QuickStart
https://www.openshift.com/blog/red-hat-openshift-4.7-is-now-available
OpenShift Cloud Hybrid Architectures
The following are a subset of architecture patterns that can be used around a combined AWS and OpenShift technology stack.
OpenShift on AWS Architecture Pattern Grid
Actors
Ext user (gckey) | ||
AWS Cloud | ||
AWS API Gateway - public VPC) | ||
AWS API Gateway - (private VPC) | ||
3Scale (public VPC) | ||
3Scale in Openshift VPC | ||
RHSSO in Openshift VPC | ||
Lambda App - no-VPC (public) | ||
Lambda App in private VPC | ||
Lambda App in Openshift VPC | ||
K8S container App1 in managed EKS | ||
K8S container App1 in Openshift VPC | ||
K8s container DB in Openshift VPC | ||
S3 private via signedURL | ||
RDS DB in private VPC | ||
RDS DB in public VPC | ||
DynamoDB service in public VPC | ||
On Prem | ||
K8S container App2 in Openshift prem DC |
Scenarios
Scenario | AWS Native | Kubernetes Native | OpenShift | SCED security |
---|---|---|---|---|
Public API call into AWS API Gateway fronted Lambda | ||||
Public API Call into 3Scale API Gateway fronted OCP container | ||||
Public PUT to S3 via presigned URL (no APIGW/3Scale required) | ||||
Installing Redhat OpenShift 4.6 for Kubernetes Development
follow https://docs.openshift.com/container-platform/4.6/welcome/index.html
https://docs.openshift.com/container-platform/4.6/installing/installing_bare_metal/installing-bare-metal.html#installing-bare-metal
Requires account - https://cloud.redhat.com/openshift/install/
OpenShift | Kubernetes | |
---|---|---|
4.6.1 | 1.19.0 | |
4.7 | 1.20 |
OpenShift CLI
https://access.redhat.com/downloads/content/290/ver=4.7/rhel---8/4.7.5/x86_64/product-software
Use the login token provided by the OCP cluster you are using
This token is only 1w timed
When installing the oc cli - run once from finder by right clicking - specific to OSX security
echo $PATH chmod 777 oc cp oc /usr/local/bin oc login --token=sha256~hlf25Vc.....LtobLaPx4v4 --server=https://c100-e.us-east.containers.cloud.ibm.com:32601 Logged into "https://c100-e.us-east.containers.cloud.ibm.com:32601" as "IAM#rh-dev-1283" using the token provided. You have access to 63 projects, the list has been suppressed. You can list all projects with 'oc projects'biometric:openshift michaelobrien$ oc version Client Version: 4.7.5 Server Version: 4.6.22 Kubernetes Version: v1.19.0+d46d32f
OpenShift on AWS
Use the quickstart at https://aws.amazon.com/quickstart/architecture/openshift/
Select new VPC
https://us-east-2.console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/create/template?stackName=red-hat-openshift&templateURL=https://aws-quickstart.s3.amazonaws.com/quickstart-redhat-openshift/templates/openshift-main.template.yaml
template in
https://aws-quickstart.s3.amazonaws.com/quickstart-redhat-openshift/templates/openshift-main.template.yaml
Fully managed OpenShift on AWS
https://aws.amazon.com/quickstart/architecture/openshift/
OpenShift Codeready Containers on AWS EC2 VM
https://www.redhat.com/sysadmin/codeready-containers
Create a 16g 4vCPU, 40g+ VM (t3a.xlarge) on a public or private subnet running RHEL 8+
setup CRC on the EC2 VM
ssh ec2-user@subdomain.packet.global sudo yum install curl [ec2-user@ip-172-31-20-118 ~]$ wget https://mirror.openshift.com/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz [ec2-user@ip-172-31-20-118 ~]$ mv /home/ec2-user/crc-linux-1.26.0-amd64/* /home/ec2-user/crc [ec2-user@ip-172-31-20-118 ~]$ rm /home/ec2-user/crc-linux-amd64.tar.xz [ec2-user@ip-172-31-20-118 ~]$ rm -r /home/ec2-user/crc-linux-1.26.0-amd64/ [ec2-user@ip-172-31-20-118 ~]$ cd /home/ec2-user/crc/ [ec2-user@ip-172-31-20-118 crc]$ chmod +x crc [ec2-user@ip-172-31-20-118 crc]$ export PATH=$PATH:/home/ec2-user/crc[ec2-user@ip-172-31-20-118 crc]$ crc setup CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection) Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>' Would you like to contribute anonymous usage statistics? [y/N]: y Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'. INFO Checking if running as non-root INFO Checking if admin-helper executable is cached INFO Caching admin-helper executable INFO Using root access: Changing ownership of /home/ec2-user/.crc/bin/admin-helper-linux INFO Using root access: Setting suid for /home/ec2-user/.crc/bin/admin-helper-linux INFO Checking if running on a supported CPU architecture INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Setting up virtualization You need to enable virtualization in BIOS busted - no nested virtualizationusing c5n.metal at $1/hour on spot - instead of $4/hour [ec2-user@ip-172-31-17-137 crc]$ crc setup CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection) Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>' Would