CODE READY CONTAINERS OR OPENSHIFT FOR YOUR LAPTOP

  • 24 January 2022
  • 6 comments
  • 95 views

Userlevel 7
Badge +8

Redhat’s Openshift owns a large portion of the Kubernetes market and some call it the most complete Kubernetes distribution of all.

In this post we will setup Redhat’s Code Ready Containers which is a single node developer Openshift version that will fit on your laptop.

We will perform the following steps:

1 Download and install CRC (Code Ready Containers)

2 Explore both the CLI and Web Console

 

To install CRC we first need to head over to the Redhat website and login with our Redhat account (you can also create a free account that will allow you to perform the download)

https://developers.redhat.com/products/codeready-containers/overview

Choose your OS and make certain to also download the pull secret.

Unzip the archive and run the MSI (if you are in windows)

I have an older version of CRC installed and you cannot upgrade unlike in a fully licensed Openshift cluster. So the older version and everything in it will be deleted. 

We accept the agreement (Apache License) and move along:

 

After rebooting your laptop you will notice the Red CRC icon in your tray.

 

You can right click on that icon and get various options or just use the CLI.

 

We will use the CLI since we love the command line!

Type crc setup, you will be prompted to paste in your pull secret if this is the first time that you are deploying.

crc setup

After this type crc start to have crc build your cluster

crc start

Ok the install is done. Make sure to jot down the login information and the following command to make sure your environment is ready to use oc.

& crc oc-env | Invoke-Expression

 

We can type oc version to make sure all is working well (for those who have installed the Windows Sybsystem for linux you can switch to bash if you wish to do so but you may need to create aliases for oc i.e. alias oc=oc.exe in your .bashrc file)

By default CRC has logged us in as kubeadmin which is the super user so we can test our setup by checking the get node command.

Oc in this case works just like kubectl

Why don’t we try out the web console.

To do this we can type crc console

crc console

We will need to accept twice the self-signed cert

We can login as developer and see what a user with only restricted rights will see:

 

Or we can logout and log back in as kubeadmin (the password was provided on the screen when the setup program completed. Here we get a lot more options and complete vision of the entire cluster.

 

 

Redhat’s Openshift is a very mature Kubernetes distribution and we have only touched on a basic install of CRC. I hope to create more posts going forward delving deeper into this fantastic product.


6 comments

Userlevel 7
Badge +6

Really great post.  Hard to know where to start for Kubernetes and this just might be the place since it can be local. :smiley:

Looking forward to the next posts on the topic Geoff.

Userlevel 3
Badge

Time to dismantle my Raspberry Pi cluster.  Thank you for the great walk through!  Geoff, I see you studied K8’s security.  Looking forward to some best practices and gotcha’s from you.  I have read too many articles on poorly securted K8’s implementations getting hacked. I’m hoping you can lay out the principles of securing these environments for newbies.  

Userlevel 7
Badge +8

Time to dismantle my Raspberry Pi cluster.  Thank you for the great walk through!  Geoff, I see you studied K8’s security.  Looking forward to some best practices and gotcha’s from you.  I have read too many articles on poorly securted K8’s implementations getting hacked. I’m hoping you can lay out the principles of securing these environments for newbies.  

Hi StephenM, yes that was one of the things that came out when I was studying for the CKS, i.e. how out of the box Kubernetes clusters are not very secure. To be fair that was not their original purpose. Redhat has a addressed a lot of these issues though since they were aiming at having a complete and ready solution for Enterprise. I did a few posts on security stuff but nothing big yet. I will try to pull something together soon though maybe on OPA, falco etc

I highly recommend going for the CKS after the CKA, it was really interesting and fun (well not the anxiety part before the exam :) ). Of course the challenge is to start using this stuff or one forgets. 

I did do a couple of small posts but again will try to do some more soone.

https://community.veeam.com/kubernetes-korner-90/kubesec-for-scanning-your-yamls-1377

https://community.veeam.com/kubernetes-korner-90/check-my-containers-for-security-issues-trivy-can-help-1350

 

cheers

Geoff

Userlevel 7
Badge +8

Time to dismantle my Raspberry Pi cluster.  Thank you for the great walk through!  Geoff, I see you studied K8’s security.  Looking forward to some best practices and gotcha’s from you.  I have read too many articles on poorly securted K8’s implementations getting hacked. I’m hoping you can lay out the principles of securing these environments for newbies.  

Keep the Raspberry Pi cluser.. I am jealous.. :) we have a shortage here in Canada right now. 

One more thing to note is that CRC is a big hog on resources so apart from some basic stuff not a lot you can do. Some of the Operators, like metrics won’t even start due to lack of resources. So I do most of my testing on Minikube, K3s, Kind or when I can get some better infrastructure home grown kubeadm clusters using vms. 

Userlevel 7
Badge +5

This is an alternative to a Vmware Workstation on a laptop to “virtualize in local”? :thinking:

Userlevel 7
Badge +8

This is an alternative to a Vmware Workstation on a laptop to “virtualize in local”? :thinking:

CRC/Openshift is only for containers. For vms KVM would be the Redhat way but on a linux Laptop :) .  By the way there is something called Kubevirt which allows you to manage vms as well as containers I believe, but have not had time to take a look yet https://kubevirt.io/

 

cheers

Comment