A safe wrapper for OpenShift CLI (oc) that only allows read-only commands.

• oc - A wrapper script that delegates to the actual oc binary but only allows read-only commands
• kubectl - A script that instructs users to use oc instead of kubectl

The oc wrapper only permits the following read-only commands:

• get - Display one or many resources
• describe - Show details of a specific resource
• logs - Print container logs
• explain - Get documentation for a resource
• adm top - Display resource usage statistics

Any attempt to run other commands (like apply, delete, edit, etc.) will be blocked.

# These commands will work
oc get pods
oc describe pod my-pod
oc logs my-pod
oc explain deployment
oc adm top nodes

# These commands will be blocked
oc delete pod my-pod
oc apply -f manifest.yaml
oc edit deployment my-deployment

1. Add this directory to your PATH before the actual oc binary location
2. Update the OC_BINARY path in the oc script to point to your actual oc installation

Edit the ALLOWED_COMMANDS array in the oc script to customize which commands are permitted:

ALLOWED_COMMANDS=(
  "get"
  "describe"
  "logs"
  "explain"
  "adm top"
)

This wrapper is useful when you want to:

• Prevent accidental modifications to cluster resources
• Provide safe read-only access to OpenShift clusters
• Ensure consistent behavior by only allowing vetted commands
• Reduce the risk of destructive operations