you like to contribute anonymous usage statistics? [y/N]: y Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'. INFO Checking if running as non-root INFO Checking if admin-helper executable is cached INFO Caching admin-helper executable INFO Using root access: Changing ownership of /home/ec2-user/.crc/bin/admin-helper-linux INFO Using root access: Setting suid for /home/ec2-user/.crc/bin/admin-helper-linux INFO Checking if running on a supported CPU architecture INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Installing libvirt service and dependencies INFO Using root access: Installing virtualization packages INFO Checking if user is part of libvirt group INFO Adding user to libvirt group INFO Using root access: Adding user to the libvirt group INFO Checking if active user/process is currently part of the libvirt group INFO Checking if libvirt daemon is running WARN No active (running) libvirtd systemd unit could be found - make sure one of libvirt systemd units is enabled so that it's autostarted at boot time. INFO Starting libvirt service INFO Using root access: Executing systemctl daemon-reload command INFO Using root access: Executing systemctl start libvirtd INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Installing crc-driver-libvirt INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed NetworkManager is required and must be installed manually sudo yum install NetworkManager[ec2-user@ip-172-31-17-137 crc]$ crc setup INFO Checking if running as non-root INFO Checking if admin-helper executable is cached INFO Checking if running on a supported CPU architecture INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Checking if user is part of libvirt group INFO Checking if active user/process is currently part of the libvirt group INFO Checking if libvirt daemon is running INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed INFO Checking if NetworkManager service is running NetworkManager is required. Please make sure it is installed and running manuallyami rhel-openshift-crc-mid-nm-c5n_metal restart spot
c5n.metal EC2 spot json
{ "IamFleetRole": "arn:aws:iam::453279094200:role/aws-ec2-spot-fleet-tagging-role", "AllocationStrategy": "lowestPrice", "TargetCapacity": 1, "ValidFrom": "2021-05-07T20:16:48Z", "ValidUntil": "2022-05-07T20:16:48Z", "SpotPrice": "4.86", "TerminateInstancesWithExpiration": true, "LaunchSpecifications": [ { "ImageId": "ami-04468e03c37242e1e", "InstanceType": "c5n.metal", "SubnetId": "subnet-205c9645", "KeyName": "obrien_systems_aws_202104_uswest1", "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "DeleteOnTermination": true, "SnapshotId": "snap-0250864b25434094e", "VolumeSize": 80, "Encrypted": false, "VolumeType": "gp2" } } ], "SpotPrice": "4.86", "SecurityGroups": [ { "GroupId": "sg-040d682652a0035d6" } ] } ], "Type": "request" }
OpenShift on RHEL 8 on VMWare Fusion 12.1 or Workstation 16.1 on Bare Metal
Install podman for non-root containers Redhat Enterprise Linux#InstallingPodmanasanalternativetoDockeronRedhatRHEL8
OpenShift Code Ready Containers on a single RHEL VM
Port whitelist
53 | |
80 | |
443 | |
6443 |
Open Firewall
[obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo systemctl start firewalld firewall-cmd: error: unrecognized arguments: --add-port:80/tcp [obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo firewall-cmd --add-port=80/tcp --permanent [obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo firewall-cmd --add-port=6443/tcp --permanent [obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo firewall-cmd --add-port=443/tcp --permanent [obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo systemctl restart firewalld [obrienlabs@localhost crc-linux-1.22.0-amd64]$ sudo semanage port -a -t http_port_t -p tcp 6443
Open NAT ports on the VM
https://www.openshift.com/blog/how-to-create-a-single-node-cluster-for-openshift-4-on-power-and-z
https://code-ready.github.io/crc/
VMs | |
---|---|
