Bartosz Bierkowski - Low dose cloud

OpenShift CLI Morsels: access all api objects

When learning about OpenShift, it is good to know what kind of resources you can access. I mentioned earlier listing all objects and types, but you can actually access many more api objects using just the oc client.

I found a command displaying all the APIs accessible from oc.

First one displays all cluster level resources and the second one namespaced resources.

oc api-resources --namespaced=false

NAME                               SHORTNAMES     APIGROUP                                NAMESPACED   KIND
componentstatuses                  cs                                                     false        ComponentStatus
namespaces                         ns                                                     false        Namespace
nodes                              no                                                     false        Node
persistentvolumes                  pv                                                     false        PersistentVolume
mutatingwebhookconfigurations                     admissionregistration.k8s.io            false        MutatingWebhookConfiguration
validatingwebhookconfigurations                   admissionregistration.k8s.io            false        ValidatingWebhookConfiguration
customresourcedefinitions          crd,crds       apiextensions.k8s.io                    false        CustomResourceDefinition
apiservices                                       apiregistration.k8s.io                  false        APIService
tokenreviews                                      authentication.k8s.io                   false        TokenReview
selfsubjectaccessreviews                          authorization.k8s.io                    false        SelfSubjectAccessReview
selfsubjectrulesreviews                           authorization.k8s.io                    false        SelfSubjectRulesReview
subjectaccessreviews                              authorization.k8s.io                    false        SubjectAccessReview
clusterrolebindings                               authorization.openshift.io              false        ClusterRoleBinding
clusterroles                                      authorization.openshift.io              false        ClusterRole
resourceaccessreviews                             authorization.openshift.io              false        ResourceAccessReview
subjectaccessreviews                              authorization.openshift.io              false        SubjectAccessReview
certificatesigningrequests         csr            certificates.k8s.io                     false        CertificateSigningRequest
podsecuritypolicies                psp            extensions                              false        PodSecurityPolicy
images                                            image.openshift.io                      false        Image
imagesignatures                                   image.openshift.io                      false        ImageSignature
clusternetworks                                   network.openshift.io                    false        ClusterNetwork
hostsubnets                                       network.openshift.io                    false        HostSubnet
netnamespaces                                     network.openshift.io                    false        NetNamespace
oauthaccesstokens                                 oauth.openshift.io                      false        OAuthAccessToken
oauthauthorizetokens                              oauth.openshift.io                      false        OAuthAuthorizeToken
oauthclientauthorizations                         oauth.openshift.io                      false        OAuthClientAuthorization
oauthclients                                      oauth.openshift.io                      false        OAuthClient
podsecuritypolicies                psp            policy                                  false        PodSecurityPolicy
projectrequests                                   project.openshift.io                    false        ProjectRequest
projects                                          project.openshift.io                    false        Project
clusterresourcequotas              clusterquota   quota.openshift.io                      false        ClusterResourceQuota
clusterrolebindings                               rbac.authorization.k8s.io               false        ClusterRoleBinding
clusterroles                                      rbac.authorization.k8s.io               false        ClusterRole
priorityclasses                    pc             scheduling.k8s.io                       false        PriorityClass
rangeallocations                                  security.openshift.io                   false        RangeAllocation
securitycontextconstraints         scc            security.openshift.io                   false        SecurityContextConstraints
servicecertsigneroperatorconfigs                  servicecertsigner.config.openshift.io   false        ServiceCertSignerOperatorConfig
storageclasses                     sc             storage.k8s.io                          false        StorageClass
volumeattachments                                 storage.k8s.io                          false        VolumeAttachment
brokertemplateinstances                           template.openshift.io                   false        BrokerTemplateInstance
groups                                            user.openshift.io                       false        Group
identities                                        user.openshift.io                       false        Identity
useridentitymappings                              user.openshift.io                       false        UserIdentityMapping
users                                             user.openshift.io                       false        User
openshiftwebconsoleconfigs                        webconsole.operator.openshift.io        false        OpenShiftWebConsoleConfig
oc api-resources --namespaced=true

