Page tree
Skip to end of metadata
Go to start of metadata

QuickStart



https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html-single/architecture/index

https://www.openshift.com/blog/red-hat-openshift-4.7-is-now-available

OpenShift Cloud Hybrid Architectures

The following are a subset of architecture patterns that can be used around a combined AWS and OpenShift technology stack.

OpenShift on AWS Architecture Pattern Grid

Actors




Ext user (gckey)

AWS Cloud

AWS API Gateway - public VPC)

AWS API Gateway - (private VPC)

3Scale (public VPC)

3Scale in Openshift VPC

RHSSO in Openshift VPC

Lambda App - no-VPC (public)

Lambda App in private VPC

Lambda App in Openshift VPC

K8S container App1 in managed EKS

K8S container App1 in Openshift VPC

K8s container DB in Openshift VPC

S3 private via signedURL




RDS DB in private VPC

RDS DB in public VPC

DynamoDB service in public VPC

On Prem

K8S container App2 in Openshift prem DC

Scenarios

ScenarioAWS NativeKubernetes NativeOpenShiftSCED security
Public API call into AWS API Gateway fronted Lambda



Public API Call into 3Scale API Gateway fronted OCP container



Public PUT to S3 via presigned URL (no APIGW/3Scale required)








Installing Redhat OpenShift 4.6 for Kubernetes Development

follow https://docs.openshift.com/container-platform/4.6/welcome/index.html
https://docs.openshift.com/container-platform/4.6/installing/installing_bare_metal/installing-bare-metal.html#installing-bare-metal

Requires account - https://cloud.redhat.com/openshift/install/

OpenShiftKubernetes
4.6.1

1.19.0
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0+1833054", GitCommit:"183305424c91636d683dfb4a379204c313976be2", GitTreeState:"clean", BuildDate:"2021-01-22T14:47:21Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}


4.71.20

OpenShift CLI

https://access.redhat.com/downloads/content/290/ver=4.7/rhel---8/4.7.5/x86_64/product-software

Use the login token provided by the OCP cluster you are using


This token is only 1w timed

When installing the oc cli - run once from finder by right clicking - specific to OSX security

echo $PATH
chmod 777 oc
cp oc /usr/local/bin
oc login --token=sha256~hlf25Vc.....LtobLaPx4v4 --server=https://c100-e.us-east.containers.cloud.ibm.com:32601
Logged into "https://c100-e.us-east.containers.cloud.ibm.com:32601" as "IAM#rh-dev-1283" using the token provided.

You have access to 63 projects, the list has been suppressed. You can list all projects with 'oc projects'biometric:openshift michaelobrien$ oc version
Client Version: 4.7.5
Server Version: 4.6.22
Kubernetes Version: v1.19.0+d46d32f


OpenShift on AWS

Use the quickstart at https://aws.amazon.com/quickstart/architecture/openshift/
Select new VPC 
https://us-east-2.console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/template?stackName=red-hat-openshift&templateURL=https://aws-quickstart.s3.amazonaws.com/quickstart-redhat-openshift/templates/openshift-main.template.yaml
template in
https://aws-quickstart.s3.amazonaws.com/quickstart-redhat-openshift/templates/openshift-main.template.yaml

Fully managed OpenShift on AWS

https://aws.amazon.com/quickstart/architecture/openshift/

OpenShift Codeready Containers on AWS EC2 VM

https://www.redhat.com/sysadmin/codeready-containers

Create a 16g 4vCPU, 40g+ VM (t3a.xlarge) on a public or private subnet running RHEL 8+

setup CRC on the EC2 VM

ssh ec2-user@subdomain.packet.global
sudo yum install curl
[ec2-user@ip-172-31-20-118 ~]$ wget https://mirror.openshift.com/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz
[ec2-user@ip-172-31-20-118 ~]$ mv /home/ec2-user/crc-linux-1.26.0-amd64/* /home/ec2-user/crc
[ec2-user@ip-172-31-20-118 ~]$ rm /home/ec2-user/crc-linux-amd64.tar.xz 
[ec2-user@ip-172-31-20-118 ~]$ rm -r /home/ec2-user/crc-linux-1.26.0-amd64/
[ec2-user@ip-172-31-20-118 ~]$ cd /home/ec2-user/crc/
[ec2-user@ip-172-31-20-118 crc]$ chmod +x crc 
[ec2-user@ip-172-31-20-118 crc]$ export PATH=$PATH:/home/ec2-user/crc[ec2-user@ip-172-31-20-118 crc]$ crc setup
CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection)
Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>'
Would you like to contribute anonymous usage statistics? [y/N]: y
Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'.
INFO Checking if running as non-root 
INFO Checking if admin-helper executable is cached 
INFO Caching admin-helper executable 
INFO Using root access: Changing ownership of /home/ec2-user/.crc/bin/admin-helper-linux 
INFO Using root access: Setting suid for /home/ec2-user/.crc/bin/admin-helper-linux 
INFO Checking if running on a supported CPU architecture 
INFO Checking minimum RAM requirements 
INFO Checking if Virtualization is enabled 
INFO Setting up virtualization 
You need to enable virtualization in BIOS