1 dev | 4 vCores + 9Gb su -c 'yum install NetworkManager'download crc above [obrienlabs@localhost ~]$ echo $PATH /home/obrienlabs/.local/bin:/home/obrienlabs/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin [obrienlabs@localhost ~]$ ls /home/obrienlabs Desktop Documents Downloads index.html Music Pictures Public Templates Videos [obrienlabs@localhost ~]$ mkdir bin [obrienlabs@localhost ~]$ tar -xvf Downloads/crc-linux-amd64.tar.xz [obrienlabs@localhost ~]$ cp crc-linux-1.22.0-amd64/crc bin/ [obrienlabs@localhost ~]$ crc version CodeReady Containers version: 1.22.0+6faff76f OpenShift version: 4.6.15 (embedded in executable) obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc setup CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection) Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>' Would you like to contribute anonymous usage statistics? [y/N]: y Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'. INFO Checking if running as non-root INFO Checking if podman remote executable is cached INFO Checking if admin-helper executable is cached INFO Caching admin-helper executable INFO Using root access: Changing ownership of /home/obrienlabs/.crc/bin/admin-helper-linux [sudo] password for obrienlabs: INFO Using root access: Setting suid for /home/obrienlabs/.crc/bin/admin-helper-linux INFO Checking if CRC bundle is extracted in '$HOME/.crc' INFO Checking if /home/obrienlabs/.crc/cache/crc_libvirt_4.6.15.crcbundle exists INFO Extracting bundle from the CRC executable INFO Ensuring directory /home/obrienlabs/.crc/cache exists INFO Extracting embedded bundle crc_libvirt_4.6.15.crcbundle to /home/obrienlabs/.crc/cache INFO Uncompressing crc_libvirt_4.6.15.crcbundle crc.qcow2: 10.83 GiB / 10.83 GiB [------------------------------------------------------------------] 100.00% INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Installing libvirt service and dependencies INFO Using root access: Installing virtualization packages INFO Checking if user is part of libvirt group INFO Adding user to libvirt group INFO Using root access: Adding user to the libvirt group INFO Checking if libvirt daemon is running INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Installing crc-driver-libvirt INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed INFO Checking if NetworkManager service is running INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists INFO Writing Network Manager config for crc INFO Using root access: Writing NetworkManager configuration to /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf INFO Using root access: Changing permissions for /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf to 644 INFO Using root access: Executing systemctl daemon-reload command INFO Using root access: Executing systemctl reload NetworkManager INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists INFO Writing dnsmasq config for crc INFO Using root access: Writing NetworkManager configuration to /etc/NetworkManager/dnsmasq.d/crc.conf INFO Using root access: Changing permissions for /etc/NetworkManager/dnsmasq.d/crc.conf to 644 INFO Using root access: Executing systemctl daemon-reload command INFO Using root access: Executing systemctl reload NetworkManager INFO Checking if libvirt 'crc' network is available INFO Setting up libvirt 'crc' network INFO Checking if libvirt 'crc' network is active INFO Starting libvirt 'crc' network Setup is complete, you can now run 'crc start' to start the OpenShift cluster [obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc start INFO Checking if running as non-root INFO Checking if podman remote executable is cached INFO Checking if admin-helper executable is cached INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Checking if user is part of libvirt group INFO Checking if libvirt daemon is running INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed INFO Checking if NetworkManager service is running INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists INFO Checking if libvirt 'crc' network is available INFO Checking if libvirt 'crc' network is active CodeReady Containers requires a pull secret to download content from Red Hat. INFO Loading bundle: crc_libvirt_4.6.15.crcbundle ... INFO Creating CodeReady Containers VM for OpenShift 4.6.15... Failed to connect to the CRC VM with SSH -- host might be unreachable: Temporary error: ssh command error: command : exit 0 err : ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain\n (x291) [obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc setup INFO Checking if running as non-root INFO Checking if podman remote executable is cached INFO Checking if admin-helper executable is cached INFO Checking if CRC bundle is extracted in '$HOME/.crc' INFO Checking if /home/obrienlabs/.crc/cache/crc_libvirt_4.6.15.crcbundle exists INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Checking if user is part of libvirt group INFO Checking if libvirt daemon is running INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed INFO Checking if NetworkManager service is running INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists INFO Checking if libvirt 'crc' network is available INFO Checking if libvirt 'crc' network is active Setup is complete, you can now run 'crc start' to start the OpenShift cluster [obrienlabs@localhost