OpenShift Debug
Debug security and infrastructure issues on OpenShift clusters.
Quick Actions
Execute scripts from scripts/ directory.
| Script | Purpose |
|---|---|
check-etcd-encryption.sh | Verify etcd encryption at rest status |
inspect-route-cert.sh <route> [namespace] | Extract and decode TLS cert from route |
deploy-test-workload.sh <namespace> | Deploy nginx + postgres for testing |
References
| File | Use When |
|---|---|
tls-inspection.md | Debugging TLS, certs, cipher suites |
etcd-encryption.md | Verifying encryption at rest |
machine-config.md | Debugging MachineConfig, nodes, RHCOS |
cluster-health.md | Checking operators, controllers, nodes |
Common Debug Workflows
TLS/Certificate Issues
- •Check route TLS termination:
oc get route <name> -o yaml | grep -A10 tls: - •Inspect cert:
./scripts/inspect-route-cert.sh <route> - •Check service CA:
oc get secret -n openshift-service-ca signing-key -o jsonpath='{.data.tls\.crt}' | base64 -d | openssl x509 -text -noout
Reference: tls-inspection.md
etcd Encryption
- •Check status:
./scripts/check-etcd-encryption.sh - •If not encrypted, see
etcd-encryption.md#enabling-encryption
Machine Config Problems
- •Check pool status:
oc get mcp - •Check degraded nodes:
oc get nodes -o wide - •Check controller:
oc logs -n openshift-machine-config-operator deploy/machine-config-controller --tail=50
Reference: machine-config.md
Cluster Health
- •Check operators:
oc get co - •Check nodes:
oc get nodes && oc adm top nodes - •Check events:
oc get events --sort-by='.lastTimestamp' | tail -20
Reference: cluster-health.md
Platform Context
Always establish context first:
bash
oc whoami oc cluster-info oc get clusterversion