Open in app

Sign in

Write

Sign in

Openshift CodeReady Containers on Digital Ocean

Muhammad Aslam
4 min readMar 9, 2021

I’m using CodeReady Containers as a preparation for my openshift exam. It still run well on my Thinkpad with 32GB of RAM, but it do make some uncomfortable fan noise while i’m working on my lab.

So i decide to host CRC on the cloud, with Digital Ocean as the cloud provider.

Setting Up Droplet

On Digital Ocean, create new project and name it whatever you want

New Project in Digital Ocean

At first, i try the basic droplet options (shared cpu) with 16 GB/8 CPUs. But it seem like the setup doesn’t support nested virtualization. So in the end i pick Memory-Optimized setup (dedicated cpu) with 16 GB/2 CPUs.

For distribution, use Fedora 33 x64.

With this setup, some operators will be disabled. You can opt to use a better plan if you want to avoid this situation.

Distribution and Droplet Plan

For region, i choose Singapore which is closest to my location. For more security, use SSH keys as an authentication method for your droplet. If you don’t have ssh key yet, you can generate it with ssh-keygen command on terminal or use PuTTYgen if you use putty.

Click on Create to create your droplet. It may take 1–3 minutes for your droplet to ready.

Now that the droplet is ready, copy it public IP Address, open your terminal/putty and do a ssh to your droplet

ssh root@<public-ip-address>

Setting Up OS and Install CRC

First, let’s patch our new system

dnf upgrade -y

Install some requirements

You can choose between nginx or haproxy as your reverse-proxy. I’m using haproxy

dnf install @virtualization NetworkManager haproxy firewalld policycoreutils-python-utils wget -y

Enable and start firewall and libvirtd

systemctl start libvirtd
systemctl enable libvirtd
systemctl start firewalld
systemctl enable firewalld

Setting up firewall

firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=6443/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
systemctl restart firewalld

Setup port 6443 as http in selinux

semanage port -a -t http_port_t -p tcp 6443

User Setup

Now that we are done with some basic setup. let’s create non-root user for our lab

useradd crc-lab
passwd crc-lab

Add our new user to sudo

usermod -aG wheel crc-lab

I want the new user to have the same ssh keys as root, so i just copy the key from root to new user

mkdir /home/crc-lab/.ssh
cp .ssh/authorized_keys /home/crc-lab/.ssh/
chown -R crc-lab.crc-lab /home/crc-lab/.ssh
chmod 500 /home/crc-lab/.ssh/

Since this is lab environment, if you want your user to do sudo without password:

sed -e 's/^%wheel/#%wheel/g' -e 's/^# %wheel/%wheel/g' -i /etc/sudoers

Now logout from your server, and now do a ssh as a non-root user

ssh crc-lab@<public-ip-address>

Install CodeReady Containers

Now let’s install and configure CRC

wget -c https://mirror.openshift.com/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz#Extract package
tar xfv crc-linux-amd64.tar.xz#Move binary to /usr/local/bin.
sudo mv crc-linux-1.23.1-amd64/crc /usr/local/bin/

Copy your pull secret by go to https://cloud.redhat.com/openshift/install

  • Login with your RH account
  • Choose Local
  • Copy pull secret

On terminal, create new file called pull_secret and paste your secret there.

Now let’s run CRC setup

crc setup

Continue with start CRC

crc start -p pull_secret

Configure HA Proxy

We will use HA Proxy to forward HTTP/S traffic to CRC, as an alternative you can also use nginx as reverse proxy.

Create backup of HA Proxy configuration

sudo cp /etc/haproxy/haproxy.cfg{,.bak}

Configure HA Proxy

#Get your CRC VM IP
export CRC_IP=$(crc ip)#Modify haproxy configuration
sudo tee /etc/haproxy/haproxy.cfg &>/dev/null <<EOF
global
    debug

defaults
    log global
    mode http
    timeout connect 5000
    timeout client 5000
    timeout server 5000

frontend apps
    bind 0.0.0.0:80
    option tcplog
    mode tcp
    default_backend apps

frontend apps_ssl
    bind 0.0.0.0:443
    option tcplog
    mode tcp
    default_backend apps_ssl

backend apps
    mode tcp
    balance roundrobin
    server webserver1 $CRC_IP:80 check

backend apps_ssl
    mode tcp
    balance roundrobin
    option ssl-hello-chk
    server webserver1 $CRC_IP:443 check

frontend api
    bind 0.0.0.0:6443
    option tcplog
    mode tcp
    default_backend api

backend api
    mode tcp
    balance roundrobin
    option ssl-hello-chk
    server webserver1 $CRC_IP:6443 check
EOF

Start and enable HA Proxy

sudo systemctl start haproxy
sudo systemctl enable haproxy

Modify Laptop DNS

My laptop is windows-based, in order to access the system i need add line in hosts file in Windows/System32/drivers/etc/hosts

<public-ip> api.crc.testing oauth-openshift.apps-crc.testing console-openshift-console.apps-crc.testing default-route-openshift-image-registry.apps-crc.testing

Replace <public-ip> with your droplet ip public.

After you modify your file, go to https://console-openshift-console.apps-crc.testing/ and accept certificate.

Now you can access your CRC from browser.

Openshift
Codeready
Digitalocean

--

--

Muhammad Aslam

Written by Muhammad Aslam

34 Followers

Cloud Engineer

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams