CodeReady Containers lab installation details

Published on 2018-10-02 — By ttyrex

This is a personnal lab, NOT related to Red Hat.

Version

In order to get rid of Red Hat telemetry and pull secrets mechanism, I use OKD version of CodeReady Containers.

OKD CodeReady Containers home is here: https://dl.fedoraproject.org/pub/alt/okd-crc/linux-amd64/

Increasing CodeReady Containers performance

Installation in a RAM Disk

Based on my test, CRC runs faster on a ram disk.

Therefore, to improve the performance, I removed 8 Gi from the VM (now 20 Gi instead of 28 Gi) but placed the qcow2 file in the 8Gi of RAM disk.

While using the cluster, you can monitor the disk space:

[fedora@ns507808 ~]$ df -ah /mnt/ramdisk/
Filesystem      Size  Used Avail Use% Mounted on
tmpfs           8.0G  5.9G  2.2G  74% /mnt/ramdisk

If you reach 100% disk full, the CRC virtual machine will go to paused. You need to redeploy in that case to start over.

You can check the VM state from:

[fedora@ns507808 ~]$ sudo virsh list --all
 Id   Name   State
----------------------
 15   crc    running

No monitoring

By default, the openshift-monitoring project is deleted after deployment. If you really need it, comment the line in redeploy.sh and start over.

Redeploy

The script to redeploy is located in ~ of the user fedora. A crontab will execute every day at 1:00 AM (UTC).

Login is kubeadmin and password is 7ZQBa-SIMeD-XVMJe-z7UVv. The kubeconfig file is at ~/.crc/cache/crc_libvirt_4.6.0-0.okd-2020-12-12-135354/kubeconfig.

Script

Working from the lab

SSH in the lab and start to use oc. If the session is dead, use oc login.

[~]$ ssh fedora@192.99.13.209 oc whoami
Host key fingerprint is SHA256:PTGEHmHAYzawF+xbbAvU89RG1f8nm/10dLIEOtiH3XU
+---[ECDSA 256]---+
|    .+oooo.o.... |
|     .Oo=.. o   .|
|    .=.= =o..   E|
|     .o =+.* o .o|
|       =S.B o + +|
|      . .  + ..++|
|              .=+|
|              o.o|
|                o|
+----[SHA256]-----+
kube:admin

Working from your laptop

The following details explain how to forward ports over SSH and configure DNS to work with the remote cluster directly from your laptop.

Connect the lab (via ssh)

If you want to use your local TCP 80/443 (under 1024) port redirection as a regular user, you need to:

$ sudo setcap 'cap_net_bind_service=+ep' `which ssh`

Update your ~/.ssh/config to forward OCP ports:

Host crc
    Hostname 192.99.13.209
    User fedora
    LocalForward 443  console-openshift-console.apps-crc.testing:443
    LocalForward 80   console-openshift-console.apps-crc.testing:80
    LocalForward 6443 api.crc.testing:6443

[~]$ ssh crc
Host key fingerprint is SHA256:PTGEHmHAYzawF+xbbAvU89RG1f8nm/10dLIEOtiH3XU
+---[ECDSA 256]---+
|    .+oooo.o.... |
|     .Oo=.. o   .|
|    .=.= =o..   E|
|     .o =+.* o .o|
|       =S.B o + +|
|      . .  + ..++|
|              .=+|
|              o.o|
|                o|
+----[SHA256]-----+
Last login: Tue Feb  9 12:58:17 2021 from 192.0.229.10
[fedora@ns507808 ~]$

DNS configuration

You need to update your local /etc/hosts file to resolv api.crc.testing and console-openshift-console.apps-crc.testing to 127.0.0.1.

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 api.crc.testing console-openshift-console.apps-crc.testing oauth-openshift.apps-crc.testing

However, if you use a local dnsmasq you can configure a wildcard for the domain .testing to resolve to 127.0.0.1.

# cat etc-dnsmasq.d/02-ocp.conf 
address=/kube.home/127.0.0.1
address=/.testing/127.0.0.1

I also use the *.kube.home DNS wildcard to point CRC. I configured it to expose k8s application (routes). ie: http://my.web.app.test.kube.home.

Usage

Once you are connected to the cluster, you can now oc login to the CRC cluster from your laptop:

[~]$ oc login -u kubeadmin -p 7ZQBa-SIMeD-XVMJe-z7UVv  --server=https://api.crc.testing:6443 --insecure-skip-tls-verify=true
Login successful.

You have access to 59 projects, the list has been suppressed. You can list all projects with ' projects'

Using project "default".
[~]$ oc whoami
kube:admin
[~]$

You can also connect to the console:

https://console-openshift-console.apps-crc.testing

Use your quay.io credentials from CRC

You need te create secret and link it.

$ oc create secret docker-registry quay --docker-server=quay.io --docker-username=xxxx --docker-password="xxxxxx"    --docker-email=xxxxx@redhat.com
secret/quay created
$ oc secrets link default quay --for=pull
$ oc secrets link deployer quay --for=pull

Issues

In case of [spec.containers[0].securityContext.runAsUser: Invalid value: 65532: must be in the ranges ...

Add the privileged option to the namespace:

oc adm policy add-scc-to-user privileged -z default -n xxxx

Operators lab

TBD

$ oc login -u kubeadmin -p 7ZQBa-SIMeD-XVMJe-z7UVv  --server=https://api.crc.testing:6443 --insecure-skip-tls-verify=true
$ export OPERATOR_IMG=quay.io/tvass/nextcloud-operator:v0.0.1
$ make docker-build docker-push IMG=$OPERATOR_IMG
$ make deploy IMG=$OPERATOR_IMG

$ oc apply -f config/samples/charts_v1alpha1_nextcloud.yaml

http://nextcloud-live.kube.home

How to redeploy CodeReady Containers

Quickly redeploy a crc installation.

#!/bin/sh
cd /home/fedora
sudo virsh destroy crc
sudo virsh undefine crc
./crc stop
./crc delete -f
rm -rf /mnt/ramdisk/crc/.*
rm -rf /mnt/ramdisk/crc/*
./crc setup
./crc start --log-level error
sleep 180
export KUBECONFIG=~/.crc/cache/crc_libvirt_4.6.0-0.okd-2020-12-12-135354/kubeconfig
~/.crc/cache/crc_libvirt_4.6.0-0.okd-2020-12-12-135354/oc login -u kubeadmin -p 7ZQBa-SIMeD-XVMJe-z7UVv  --server=https://api.crc.testing:6443 --insecure-skip-tls-verify=true
~/.crc/cache/crc_libvirt_4.6.0-0.okd-2020-12-12-135354/oc get csr -o name | xargs ~/.crc/cache/crc_libvirt_4.6.0-0.okd-2020-12-12-135354/oc adm certificate approve
~/.crc/cache/crc_libvirt_4.6.0-0.okd-2020-12-12-135354/oc delete pv pv{005..0030}
~/.crc/cache/crc_libvirt_4.6.0-0.okd-2020-12-12-135354/oc delete project openshift-monitoring

/openshift/ /kubernetes/ /crc/ /okd/