NAME                                  SHORTNAMES   APIGROUP                     NAMESPACED   KIND
bindings                                                                        true         Binding
configmaps                            cm                                        true         ConfigMap
endpoints                             ep                                        true         Endpoints
events                                ev                                        true         Event
limitranges                           limits                                    true         LimitRange
persistentvolumeclaims                pvc                                       true         PersistentVolumeClaim
pods                                  po                                        true         Pod
podtemplates                                                                    true         PodTemplate
replicationcontrollers                rc                                        true         ReplicationController
resourcequotas                        quota                                     true         ResourceQuota
secrets                                                                         true         Secret
serviceaccounts                       sa                                        true         ServiceAccount
services                              svc                                       true         Service
controllerrevisions                                apps                         true         ControllerRevision
daemonsets                            ds           apps                         true         DaemonSet
deployments                           deploy       apps                         true         Deployment
replicasets                           rs           apps                         true         ReplicaSet
statefulsets                          sts          apps                         true         StatefulSet
deploymentconfigs                     dc           apps.openshift.io            true         DeploymentConfig
localsubjectaccessreviews                          authorization.k8s.io         true         LocalSubjectAccessReview
localresourceaccessreviews                         authorization.openshift.io   true         LocalResourceAccessReview
localsubjectaccessreviews                          authorization.openshift.io   true         LocalSubjectAccessReview
rolebindingrestrictions                            authorization.openshift.io   true         RoleBindingRestriction
rolebindings                                       authorization.openshift.io   true         RoleBinding
roles                                              authorization.openshift.io   true         Role
selfsubjectrulesreviews                            authorization.openshift.io   true         SelfSubjectRulesReview
subjectrulesreviews                                authorization.openshift.io   true         SubjectRulesReview
horizontalpodautoscalers              hpa          autoscaling                  true         HorizontalPodAutoscaler
cronjobs                              cj           batch                        true         CronJob
jobs                                               batch                        true         Job
buildconfigs                          bc           build.openshift.io           true         BuildConfig
builds                                             build.openshift.io           true         Build
events                                ev           events.k8s.io                true         Event
daemonsets                            ds           extensions                   true         DaemonSet
deployments                           deploy       extensions                   true         Deployment
ingresses                             ing          extensions                   true         Ingress
networkpolicies                       netpol       extensions                   true         NetworkPolicy
replicasets                           rs           extensions                   true         ReplicaSet
imagestreamimages                     isimage      image.openshift.io           true         ImageStreamImage
imagestreamimports                                 image.openshift.io           true         ImageStreamImport
imagestreammappings                                image.openshift.io           true         ImageStreamMapping
imagestreams                          is           image.openshift.io           true         ImageStream
imagestreamtags                       istag        image.openshift.io           true         ImageStreamTag
egressnetworkpolicies                              network.openshift.io         true         EgressNetworkPolicy
networkpolicies                       netpol       networking.k8s.io            true         NetworkPolicy
poddisruptionbudgets                  pdb          policy                       true         PodDisruptionBudget
appliedclusterresourcequotas                       quota.openshift.io           true         AppliedClusterResourceQuota
rolebindings                                       rbac.authorization.k8s.io    true         RoleBinding
roles                                              rbac.authorization.k8s.io    true         Role
routes                                             route.openshift.io           true         Route
podsecuritypolicyreviews                           security.openshift.io        true         PodSecurityPolicyReview
podsecuritypolicyselfsubjectreviews                security.openshift.io        true         PodSecurityPolicySelfSubjectReview
podsecuritypolicysubjectreviews                    security.openshift.io        true         PodSecurityPolicySubjectReview
processedtemplates                                 template.openshift.io        true         Template
templateinstances                                  template.openshift.io        true         TemplateInstance
templates                                          template.openshift.io        true         Template

Well, that’s a lot! In theory for each of them we should be able to run oc explain, but unfortunately the description is often missing. Most often resources have the documentation available.

I like the command, as among others, it helps to discover the new APIs in a very simple way.