busted - no nested virtualizationusing c5n.metal at $1/hour on spot - instead of $4/hour
[ec2-user@ip-172-31-17-137 crc]$ crc setup
CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection)
Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>'
Would you like to contribute anonymous usage statistics? [y/N]: y
Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'.
INFO Checking if running as non-root              
INFO Checking if admin-helper executable is cached 
INFO Caching admin-helper executable              
INFO Using root access: Changing ownership of /home/ec2-user/.crc/bin/admin-helper-linux 
INFO Using root access: Setting suid for /home/ec2-user/.crc/bin/admin-helper-linux 
INFO Checking if running on a supported CPU architecture 
INFO Checking minimum RAM requirements            
INFO Checking if Virtualization is enabled        
INFO Checking if KVM is enabled                   
INFO Checking if libvirt is installed             
INFO Installing libvirt service and dependencies  
INFO Using root access: Installing virtualization packages 
INFO Checking if user is part of libvirt group    
INFO Adding user to libvirt group                 
INFO Using root access: Adding user to the libvirt group 
INFO Checking if active user/process is currently part of the libvirt group 
INFO Checking if libvirt daemon is running        
WARN No active (running) libvirtd systemd unit could be found - make sure one of libvirt systemd units is enabled so that it's autostarted at boot time. 
INFO Starting libvirt service                     
INFO Using root access: Executing systemctl daemon-reload command 
INFO Using root access: Executing systemctl start libvirtd 
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed  
INFO Installing crc-driver-libvirt                
INFO Checking if systemd-networkd is running      
INFO Checking if NetworkManager is installed      
NetworkManager is required and must be installed manually
sudo yum install NetworkManager[ec2-user@ip-172-31-17-137 crc]$ crc setup 

INFO Checking if running as non-root 
INFO Checking if admin-helper executable is cached 
INFO Checking if running on a supported CPU architecture 
INFO Checking minimum RAM requirements 
INFO Checking if Virtualization is enabled 
INFO Checking if KVM is enabled 
INFO Checking if libvirt is installed 
INFO Checking if user is part of libvirt group 
INFO Checking if active user/process is currently part of the libvirt group 
INFO Checking if libvirt daemon is running 
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed 
INFO Checking if systemd-networkd is running 
INFO Checking if NetworkManager is installed 
INFO Checking if NetworkManager service is running 
NetworkManager is required. Please make sure it is installed and running manuallyami rhel-openshift-crc-mid-nm-c5n_metal
restart spot


c5n.metal EC2 spot json

{
    "IamFleetRole": "arn:aws:iam::453279094200:role/aws-ec2-spot-fleet-tagging-role",
    "AllocationStrategy": "lowestPrice",
    "TargetCapacity": 1,
    "ValidFrom": "2021-05-07T20:16:48Z",
    "ValidUntil": "2022-05-07T20:16:48Z",
    "SpotPrice": "4.86",
    "TerminateInstancesWithExpiration": true,
    "LaunchSpecifications": [
        {
            "ImageId": "ami-04468e03c37242e1e",
            "InstanceType": "c5n.metal",
            "SubnetId": "subnet-205c9645",
            "KeyName": "obrien_systems_aws_202104_uswest1",
            "BlockDeviceMappings": [
                {
                    "DeviceName": "/dev/xvda",
                    "Ebs": {
                        "DeleteOnTermination": true,
                        "SnapshotId": "snap-0250864b25434094e",
                        "VolumeSize": 80,
                        "Encrypted": false,
                        "VolumeType": "gp2"
                    }
                }
            ],
            "SpotPrice": "4.86",
            "SecurityGroups": [
                {
                    "GroupId": "sg-040d682652a0035d6"
                }
            ]
        }
    ],
    "Type": "request"
}



OpenShift on RHEL 8 on VMWare Fusion 12.1 or Workstation 16.1 on Bare Metal

Install podman for non-root containers Redhat Enterprise Linux#InstallingPodmanasanalternativetoDockeronRedhatRHEL8

OpenShift Code Ready Containers on a single RHEL VM

Port whitelist



53
80
443
6443

Open Firewall

[obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo systemctl start firewalld
firewall-cmd: error: unrecognized arguments: --add-port:80/tcp
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo firewall-cmd --add-port=80/tcp --permanent
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo firewall-cmd --add-port=6443/tcp --permanent
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo firewall-cmd --add-port=443/tcp --permanent
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo systemctl restart firewalld
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo semanage port -a -t http_port_t -p tcp 6443

Open NAT ports on the VM

https://www.openshift.com/blog/how-to-create-a-single-node-cluster-for-openshift-4-on-power-and-z
https://code-ready.github.io/crc/

