This page is where I put the commands and script-fu that I tend to use most often for OpenShift 3 (Kubernetes/Docker). Originally written to aid my poor memory, but shared here in case you find it useful.

BTW, OpenShift is an awesome platform. If you haven’t tried it out yet, you can:

NB: This is a living page, regularly updated - so if you have any commands you’d like to suggest, please add them in the comments. Thankyou!

Getting started

Start a simple local all-in-one OpenShift cluster with a configured registry, router, image streams, and default templates:

oc cluster up

Working with objects

Copy an object from another project into the current project (e.g. a BuildConfig, DeploymentConfig, etc.):

oc export bc/your-bc-name -n otherproject -o json | oc create -f -


Start a build and follow (tail) the log onscreen:

oc start-build your-build-name --follow

Add a trigger to a build, on completion of another build (e.g. if the build pushes to the ImageStreamTag my-build:latest):

oc set trigger bc/my-build-after --from-image=my-build:latest


Create an image stream:

oc create is your-image-stream-name

Import an image from an external registry:

oc import-image -n openshift jboss-amq-62:1.3 --confirm

Grant permissions for a build to pull an image from another project:

oc policy add-role-to-user system:image-puller system:serviceaccount:yourbuildproject:builder -n namespace-to-pull-from


Create a new secret for a build, where the source is located in a Git repository that requires authentication:

oc secrets new-basicauth gitsecret --username=jsmith --password=secret
oc secrets link sa/builder secret/gitsecret

JBoss Middleware for OpenShift

JBoss Fuse, AMQ, EAP. All the lush things.

Install the JBoss middleware image streams:

oc create -f -n openshift

Install one of the JBoss middleware templates to allow you to create AMQ, EAP, etc instances, from the web console or CLI:

oc create -f -n openshift

Create a new app using one of the templates, and download dependencies from a local Maven mirror, instead of Maven Central:

oc new-app jboss-webserver30-tomcat8-openshift~ -e MAVEN_MIRROR_URL=

Integrated Docker registry

Verify that the registry is up and running in the default project:

oc get all -n default

Find the IP address of the Docker registry (by showing all services in the default project):

oc get svc -n default

Redeploy the integrated Docker registry:

oc deploy docker-registry --retry


The oc command line tool

(Windows) Tell OC to use your local C: drive as the location for its .kube config file. Useful in environments where your home drive is set to a network drive, or your .kube config file is otherwise inaccessible:

set KUBECONFIG=C:\Users\username\.kube\config

Or use these:

set HOMEPATH=C:\Users\username

The all-in-one cluster (oc cluster up)

The all-in-one cluster is a local OpenShift cluster on a single machine, incorporating a registry, router, image streams and default templates. All of these run as (Docker) containers.

See all OpenShift infrastructure containers (e.g. registry, router, etc) running on your workstation:

docker ps

Open a terminal in the origin container (where the all-in-one OpenShift server is located):

docker exec -it origin bash

View logs from the origin container:

docker logs origin

View the master-config file in the origin container:

docker exec -it origin cat /var/lib/origin/openshift.local.config/master/master-config.yaml

Edit the master-config file, when using the oc-cluster wrapper utility:

vim ~/.oc/profiles/[profile-name]/config/master/master-config.yml

List the kube utils that are available in the origin container:

# docker exec origin ls /usr/bin | grep kube

Problems and solutions

Q. My computer starts burning up and/or running out of RAM. Also, Java containers are hanging on startup.

General debugging

If something’s not working, or not deploying:

oc status -v

If something’s still not working:

oc get events

Changing the log level of a build:

oc set env bc/my-build-name BUILD_LOGLEVEL=[1-5]

Problems pulling images? Check the integrated Docker registry logs:

oc logs docker-registry-n-{xxxxx} -n default | less

Administration and security

Grant the admin user permissions to administer the cluster (e.g. to create a PersistentVolume):

oc adm policy add-cluster-role-to-user cluster-admin admin

Grant edit permissions in the current namespace to the service account called jenkins:

oc policy add-role-to-user edit -z jenkins

Check which users can perform a certain action (useful e.g. when debugging why Jenkins can’t create slave pods):

oc policy who-can create pod

Bonus section: Docker!

Delete all exited Docker containers:

docker rm $(docker ps -aq)

View the size of the Docker storage file (Docker for Mac):

du -h -d 1 ~/Library/Containers/com.docker.docker