crc-linux-1.22.0-amd64]$ crc start INFO Checking if running as non-root INFO Checking if podman remote executable is cached INFO Checking if admin-helper executable is cached INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Checking if user is part of libvirt group INFO Checking if libvirt daemon is running INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed INFO Checking if NetworkManager service is running INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists INFO Checking if libvirt 'crc' network is available INFO Checking if libvirt 'crc' network is active INFO A CodeReady Containers VM for OpenShift 4.6.15 is already running Started the OpenShift cluster To access the cluster, first set up your environment by following the instructions returned by executing 'crc oc-env'. Then you can access your cluster by running 'oc login -u developer -p developer https://api.crc.testing:6443'. To login as a cluster admin, run 'oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443'. You can also run 'crc console' and use the above credentials to access the OpenShift web console. The console will open in your default browser. MacOS switched nat to 130.11 [obrienlabs@localhost ~]$ ifconfig crc: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.130.1 netmask 255.255.255.0 broadcast 192.168.130.255ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.58.141 netmask 255.255.255.0 broadcast 192.168.58.255 [obrienlabs@localhost ~]$ crc stop INFO Stopping the OpenShift cluster, this may take a few minutes... Stopped the OpenShift cluster [obrienlabs@localhost ~]$ crc setup INFO Checking if running as non-root INFO Checking if podman remote executable is cached INFO Checking if admin-helper executable is cached INFO Checking if CRC bundle is extracted in '$HOME/.crc' INFO Checking if /home/obrienlabs/.crc/cache/crc_libvirt_4.6.15.crcbundle exists INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Checking if user is part of libvirt group INFO Checking if libvirt daemon is running INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed INFO Checking if NetworkManager service is running INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists INFO Checking if libvirt 'crc' network is available INFO Checking if libvirt 'crc' network is active Setup is complete, you can now run 'crc start' to start the OpenShift cluster [obrienlabs@localhost ~]$ crc start INFO Checking if running as non-root INFO Checking if podman remote executable is cached INFO Checking if admin-helper executable is cached INFO Checking minimum RAM requirements INFO Checking if Virtualization is enabled INFO Checking if KVM is enabled INFO Checking if libvirt is installed INFO Checking if user is part of libvirt group INFO Checking if libvirt daemon is running INFO Checking if a supported libvirt version is installed INFO Checking if crc-driver-libvirt is installed INFO Checking if systemd-networkd is running INFO Checking if NetworkManager is installed INFO Checking if NetworkManager service is running INFO Checking if /etc/NetworkManager/conf.d/crc-nm-dnsmasq.conf exists INFO Checking if /etc/NetworkManager/dnsmasq.d/crc.conf exists INFO Checking if libvirt 'crc' network is available INFO Checking if libvirt 'crc' network is active INFO Starting CodeReady Containers VM for OpenShift 4.6.15... INFO CodeReady Containers VM is running INFO Starting network time synchronization in CodeReady Containers VM INFO Check internal and public DNS query ... INFO Check DNS query from host ... INFO Verifying validity of the kubelet certificates ... INFO Starting OpenShift kubelet service INFO Starting OpenShift cluster ... [waiting 3m] INFO Updating kubeconfig WARN The cluster might report a degraded or error state. This is expected since several operators have been disabled to lower the resource usage. For more information, please consult the documentation Started the OpenShift cluster To access the cluster, first set up your environment by following the instructions returned by executing 'crc oc-env'. Then you can access your cluster by running 'oc login -u developer -p developer https://api.crc.testing:6443'. To login as a cluster admin, run 'oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443'. You can also run 'crc console' and use the above credentials to access the OpenShift web console. The console will open in your default browser. [obrienlabs@localhost ~]$ crc oc-env export PATH="/home/obrienlabs/.crc/bin/oc:$PATH" # Run this command to configure your shell: # eval $(crc oc-env) [obrienlabs@localhost ~]$ eval $(crc oc-env) [obrienlabs@localhost ~]$ oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443 Login successful. You have access to 59 projects, the list has been suppressed. You can list all projects with ' projects' Using project "obrienlabs". [obrienlabs@localhost ~]$ kubectl get nodes NAME STATUS ROLES AGE VERSION crc-ctj2r-master-0 Ready master,worker 19d v1.19.0+1833054 [obrienlabs@localhost ~]$ crc console Opening the OpenShift Web Console in the default browser... [obrienlabs@localhost ~]$ crc ip 192.168.130.11 |