VMs
1 dev

4 vCores + 9Gb
https://code-ready.github.io/crc/
download CRC
https://cloud.redhat.com/openshift/create/local

su -c 'yum install NetworkManager'download crc above
[obrienlabs@localhost ~]$ echo $PATH
/home/obrienlabs/.local/bin:/home/obrienlabs/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin
[obrienlabs@localhost ~]$ ls /home/obrienlabs
Desktop Documents Downloads index.html Music Pictures Public Templates Videos
[obrienlabs@localhost ~]$ mkdir bin
[obrienlabs@localhost ~]$ tar -xvf Downloads/crc-linux-amd64.tar.xz 
[obrienlabs@localhost ~]$ cp crc-linux-1.22.0-amd64/crc bin/
[obrienlabs@localhost ~]$ crc version
CodeReady Containers version: 1.22.0+6faff76f
OpenShift version: 4.6.15 (embedded in executable)

obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc setup
CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection)
Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>'
Would you like to contribute anonymous usage statistics? [y/N]: y
Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'.
INFO Checking if running as non-root              
INFO Checking if podman remote executable is cached 
INFO Checking if admin-helper executable is cached 
INFO Caching admin-helper executable              
INFO Using root access: Changing ownership of /home/obrienlabs/.crc/bin/admin-helper-linux 
[sudo] password for obrienlabs: 
INFO Using root access: Setting suid for /home/obrienlabs/.crc/bin/admin-helper-linux 
INFO Checking if CRC bundle is extracted in '$HOME/.crc' 
INFO Checking if /home/obrienlabs/.crc/cache/crc_libvirt_4.6.15.crcbundle exists 
INFO Extracting bundle from the CRC executable    
INFO Ensuring directory /home/obrienlabs/.crc/cache exists 
INFO Extracting embedded bundle crc_libvirt_4.6.15.crcbundle to /home/obrienlabs/.crc/cache 
INFO Uncompressing crc_libvirt_4.6.15.crcbundle   
crc.qcow2: 10.83 GiB / 10.83 GiB [------------------------------------------------------------------] 100.00%
INFO Checking minimum RAM requirements            
INFO Checking if Virtualization is enabled        
INFO Checking if KVM is enabled                   
INFO Checking if libvirt is installed             
INFO Installing libvirt service and dependencies  
INFO Using root access: Installing virtualization packages 
INFO Checking if user is part of libvirt group    
INFO Adding user to libvirt group                 
INFO Using root access: Adding user to the libvirt group 
INFO Checking if libvirt daemon is running        
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed  
INFO Installing crc-driver-libvirt                
INFO Checking if systemd-networkd is running      
INFO Checking if NetworkManager is installed      
INFO Checking if NetworkManager service is running 
INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists 
INFO Writing Network Manager config for crc       
INFO Using root access: Writing NetworkManager configuration to /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf 
INFO Using root access: Changing permissions for /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf to 644  
INFO Using root access: Executing systemctl daemon-reload command 
INFO Using root access: Executing systemctl reload NetworkManager 
INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists 
INFO Writing dnsmasq config for crc               
INFO Using root access: Writing NetworkManager configuration to /etc/NetworkManager/dnsmasq.d/crc.conf 
INFO Using root access: Changing permissions for /etc/NetworkManager/dnsmasq.d/crc.conf to 644  
INFO Using root access: Executing systemctl daemon-reload command 
INFO Using root access: Executing systemctl reload NetworkManager 
INFO Checking if libvirt 'crc' network is available 
INFO Setting up libvirt 'crc' network             
INFO Checking if libvirt 'crc' network is active  
INFO Starting libvirt 'crc' network               
Setup is complete, you can now run 'crc start' to start the OpenShift cluster
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc start
INFO Checking if running as non-root              
INFO Checking if podman remote executable is cached 
INFO Checking if admin-helper executable is cached 
INFO Checking minimum RAM requirements            
INFO Checking if Virtualization is enabled        
INFO Checking if KVM is enabled                   
INFO Checking if libvirt is installed             
INFO Checking if user is part of libvirt group    
INFO Checking if libvirt daemon is running        
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed  
INFO Checking if systemd-networkd is running      
INFO Checking if NetworkManager is installed      
INFO Checking if NetworkManager service is running 
INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists 
INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists 
INFO Checking if libvirt 'crc' network is available 
INFO Checking if libvirt 'crc' network is active  
CodeReady Containers requires a pull secret to download content from Red Hat.
INFO Loading bundle: crc_libvirt_4.6.15.crcbundle ... 
INFO Creating CodeReady Containers VM for OpenShift 4.6.15... 
Failed to connect to the CRC VM with SSH -- host might be unreachable: Temporary error: ssh command error:
command : exit 0
err     : ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain\n (x291)
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc setup
INFO Checking if running as non-root              
INFO Checking if podman remote executable is cached 
INFO Checking if admin-helper executable is cached 
INFO Checking if CRC bundle is extracted in '$HOME/.crc' 
INFO Checking if /home/obrienlabs/.crc/cache/crc_libvirt_4.6.15.crcbundle exists 
INFO Checking minimum RAM requirements            
INFO Checking if Virtualization is enabled        
INFO Checking if KVM is enabled                   
INFO Checking if libvirt is installed             
INFO Checking if user is part of libvirt group    
INFO Checking if libvirt daemon is running        
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed  
INFO Checking if systemd-networkd is running      
INFO Checking if NetworkManager is installed      
INFO Checking if NetworkManager service is running 
INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists 
INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists 
INFO Checking if libvirt 'crc' network is available 
INFO Checking if libvirt 'crc' network is active  
Setup is complete, you can now run 'crc start' to start the OpenShift cluster
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc start
INFO Checking if running as non-root              
INFO Checking if podman remote executable is cached 
INFO Checking if admin-helper executable is cached 
INFO Checking minimum RAM requirements            
INFO Checking if Virtualization is enabled        
INFO Checking if KVM is enabled                   
INFO Checking if libvirt is installed             
INFO Checking if user is part of libvirt group    
INFO Checking if libvirt daemon is running        
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed  
INFO Checking if systemd-networkd is running      
INFO Checking if NetworkManager is installed      
INFO Checking if NetworkManager service is running 
INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists 
INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists 
INFO Checking if libvirt 'crc' network is available 
INFO Checking if libvirt 'crc' network is active  
INFO A CodeReady Containers VM for OpenShift 4.6.15 is already running 
Started the OpenShift cluster

To access the cluster, first set up your environment by following the instructions returned by executing 'crc oc-env'.
Then you can access your cluster by running 'oc login -u developer -p developer https://api.crc.testing:6443'.
To login as a cluster admin, run 'oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443'.

You can also run 'crc console' and use the above credentials to access the OpenShift web console.
The console will open in your default browser.

MacOS

switched nat to 130.11
[obrienlabs@localhost ~]$ ifconfig
crc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.130.1 netmask 255.255.255.0 broadcast 192.168.130.255ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.58.141 netmask 255.255.255.0 broadcast 192.168.58.255
[obrienlabs@localhost ~]$ crc stop
INFO Stopping the OpenShift cluster, this may take a few minutes... 
Stopped the OpenShift cluster
[obrienlabs@localhost ~]$ crc setup
INFO Checking if running as non-root              
INFO Checking if podman remote executable is cached 
INFO Checking if admin-helper executable is cached 
INFO Checking if CRC bundle is extracted in '$HOME/.crc' 
INFO Checking if /home/obrienlabs/.crc/cache/crc_libvirt_4.6.15.crcbundle exists 
INFO Checking minimum RAM requirements            
INFO Checking if Virtualization is enabled        
INFO Checking if KVM is enabled                   
INFO Checking if libvirt is installed             
INFO Checking if user is part of libvirt group    
INFO Checking if libvirt daemon is running        
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed  
INFO Checking if systemd-networkd is running      
INFO Checking if NetworkManager is installed      
INFO Checking if NetworkManager service is running 
INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists 
INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists 
INFO Checking if libvirt 'crc' network is available 
INFO Checking if libvirt 'crc' network is active  
Setup is complete, you can now run 'crc start' to start the OpenShift cluster
[obrienlabs@localhost ~]$ crc start
INFO Checking if running as non-root              
INFO Checking if podman remote executable is cached 
INFO Checking if admin-helper executable is cached 
INFO Checking minimum RAM requirements            
INFO Checking if Virtualization is enabled        
INFO Checking if KVM is enabled                   
INFO Checking if libvirt is installed             
INFO Checking if user is part of libvirt group    
INFO Checking if libvirt daemon is running        
INFO Checking if a supported libvirt version is installed 
INFO Checking if crc-driver-libvirt is installed  
INFO Checking if systemd-networkd is running      
INFO Checking if NetworkManager is installed      
INFO Checking if NetworkManager service is running 
INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists 
INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists 
INFO Checking if libvirt 'crc' network is available 
INFO Checking if libvirt 'crc' network is active  
INFO Starting CodeReady Containers VM for OpenShift 4.6.15... 
INFO CodeReady Containers VM is running           
INFO Starting network time synchronization in CodeReady Containers VM 
INFO Check internal and public DNS query ...      
INFO Check DNS query from host ...                
INFO Verifying validity of the kubelet certificates ... 
INFO Starting OpenShift kubelet service           
INFO Starting OpenShift cluster ... [waiting 3m]  
INFO Updating kubeconfig                          
WARN The cluster might report a degraded or error state. This is expected since several operators have been disabled to lower the resource usage. For more information, please consult the documentation 
Started the OpenShift cluster

To access the cluster, first set up your environment by following the instructions returned by executing 'crc oc-env'.
Then you can access your cluster by running 'oc login -u developer -p developer https://api.crc.testing:6443'.
To login as a cluster admin, run 'oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443'.

You can also run 'crc console' and use the above credentials to access the OpenShift web console.
The console will open in your default browser.
[obrienlabs@localhost ~]$ crc oc-env
export PATH="/home/obrienlabs/.crc/bin/oc:$PATH"
# Run this command to configure your shell:
# eval $(crc oc-env)
[obrienlabs@localhost ~]$ eval $(crc oc-env)
[obrienlabs@localhost ~]$ oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443
Login successful.

You have access to 59 projects, the list has been suppressed. You can list all projects with ' projects'

Using project "obrienlabs".
[obrienlabs@localhost ~]$ kubectl get nodes
NAME                 STATUS   ROLES           AGE   VERSION
crc-ctj2r-master-0   Ready    master,worker   19d   v1.19.0+1833054
[obrienlabs@localhost ~]$ crc console
Opening the OpenShift Web Console in the default browser...
[obrienlabs@localhost ~]$ crc ip
192.168.130.11

1 boostrap
3 control
2 worker
https://docs.openshift.com/container-platform/4.6/installing/installing_bare_metal/installing-bare-metal.html#installing-bare-metal


https://docs.openshift.com/container-platform/4.6/installing/installing_bare_metal/installing-bare-metal.html#installing-bare-metal

