Operator Install Plan
# Find which IP need approval
oc get ip -n my-project -o=jsonpath='{.items[?(@.spec.approved==false)].metadata.name}'
# Batch approve all IPs
oc patch installplan $(oc get ip -n my-project-o=jsonpath='{.items[?(@.spec.approved==false)].metadata.name}') -n my-project --type merge --patch '{"spec":{"approved":true}}'
RBAC
A ClusterRole|Role defines a set of permissions and where it is available, in the whole cluster or just a single Namespace.
A ClusterRoleBinding|RoleBinding connects a set of permissions with an account and defines where it is applied, in the whole cluster or just a single Namespace.
Because of this there are 4 different RBAC combinations and 3 valid ones:
Role + RoleBinding (available in single Namespace, applied in single Namespace)
ClusterRole + ClusterRoleBinding (available cluster-wide, applied cluster-wide)
ClusterRole + RoleBinding (available cluster-wide, applied in single Namespace)
Role + ClusterRoleBinding (NOT POSSIBLE: available in single Namespace, applied cluster-wide)
Etcd Snapshot & Restore
export ETCDCTL_API=3
etcdctl snapshot save --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --endpoints=127.0.0.1:2379 /opt/etcd-backup.db
etcdctl --data-dir=/root/etcd-from-backup --endpoints=https://172.0.0.8:2379 \
--cert=/root/kubernetes/pki/etcd/server.crt \
--key=/root/kubernetes/pki/etcd/server.key \
--cacert=/root/kubernetes/pki/etcd/ca.crt \
snapshot restore /opt/etcd-backup.db