1 boostrap 3 control 2 worker | https://docs.openshift.com/container-platform/4.6/installing/installing_bare_metal/installing-bare-metal.html#installing-bare-metal |
OpenShift on MacOS native
202110 OpenShift 4.9 via CodeReadyContainers
Download install via
https://console.redhat.com/openshift/create/local
download executable and pull secret
follow installation https://access.redhat.com/documentation/en-us/red_hat_codeready_containers/1.34/html/getting_started_guide/installation_gsg
or in new terminal
Your system is correctly setup for using CodeReady Containers, you can now run 'crc start' to start the OpenShift cluster
obrienlabs:openshift michaelobrien$ crc version CodeReady Containers version: 1.34.0+34c31851 OpenShift version: 4.9.0 (bundle installed at /Applications/CodeReady Containers.app/Contents/Resources/crc_hyperkit_4.9.0.crcbundle) obrienlabs:openshift michaelobrien$ crc setup INFO Checking if running as non-root INFO Checking if crc-admin-helper executable is cached INFO Checking for obsolete admin-helper executable INFO Checking if running on a supported CPU architecture INFO Checking minimum RAM requirements INFO Checking if running emulated on a M1 CPU INFO Checking if HyperKit is installed INFO Checking if qcow-tool is installed INFO Checking if crc-driver-hyperkit is installed INFO Checking if CodeReady Containers daemon is running INFO Checking if launchd configuration for tray exists INFO Creating launchd configuration for tray INFO Check if CodeReady Containers tray is running INFO Checking if CRC bundle is extracted in '$HOME/.crc' INFO Checking if /Applications/CodeReady Containers.app/Contents/Resources/crc_hyperkit_4.9.0.crcbundle exists INFO Extracting bundle from the CRC executable INFO Ensuring directory /Applications/CodeReady Containers.app/Contents/Resources exists INFO Uncompressing crc_hyperkit_4.9.0.crcbundle crc.qcow2: 1.83 GiB / 11.50 GiB [--------------------------->_________________________________________________________________________________________________________________________________________________] 15.91% Bundle 'crc_hyperkit_4.9.0' was requested, but the existing VM is using 'crc_hyperkit_4.6.15'. Please delete your existing cluster and start again delete older cluster from .crc folder - entire contents run again crc setup crc start .. INFO Starting OpenShift kubelet service INFO Waiting for kube-apiserver availability... [takes around 2min] INFO Adding user's pull secret to the cluster... INFO Updating SSH key to machine config resource... INFO Waiting for user's pull secret part of instance disk... INFO Changing the password for the kubeadmin user INFO Updating cluster ID... INFO Updating root CA cert to admin-kubeconfig-client-ca configmap... INFO Starting OpenShift cluster... [waiting for the cluster to stabilize] INFO Operator openshift-controller-manager is progressing INFO All operators are available. Ensuring stability... INFO Operators are stable (2/3)... INFO Operators are stable (3/3)... INFO Adding crc-admin and crc-developer contexts to kubeconfig... Started the OpenShift cluster. The server is accessible via web console at: https://console-openshift-console.apps-crc.testing Log in as administrator: Username: kubeadmin Password: hUVG7-Rz3VQ-8MY93-5KdV5 Log in as user: Username: developer Password: developer Use the 'oc' command line interface: $ eval $(crc oc-env) $ oc login -u developer https://api.crc.testing:6443 obrienlabs:openshift michaelobrien$ eval $(crc oc-env) obrienlabs:openshift michaelobrien$ oc login -u developer https://api.crc.testing:6443 Logged into "https://api.crc.testing:6443" as "developer" using existing credentials. You don't have any projects. You can try to create a new project, by running oc new-project <projectname> obrienlabs:openshift michaelobrien$ oc new-project dev Now using project "dev" on server "https://api.crc.testing:6443". to get full cli access (to use kubectl get nodes for example), hit the right top username, use "copy login command" - login as kubadmin, copy auth token obrienlabs:openshift michaelobrien$ oc login --token=sha256~ZZGIw87Gig1Da9PkPFmFgcOKmhxhSqPS4MyXcf8v5Vw --server=https://api.crc.testing:6443 Logged into "https://api.crc.testing:6443" as "kubeadmin" using the token provided. You have access to 65 projects, the list has been suppressed. You can list all projects with 'oc projects' Using project "dev". obrienlabs:openshift michaelobrien$ kubectl get nodes NAME STATUS ROLES AGE VERSION crc-dzk9v-master-0 Ready master,worker 6d15h v1.22.0-rc.0+894a78b