OpenShift on MacOS native

202110 OpenShift 4.9 via CodeReadyContainers

Download install via

https://crc.dev/crc/

https://console.redhat.com/openshift/create/local

download executable and pull secret

follow installation https://access.redhat.com/documentation/en-us/red_hat_codeready_containers/1.34/html/getting_started_guide/installation_gsg

or in new terminal

Your system is correctly setup for using CodeReady Containers, you can now run 'crc start' to start the OpenShift cluster


obrienlabs:openshift michaelobrien$ crc version
CodeReady Containers version: 1.34.0+34c31851
OpenShift version: 4.9.0 (bundle installed at /Applications/CodeReady Containers.app/Contents/Resources/crc_hyperkit_4.9.0.crcbundle)
obrienlabs:openshift michaelobrien$ crc setup
INFO Checking if running as non-root              
INFO Checking if crc-admin-helper executable is cached 
INFO Checking for obsolete admin-helper executable 
INFO Checking if running on a supported CPU architecture 
INFO Checking minimum RAM requirements            
INFO Checking if running emulated on a M1 CPU     
INFO Checking if HyperKit is installed            
INFO Checking if qcow-tool is installed           
INFO Checking if crc-driver-hyperkit is installed 
INFO Checking if CodeReady Containers daemon is running 
INFO Checking if launchd configuration for tray exists 
INFO Creating launchd configuration for tray      
INFO Check if CodeReady Containers tray is running 
INFO Checking if CRC bundle is extracted in '$HOME/.crc' 
INFO Checking if /Applications/CodeReady Containers.app/Contents/Resources/crc_hyperkit_4.9.0.crcbundle exists 
INFO Extracting bundle from the CRC executable    
INFO Ensuring directory /Applications/CodeReady Containers.app/Contents/Resources exists 
INFO Uncompressing crc_hyperkit_4.9.0.crcbundle   
crc.qcow2: 1.83 GiB / 11.50 GiB [--------------------------->_________________________________________________________________________________________________________________________________________________] 15.91%

Bundle 'crc_hyperkit_4.9.0' was requested, but the existing VM is using 'crc_hyperkit_4.6.15'. Please delete your existing cluster and start again
delete older cluster from .crc folder - entire contents
run again
crc setup
crc start
..
INFO Starting OpenShift kubelet service            
INFO Waiting for kube-apiserver availability... [takes around 2min] 
INFO Adding user's pull secret to the cluster...  
INFO Updating SSH key to machine config resource... 
INFO Waiting for user's pull secret part of instance disk... 
INFO Changing the password for the kubeadmin user 
INFO Updating cluster ID...                       
INFO Updating root CA cert to admin-kubeconfig-client-ca configmap... 
INFO Starting OpenShift cluster... [waiting for the cluster to stabilize] 
INFO Operator openshift-controller-manager is progressing 
INFO All operators are available. Ensuring stability... 
INFO Operators are stable (2/3)...                
INFO Operators are stable (3/3)...                
INFO Adding crc-admin and crc-developer contexts to kubeconfig... 
Started the OpenShift cluster.

The server is accessible via web console at:
  https://console-openshift-console.apps-crc.testing

Log in as administrator:
  Username: kubeadmin
  Password: hUVG7-Rz3VQ-8MY93-5KdV5

Log in as user:
  Username: developer
  Password: developer

Use the 'oc' command line interface:
  $ eval $(crc oc-env)
  $ oc login -u developer https://api.crc.testing:6443

obrienlabs:openshift michaelobrien$ eval $(crc oc-env)
obrienlabs:openshift michaelobrien$ oc login -u developer https://api.crc.testing:6443
Logged into "https://api.crc.testing:6443" as "developer" using existing credentials.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>
obrienlabs:openshift michaelobrien$ oc new-project dev
Now using project "dev" on server "https://api.crc.testing:6443".

to get full cli access (to use kubectl get nodes for example), hit the right top username, use "copy login command" - login as kubadmin, copy auth token

obrienlabs:openshift michaelobrien$ oc login --token=sha256~ZZGIw87Gig1Da9PkPFmFgcOKmhxhSqPS4MyXcf8v5Vw --server=https://api.crc.testing:6443
Logged into "https://api.crc.testing:6443" as "kubeadmin" using the token provided.

You have access to 65 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "dev".
obrienlabs:openshift michaelobrien$ kubectl get nodes
NAME                 STATUS   ROLES           AGE     VERSION
crc-dzk9v-master-0   Ready    master,worker   6d15h   v1.22.0-rc.0+894a78b



Openshift 4.6

running inside my firewall - so security not an issue for this one

obrienlabs:openshift michaelobrien$ ./crc version
CodeReady Containers version: 1.22.0+6faff76f
OpenShift version: 4.6.15 (embedded in executable)

