ以上のノードでテイントを更新します。
使用例
Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'
# Update node 'foo' with a taint with key 'dedicated' and value 'special-user' and effect 'NoSchedule'
# If a taint with that key and effect already exists, its value is replaced as specified
oc adm taint nodes foo dedicated=special-user:NoSchedule
# Remove from node 'foo' the taint with key 'dedicated' and effect 'NoSchedule' if one exists
oc adm taint nodes foo dedicated:NoSchedule-
# Remove from node 'foo' all the taints with key 'dedicated'
oc adm taint nodes foo dedicated-
# Add a taint with key 'dedicated' on nodes having label mylabel=X
oc adm taint node -l myLabel=X dedicated=foo:PreferNoSchedule
# Add to node 'foo' a taint with key 'bar' and no value
oc adm taint nodes foo bar:NoSchedule2.8.1.48. oc adm top images
イメージの使用状況の統計を表示します。
使用例
Show usage statistics for images
# Show usage statistics for images
oc adm top images2.8.1.49. oc adm top imagestreams
イメージストリームの使用状況の統計を表示します。
使用例
Show usage statistics for image streams
# Show usage statistics for image streams
oc adm top imagestreams2.8.1.50. oc adm top node
ノードのリソース (CPU/メモリー) の使用状況を表示します。
使用例
Show metrics for all nodes
# Show metrics for all nodes
oc adm top node
# Show metrics for a given node
oc adm top node NODE_NAME2.8.1.51. oc adm top pod
Pod のリソース (CPU/メモリー) の使用状況を表示します。
使用例
Show metrics for all pods in the default namespace
# Show metrics for all pods in the default namespace
oc adm top pod
# Show metrics for all pods in the given namespace
oc adm top pod --namespace=NAMESPACE
# Show metrics for a given pod and its containers
oc adm top pod POD_NAME --containers
# Show metrics for the pods defined by label name=myLabel
oc adm top pod -l name=myLabel2.8.1.52. oc adm uncordon
ノードにスケジュール対象 (schedulable) のマークを付けます。
使用例
Mark node "foo" as schedulable
# Mark node "foo" as schedulable
oc adm uncordon foo2.8.1.53. oc adm upgrade
クラスターをアップグレードするか、アップグレードチャネルを調整する
使用例
View the update status and available cluster updates
# View the update status and available cluster updates
oc adm upgrade
# Update to the latest version
oc adm upgrade --to-latest=true2.8.1.54. oc adm verify-image-signature
イメージ署名に含まれるイメージ ID を確認します。
使用例
Verify the image signature and identity using the local GPG keychain
# Verify the image signature and identity using the local GPG keychain
oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \
--expected-identity=registry.local:5000/foo/bar:v1
# Verify the image signature and identity using the local GPG keychain and save the status
oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \
--expected-identity=registry.local:5000/foo/bar:v1 --save
# Verify the image signature and identity via exposed registry route
oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 \
--expected-identity=registry.local:5000/foo/bar:v1 \
--registry-url=docker-registry.foo.com
# Remove all signature verifications from the image
oc adm verify-image-signature sha256:c841e9b64e4579bd56c794bdd7c36e1c257110fd2404bebbb8b613e4935228c4 --remove-all2.8.1.55. oc adm wait-for-node-reboot
oc adm reboot-machine-config-pool の実行後、ノードが再起動するまで待ちます。
使用例
Wait for all nodes to complete a requested reboot from 'oc adm reboot-machine-config-pool mcp/worker mcp/master'
# Wait for all nodes to complete a requested reboot from 'oc adm reboot-machine-config-pool mcp/worker mcp/master'
oc adm wait-for-node-reboot nodes --all
# Wait for masters to complete a requested reboot from 'oc adm reboot-machine-config-pool mcp/master'
oc adm wait-for-node-reboot nodes -l node-role.kubernetes.io/master
# Wait for masters to complete a specific reboot
oc adm wait-for-node-reboot nodes -l node-role.kubernetes.io/master --reboot-number=42.8.1.56. oc adm wait-for-stable-cluster
プラットフォーム Operator が安定するまで待機します。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}