Openshift 4.6
running inside my firewall - so security not an issue for this one
obrienlabs:openshift michaelobrien$ ./crc version CodeReady Containers version: 1.22.0+6faff76f OpenShift version: 4.6.15 (embedded in executable) obrienlabs:openshift michaelobrien$ ./crc setup CodeReady Containers is constantly improving and we would like to know more about usage (more details at https://developers.redhat.com/article/tool-data-collection) Your preference can be changed manually if desired using 'crc config set consent-telemetry <yes/no>' Would you like to contribute anonymous usage statistics? [y/N]: y Thanks for helping us! You can disable telemetry with the command 'crc config set consent-telemetry no'. INFO Checking if running as non-root INFO Checking if podman remote executable is cached INFO Checking if admin-helper executable is cached INFO Caching admin-helper executable INFO Using root access: Changing ownership of /Users/michaelobrien/.crc/bin/admin-helper-darwin Password: INFO Using root access: Setting suid for /Users/michaelobrien/.crc/bin/admin-helper-darwin INFO Checking if CRC bundle is extracted in '$HOME/.crc' INFO Checking if /Users/michaelobrien/.crc/cache/crc_hyperkit_4.6.15.crcbundle exists INFO Extracting bundle from the CRC executable INFO Ensuring directory /Users/michaelobrien/.crc/cache exists INFO Extracting embedded bundle crc_hyperkit_4.6.15.crcbundle to /Users/michaelobrien/.crc/cache INFO Uncompressing crc_hyperkit_4.6.15.crcbundle crc.qcow2: 10.83 GiB / 10.83 GiB [--------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% INFO Checking minimum RAM requirements INFO Checking if HyperKit is installed INFO Setting up virtualization with HyperKit INFO Using root access: Changing ownership of /Users/michaelobrien/.crc/bin/hyperkit INFO Using root access: Setting suid for /Users/michaelobrien/.crc/bin/hyperkit INFO Checking if crc-driver-hyperkit is installed INFO Installing crc-machine-hyperkit INFO Using root access: Changing ownership of /Users/michaelobrien/.crc/bin/crc-driver-hyperkit INFO Using root access: Setting suid for /Users/michaelobrien/.crc/bin/crc-driver-hyperkit INFO Checking file permissions for /etc/hosts INFO Checking file permissions for /etc/resolver/testing INFO Setting file permissions for /etc/resolver/testing INFO Using root access: Creating dir /etc/resolver INFO Using root access: Creating file /etc/resolver/testing INFO Using root access: Changing ownership of /etc/resolver/testing Setup is complete, you can now run 'crc start' to start the OpenShift cluster obrienlabs:openshift michaelobrien$ ./crc start CodeReady Containers requires a pull secret to download content from Red Hat. You can copy it from the Pull Secret section of https://cloud.redhat.com/openshift/install/crc/installer-provisioned. INFO Check DNS query from host ... INFO Adding user's pull secret to instance disk... INFO Verifying validity of the kubelet certificates ... INFO Starting OpenShift kubelet service INFO Adding user's pull secret to the cluster ... INFO Updating cluster ID ... INFO Starting OpenShift cluster ... [waiting 3m] INFO Updating kubeconfig WARN The cluster might report a degraded or error state. This is expected since several operators have been disabled to lower the resource usage. For more information, please consult the documentation Started the OpenShift cluster To access the cluster, first set up your environment by following the instructions returned by executing 'crc oc-env'. Then you can access your cluster by running 'oc login -u developer -p developer https://api.crc.testing:6443'. To login as a cluster admin, run 'oc login -u kubeadmin -p APBEh-jjrVy-hLQZX-VI9Kg https://api.crc.testing:6443'. You can also run 'crc console' and use the above credentials to access the OpenShift web console. The console will open in your default browser. obrienlabs:openshift michaelobrien$ ./crc oc-env export PATH="/Users/michaelobrien/.crc/bin/oc:$PATH" # Run this command to configure your shell: # eval $(crc oc-env) obrienlabs:openshift michaelobrien$ eval $(./crc oc-env) obrienlabs:openshift michaelobrien$ oc login -u developer -p developer https://api.crc.testing:6443 Login successful. You don't have any projects. You can try to create a new project, by running oc new-project <projectname> obrienlabs:openshift michaelobrien$ ./crc console Opening the OpenShift Web Console in the default browser...