obrienlabs:openshift michaelobrien$ ./crc setup
CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection)
Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>'
Would you like to contribute anonymous usage statistics? [y/N]: y
Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'.
INFO Checking if running as non-root 
INFO Checking if podman remote executable is cached 
INFO Checking if admin-helper executable is cached 
INFO Caching admin-helper executable 
INFO Using root access: Changing ownership of /Users/michaelobrien/.crc/bin/admin-helper-darwin 
Password:
INFO Using root access: Setting suid for /Users/michaelobrien/.crc/bin/admin-helper-darwin 
INFO Checking if CRC bundle is extracted in '$HOME/.crc' 
INFO Checking if /Users/michaelobrien/.crc/cache/crc_hyperkit_4.6.15.crcbundle exists 
INFO Extracting bundle from the CRC executable 
INFO Ensuring directory /Users/michaelobrien/.crc/cache exists 
INFO Extracting embedded bundle crc_hyperkit_4.6.15.crcbundle to /Users/michaelobrien/.crc/cache 
INFO Uncompressing crc_hyperkit_4.6.15.crcbundle 
crc.qcow2: 10.83 GiB / 10.83 GiB [--------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00%
INFO Checking minimum RAM requirements 
INFO Checking if HyperKit is installed 
INFO Setting up virtualization with HyperKit 
INFO Using root access: Changing ownership of /Users/michaelobrien/.crc/bin/hyperkit 
INFO Using root access: Setting suid for /Users/michaelobrien/.crc/bin/hyperkit 
INFO Checking if crc-driver-hyperkit is installed 
INFO Installing crc-machine-hyperkit 
INFO Using root access: Changing ownership of /Users/michaelobrien/.crc/bin/crc-driver-hyperkit 
INFO Using root access: Setting suid for /Users/michaelobrien/.crc/bin/crc-driver-hyperkit 
INFO Checking file permissions for /etc/hosts 
INFO Checking file permissions for /etc/resolver/testing 
INFO Setting file permissions for /etc/resolver/testing 
INFO Using root access: Creating dir /etc/resolver 
INFO Using root access: Creating file /etc/resolver/testing 
INFO Using root access: Changing ownership of /etc/resolver/testing 
Setup is complete, you can now run 'crc start' to start the OpenShift cluster
obrienlabs:openshift michaelobrien$ ./crc start
CodeReady Containers requires a pull secret to download content from Red Hat.
You can copy it from the Pull Secret section of https://cloud.redhat.com/openshift/install/crc/installer-provisioned.
INFO Check DNS query from host ... 
INFO Adding user's pull secret to instance disk... 
INFO Verifying validity of the kubelet certificates ... 
INFO Starting OpenShift kubelet service 
INFO Adding user's pull secret to the cluster ... 
INFO Updating cluster ID ... 
INFO Starting OpenShift cluster ... [waiting 3m] 
INFO Updating kubeconfig 
WARN The cluster might report a degraded or error state. This is expected since several operators have been disabled to lower the resource usage. 
For more information, please consult the documentation 
Started the OpenShift cluster

To access the cluster, first set up your environment by following the instructions returned by executing 'crc oc-env'.
Then you can access your cluster by running 'oc login -u developer -p developer https://api.crc.testing:6443'.
To login as a cluster admin, run 'oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443'.

You can also run 'crc console' and use the above credentials to access the OpenShift web console.
The console will open in your default browser.

obrienlabs:openshift michaelobrien$ ./crc oc-env
export PATH="/Users/michaelobrien/.crc/bin/oc:$PATH"
# Run this command to configure your shell:
# eval $(crc oc-env)
obrienlabs:openshift michaelobrien$ eval $(./crc oc-env)
obrienlabs:openshift michaelobrien$ oc login -u developer -p developer https://api.crc.testing:6443
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>

obrienlabs:openshift michaelobrien$ ./crc console
Opening the OpenShift Web Console in the default browser...


Install Kubectl

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo mv ./kubectl /usr/local/bin/kubectl
sudo chmod +x /usr/local/bin/kubectl
The directory ~/.kube will already be there and populated from the CRC install


Verify OpenShift Cluster

[obrienlabs@localhost ~]$ kubectl get pods --all-namespaces
NAMESPACE                                    NAME                                                     READY   STATUS         RESTARTS   AGE
openshift-apiserver-operator                 openshift-apiserver-operator-79779984c5-5q94r            1/1     Running        1          19d
openshift-apiserver                          apiserver-bc6c767b-mlxhj                                 2/2     Running        0          18d
openshift-authentication-operator            authentication-operator-57d4b7dd9c-jctz8                 1/1     Running        1          19d
openshift-authentication                     oauth-openshift-7c44b58758-5zh9t                         1/1     Running        0          18d
openshift-authentication                     oauth-openshift-7c44b58758-rmwdf                         1/1     Running        0          18d
openshift-cluster-machine-approver           machine-approver-858669cf99-mptwd                        2/2     Running        0          19d
openshift-cluster-node-tuning-operator       cluster-node-tuning-operator-6b74c47c65-vjf99            1/1     Running        0          19d
openshift-cluster-node-tuning-operator       tuned-jhfp9                                              1/1     Running        0          19d
openshift-cluster-samples-operator           cluster-samples-operator-8ffb9b45f-fld9x                 2/2     Running        0          19d
openshift-cluster-version                    cluster-version-operator-76d74dc6d-2wqrv                 1/1     Running        2          19d
openshift-config-operator                    openshift-config-operator-6595858d7c-gljw2               1/1     Running        4          19d
openshift-console-operator                   console-operator-555b448c8b-hfwsz                        1/1     Running        2          19d
openshift-console                            console-7d69757cff-5glq2                                 1/1     Running        0          19d
openshift-console                            console-7d69757cff-6nmrp                                 1/1     Running        0          19d
openshift-console                            downloads-fcd5645f5-6qgfg                                1/1     Running        0          19d
openshift-console                            downloads-fcd5645f5-nj74m                                1/1     Running        0          19d
openshift-controller-manager-operator        openshift-controller-manager-operator-84c97b49d6-j8k55   1/1     Running        1          19d
openshift-controller-manager                 controller-manager-vcg9z                                 1/1     Running        0          11h
openshift-dns-operator                       dns-operator-dcb975895-cfjsc                             2/2     Running        0          19d
openshift-dns                                dns-default-f5d9p                                        3/3     Running        0          19d
openshift-etcd-operator                      etcd-operator-595c69ff4b-fhsxm                           1/1     Running        1          19d
openshift-etcd                               etcd-crc-ctj2r-master-0                                  3/3     Running        0          19d
openshift-etcd                               etcd-quorum-guard-587fd6c776-qgrsw                       1/1     Running        0          19d
openshift-etcd                               installer-2-crc-ctj2r-master-0                           0/1     Completed      0          19d
openshift-etcd                               installer-3-crc-ctj2r-master-0                           0/1     Completed      0          19d
openshift-etcd                               revision-pruner-2-crc-ctj2r-master-0                     0/1     Completed      0          19d
openshift-etcd                               revision-pruner-3-crc-ctj2r-master-0                     0/1     Completed      0          19d
openshift-image-registry                     cluster-image-registry-operator-5fb6f7887-sxsx6          1/1     Running        1          19d
openshift-image-registry                     image-registry-f7cb996fb-pv8ww                           1/1     Running        0          11h
openshift-image-registry                     node-ca-4gl9l                                            1/1     Running        0          19d
openshift-ingress-operator                   ingress-operator-b449dcfc4-xsqx8                         2/2     Running        0          19d
openshift-ingress                            router-default-7b67db95f5-tcnxk                          1/1     Running        1          11h
openshift-ingress                            router-default-7b67db95f5-v6pk2                          0/1     NodeAffinity   0          18d
openshift-kube-apiserver-operator            kube-apiserver-operator-fd846b6f5-h265g                  1/1     Running        1          19d
openshift-kube-apiserver                     installer-7-crc-ctj2r-master-0                           0/1     Completed      0          18d
openshift-kube-apiserver                     installer-8-crc-ctj2r-master-0                           0/1     Completed      0          18d
openshift-kube-apiserver                     installer-9-crc-ctj2r-master-0                           0/1     Completed      0          11h
openshift-kube-apiserver                     kube-apiserver-crc-ctj2r-master-0                        5/5     Running        0          11h
openshift-kube-apiserver                     revision-pruner-6-crc-ctj2r-master-0                     0/1     Completed      0          18d
openshift-kube-apiserver                     revision-pruner-7-crc-ctj2r-master-0                     0/1     Completed      0          18d
openshift-kube-apiserver                     revision-pruner-8-crc-ctj2r-master-0                     0/1     Completed      0          18d
openshift-kube-apiserver                     revision-pruner-9-crc-ctj2r-master-0                     0/1     Completed      0          11h
openshift-kube-controller-manager-operator   kube-controller-manager-operator-5dc9fb9795-4np9w        1/1     Running        1          19d
openshift-kube-controller-manager            kube-controller-manager-crc-ctj2r-master-0               4/4     Running        4          19d
openshift-kube-controller-manager            revision-pruner-8-crc-ctj2r-master-0                     0/1     Completed      0          18d
openshift-kube-scheduler-operator            openshift-kube-scheduler-operator-b7bbf679c-ssx99        1/1     Running        2          19d
openshift-kube-scheduler                     openshift-kube-scheduler-crc-ctj2r-master-0              3/3     Running        3          19d
openshift-kube-scheduler                     revision-pruner-7-crc-ctj2r-master-0                     0/1     Completed      0          18d
openshift-kube-storage-version-migrator      migrator-68b845cd5-xzmww                                 1/1     Running        0          19d
openshift-marketplace                        certified-operators-9s86x                                1/1     Running        0          19d
openshift-marketplace                        community-operators-jn94v                                1/1     Running        0          19d
openshift-marketplace                        marketplace-operator-779d46b7c4-kfmzr                    1/1     Running        0          19d
openshift-marketplace                        redhat-marketplace-7ggj9                                 1/1     Running        0          19d
openshift-marketplace                        redhat-operators-q4pc2                                   1/1     Running        0          19d
openshift-multus                             multus-admission-controller-kc2r8                        2/2     Running        0          19d
openshift-multus                             multus-dvkjx                                             1/1     Running        0          19d
openshift-multus                             network-metrics-daemon-76p4w                             2/2     Running        0          19d
openshift-network-operator                   network-operator-5cf74999f6-djzlt                        1/1     Running        0          19d
openshift-oauth-apiserver                    apiserver-79c56575d8-m5lms                               1/1     Running        5          19d
openshift-operator-lifecycle-manager         catalog-operator-6677bf55f9-d928t                        1/1     Running        0          19d
openshift-operator-lifecycle-manager         olm-operator-7d74fcc468-547zf                            1/1     Running        0          19d
openshift-operator-lifecycle-manager         packageserver-7f94c6594d-79fkw                           1/1     Running        5          19d
openshift-operator-lifecycle-manager         packageserver-7f94c6594d-rd99q                           1/1     Running        4          19d
openshift-sdn                                ovs-pzldg                                                1/1     Running        0          19d
openshift-sdn                                sdn-cfhz2                                                2/2     Running        1          19d
openshift-sdn                                sdn-controller-dzvqw                                     1/1     Running        1          19d
openshift-service-ca-operator                service-ca-operator-7d84d4fbcc-g5g7l                     1/1     Running        1          19d
openshift-service-ca                         service-ca-6977785876-fjsk6                              1/1     Running        1          19d