Install Kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo mv ./kubectl /usr/local/bin/kubectl sudo chmod +x /usr/local/bin/kubectl The directory ~/.kube will already be there and populated from the CRC install
Verify OpenShift Cluster
[obrienlabs@localhost ~]$ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE openshift-apiserver-operator openshift-apiserver-operator-79779984c5-5q94r 1/1 Running 1 19d openshift-apiserver apiserver-bc6c767b-mlxhj 2/2 Running 0 18d openshift-authentication-operator authentication-operator-57d4b7dd9c-jctz8 1/1 Running 1 19d openshift-authentication oauth-openshift-7c44b58758-5zh9t 1/1 Running 0 18d openshift-authentication oauth-openshift-7c44b58758-rmwdf 1/1 Running 0 18d openshift-cluster-machine-approver machine-approver-858669cf99-mptwd 2/2 Running 0 19d openshift-cluster-node-tuning-operator cluster-node-tuning-operator-6b74c47c65-vjf99 1/1 Running 0 19d openshift-cluster-node-tuning-operator tuned-jhfp9 1/1 Running 0 19d openshift-cluster-samples-operator cluster-samples-operator-8ffb9b45f-fld9x 2/2 Running 0 19d openshift-cluster-version cluster-version-operator-76d74dc6d-2wqrv 1/1 Running 2 19d openshift-config-operator openshift-config-operator-6595858d7c-gljw2 1/1 Running 4 19d openshift-console-operator console-operator-555b448c8b-hfwsz 1/1 Running 2 19d openshift-console console-7d69757cff-5glq2 1/1 Running 0 19d openshift-console console-7d69757cff-6nmrp 1/1 Running 0 19d openshift-console downloads-fcd5645f5-6qgfg 1/1 Running 0 19d openshift-console downloads-fcd5645f5-nj74m 1/1 Running 0 19d openshift-controller-manager-operator openshift-controller-manager-operator-84c97b49d6-j8k55 1/1 Running 1 19d openshift-controller-manager controller-manager-vcg9z 1/1 Running 0 11h openshift-dns-operator dns-operator-dcb975895-cfjsc 2/2 Running 0 19d openshift-dns dns-default-f5d9p 3/3 Running 0 19d openshift-etcd-operator etcd-operator-595c69ff4b-fhsxm 1/1 Running 1 19d openshift-etcd etcd-crc-ctj2r-master-0 3/3 Running 0 19d openshift-etcd etcd-quorum-guard-587fd6c776-qgrsw 1/1 Running 0 19d openshift-etcd installer-2-crc-ctj2r-master-0 0/1 Completed 0 19d openshift-etcd installer-3-crc-ctj2r-master-0 0/1 Completed 0 19d openshift-etcd revision-pruner-2-crc-ctj2r-master-0 0/1 Completed 0 19d openshift-etcd revision-pruner-3-crc-ctj2r-master-0 0/1 Completed 0 19d openshift-image-registry cluster-image-registry-operator-5fb6f7887-sxsx6 1/1 Running 1 19d openshift-image-registry image-registry-f7cb996fb-pv8ww 1/1 Running 0 11h openshift-image-registry node-ca-4gl9l 1/1 Running 0 19d openshift-ingress-operator ingress-operator-b449dcfc4-xsqx8 2/2 Running 0 19d openshift-ingress router-default-7b67db95f5-tcnxk 1/1 Running 1 11h openshift-ingress router-default-7b67db95f5-v6pk2 0/1 NodeAffinity 0 18d openshift-kube-apiserver-operator kube-apiserver-operator-fd846b6f5-h265g 1/1 Running 1 19d openshift-kube-apiserver installer-7-crc-ctj2r-master-0 0/1 Completed 0 18d openshift-kube-apiserver installer-8-crc-ctj2r-master-0 0/1 Completed 0 18d openshift-kube-apiserver installer-9-crc-ctj2r-master-0 0/1 Completed 0 11h openshift-kube-apiserver kube-apiserver-crc-ctj2r-master-0 5/5 Running 0 11h openshift-kube-apiserver revision-pruner-6-crc-ctj2r-master-0 0/1 Completed 0 18d openshift-kube-apiserver revision-pruner-7-crc-ctj2r-master-0 0/1 Completed 0 18d openshift-kube-apiserver revision-pruner-8-crc-ctj2r-master-0 0/1 Completed 0 18d openshift-kube-apiserver revision-pruner-9-crc-ctj2r-master-0 0/1 Completed 0 11h openshift-kube-controller-manager-operator kube-controller-manager-operator-5dc9fb9795-4np9w 1/1 Running 1 19d openshift-kube-controller-manager kube-controller-manager-crc-ctj2r-master-0 4/4 Running 4 19d openshift-kube-controller-manager revision-pruner-8-crc-ctj2r-master-0 0/1 Completed 0 18d openshift-kube-scheduler-operator openshift-kube-scheduler-operator-b7bbf679c-ssx99 1/1 Running 2 19d openshift-kube-scheduler openshift-kube-scheduler-crc-ctj2r-master-0 3/3 Running 3 19d openshift-kube-scheduler revision-pruner-7-crc-ctj2r-master-0 0/1 Completed 0 18d openshift-kube-storage-version-migrator migrator-68b845cd5-xzmww 1/1 Running 0 19d openshift-marketplace certified-operators-9s86x 1/1 Running 0 19d openshift-marketplace community-operators-jn94v 1/1 Running 0 19d openshift-marketplace marketplace-operator-779d46b7c4-kfmzr 1/1 Running 0 19d openshift-marketplace redhat-marketplace-7ggj9 1/1 Running 0 19d openshift-marketplace redhat-operators-q4pc2 1/1 Running 0 19d openshift-multus multus-admission-controller-kc2r8 2/2 Running 0 19d openshift-multus multus-dvkjx 1/1 Running 0 19d openshift-multus network-metrics-daemon-76p4w 2/2 Running 0 19d openshift-network-operator network-operator-5cf74999f6-djzlt 1/1 Running 0 19d openshift-oauth-apiserver apiserver-79c56575d8-m5lms 1/1 Running 5 19d openshift-operator-lifecycle-manager catalog-operator-6677bf55f9-d928t 1/1 Running 0 19d openshift-operator-lifecycle-manager olm-operator-7d74fcc468-547zf 1/1 Running 0 19d openshift-operator-lifecycle-manager packageserver-7f94c6594d-79fkw 1/1 Running 5 19d openshift-operator-lifecycle-manager packageserver-7f94c6594d-rd99q 1/1 Running 4 19d openshift-sdn ovs-pzldg 1/1 Running 0 19d openshift-sdn sdn-cfhz2 2/2 Running 1 19d openshift-sdn sdn-controller-dzvqw 1/1 Running 1 19d openshift-service-ca-operator service-ca-operator-7d84d4fbcc-g5g7l 1/1 Running 1 19d openshift-service-ca service-ca-6977785876-fjsk6 1/1 Running 1 19d
Create OpenShift project - deploy kubernetes deployment
obrienlabs:openshift michaelobrien$ oc new-project obrienlabs Now using project "obrienlabs" on server "https://api.crc.testing:6443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app rails-postgresql-example to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application: kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname obrienlabs:openshift michaelobrien$ kubectl get pods -n obrienlabs No resources found in obrienlabs namespace. obrienlabs:openshift michaelobrien$ kubectl create deployment hello-node --image=k8s.gcr.io/serve_hostname deployment.apps/hello-node created obrienlabs:openshift michaelobrien$ kubectl get pods -n obrienlabs -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES hello-node-7df46bf4d7-4vdtp 1/1 Running 0 109s 10.217.0.117 crc-ctj2r-master-0 <none> <none> and obrienlabs:openshift michaelobrien$ vi namespace.yaml obrienlabs:openshift michaelobrien$ kubectl apply -f namespace.yaml Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply namespace/obrienlabs configured obrienlabs:openshift michaelobrien$ vi deployment.yaml obrienlabs:openshift michaelobrien$ kubectl apply -f deployment.yaml deployment.apps/backend-stub created obrienlabs:openshift michaelobrien$ kubectl get pods -n obrienlabs NAME READY STATUS RESTARTS AGE backend-stub-7f7b84d4d9-wrx2w 1/1 Running 0 43s hello-node-7df46bf4d7-4vdtp 1/1 Running 0 4d10h
Get CRC ip
[obrienlabs@localhost ~]$ crc ip 192.168.130.11
Redhat RHSSO Single Sign On
Operators
See docker/kubernetes charts for MySQL, Oracle and PostgreSQL in Databases
https://blog.flant.com/comparing-kubernetes-operators-for-postgresql/
PostgreSQL
Databases#KubernetesOperatorsforPostreSQL
https://portworx.com/how-to-backup-and-restore-postgresql-on-kubernetes/
see enterprb operator for postgreSQL https://console-openshift-console.apps-crc.testing/operatorhub/all-namespaces?category=Database&keyword=postgresql&details-item=cloud-native-postgresql-certified-operators-openshift-marketplace
Conferences
20210407: OCP Dev
https://github.com/redhat-developer-demos/hybrid-cloud
https://github.com/openshift-roadshow
1 Comment
Michael O'Brien
hUVG7-Rz3VQ-8MY93-5KdV5