Create OpenShift project - deploy kubernetes deployment


obrienlabs:openshift michaelobrien$ oc new-project obrienlabs
Now using project "obrienlabs" on server "https://api.crc.testing:6443".
You can add applications to this project with the 'new-app' command. For example, try:
    oc new-app rails-postgresql-example
to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:
    kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname
obrienlabs:openshift michaelobrien$ kubectl get pods -n obrienlabs
No resources found in obrienlabs namespace.
obrienlabs:openshift michaelobrien$ kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname
deployment.apps/hello-node created
obrienlabs:openshift michaelobrien$ kubectl get pods -n obrienlabs -o wide
NAME                          READY   STATUS    RESTARTS   AGE    IP             NODE                 NOMINATED NODE   READINESS GATES
hello-node-7df46bf4d7-4vdtp   1/1     Running   0          109s   10.217.0.117   crc-ctj2r-master-0   <none>           <none>
and
obrienlabs:openshift michaelobrien$ vi namespace.yaml
obrienlabs:openshift michaelobrien$ kubectl apply -f namespace.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
namespace/obrienlabs configured

obrienlabs:openshift michaelobrien$ vi deployment.yaml
obrienlabs:openshift michaelobrien$ kubectl apply -f deployment.yaml 
deployment.apps/backend-stub created

obrienlabs:openshift michaelobrien$ kubectl get pods -n obrienlabs
NAME READY STATUS RESTARTS AGE
backend-stub-7f7b84d4d9-wrx2w 1/1 Running 0 43s
hello-node-7df46bf4d7-4vdtp 1/1 Running 0 4d10h

Get CRC ip

[obrienlabs@localhost ~]$ crc ip
192.168.130.11


Redhat RHSSO Single Sign On


https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html/red_hat_single_sign-on_for_openshift/getting_started#Example-Deploying-SSO

Operators

See docker/kubernetes charts for MySQL, Oracle and PostgreSQL in Databases

https://blog.flant.com/comparing-kubernetes-operators-for-postgresql/

PostgreSQL

Databases#KubernetesOperatorsforPostreSQL

https://portworx.com/how-to-backup-and-restore-postgresql-on-kubernetes/

see enterprb operator for postgreSQL https://console-openshift-console.apps-crc.testing/operatorhub/all-namespaces?category=Database&keyword=postgresql&details-item=cloud-native-postgresql-certified-operators-openshift-marketplace



Conferences

20210407: OCP Dev

https://github.com/redhat-developer-demos/hybrid-cloud

https://github.com/openshift-roadshow

https://docs.google.com/presentation/d/1zTAkI384D0FJrBluCVdXrHomPEEPh_qRUamY2shVv1w/edit#slide=id.gb18eeeae30_0_2154

https://redhat-scholars.github.io/openshift-starter-guides/rhs-openshift-starter-guides/4.6/index.html?CLUSTER_SUBDOMAIN=rhd-wdc06-apr07-3145589-4c50a18a6ae19b704aa10d04d75751f8-0000.us-east.containers.appdomain.cloud&USERNAME=rh-dev-1283&PASSWORD=1x1ux8ah&LOGIN=https%3A%2F%2Fiam.cloud.ibm.com%2Fidentity%2Fdevcluster%2Fauthorize%3Fclient_id%3DHOP55v1CCT%26response_type%3Dcode%26state%3Dhttps%253A%252F%252Fcloud.ibm.com%252Fkubernetes%252Fclusters%252Fc1mldupw046o37ioj0f0%252Foverview%26redirect_uri%3Dhttps%253A%252F%252Fcloud.ibm.com%252Flogin%252Fcallback


Training


https://redhat-scholars.github.io/openshift-starter-guides/rhs-openshift-starter-guides/4.6/nationalparks-java-databases.html#data_data_everywhere?CLUSTER_SUBDOMAIN=rhd-wdc06-apr07-3145589-4c50a18a6ae19b704aa10d04d75751f8-0000.us-east.containers.appdomain.cloud&USERNAME=rh-dev-1283&PASSWORD=1x1ux8ah&LOGIN=https%3A%2F%2Fiam.cloud.ibm.com%2Fidentity%2Fdevcluster%2Fauthorize%3Fclient_id%3DHOP55v1CCT%26response_type%3Dcode%26state%3Dhttps%253A%252F%252Fcloud.ibm.com%252Fkubernetes%252Fclusters%252Fc1mldupw046o37ioj0f0%252Foverview%26redirect_uri%3Dhttps%253A%252F%252Fcloud.ibm.com%252Flogin%252Fcallback


https://redhat-scholars.github.io/openshift-starter-guides/rhs-openshift-starter-guides/4.6/nationalparks-java-databases.html#storage


  • No labels

1 Comment

  1. hUVG7-Rz3VQ-8MY93-5KdV5