Openshift CodeReady Containers on Digital Ocean
I’m using CodeReady Containers as a preparation for my openshift exam. It still run well on my Thinkpad with 32GB of RAM, but it do make some uncomfortable fan noise while i’m working on my lab.
So i decide to host CRC on the cloud, with Digital Ocean as the cloud provider.
Setting Up Droplet
On Digital Ocean, create new project and name it whatever you want
At first, i try the basic droplet options (shared cpu) with 16 GB/8 CPUs. But it seem like the setup doesn’t support nested virtualization. So in the end i pick Memory-Optimized setup (dedicated cpu) with 16 GB/2 CPUs.
For distribution, use Fedora 33 x64.
With this setup, some operators will be disabled. You can opt to use a better plan if you want to avoid this situation.
For region, i choose Singapore which is closest to my location. For more security, use SSH keys as an authentication method for your droplet. If you don’t have ssh key yet, you can generate it with ssh-keygen command on terminal or use PuTTYgen if you use putty.
Click on Create to create your droplet. It may take 1–3 minutes for your droplet to ready.
Now that the droplet is ready, copy it public IP Address, open your terminal/putty and do a ssh to your droplet
ssh root@<public-ip-address>
Setting Up OS and Install CRC
First, let’s patch our new system
dnf upgrade -y
Install some requirements
You can choose between nginx or haproxy as your reverse-proxy. I’m using haproxy
dnf install @virtualization NetworkManager haproxy firewalld policycoreutils-python-utils wget -y
Enable and start firewall and libvirtd
systemctl start libvirtd
systemctl enable libvirtd
systemctl start firewalld
systemctl enable firewalld
Setting up firewall
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=6443/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
systemctl restart firewalld
Setup port 6443 as http in selinux
semanage port -a -t http_port_t -p tcp 6443
User Setup
Now that we are done with some basic setup. let’s create non-root user for our lab
useradd crc-lab
passwd crc-lab
Add our new user to sudo
usermod -aG wheel crc-lab
I want the new user to have the same ssh keys as root, so i just copy the key from root to new user
mkdir /home/crc-lab/.ssh
cp .ssh/authorized_keys /home/crc-lab/.ssh/
chown -R crc-lab.crc-lab /home/crc-lab/.ssh
chmod 500 /home/crc-lab/.ssh/
Since this is lab environment, if you want your user to do sudo without password:
sed -e 's/^%wheel/#%wheel/g' -e 's/^# %wheel/%wheel/g' -i /etc/sudoers
Now logout from your server, and now do a ssh as a non-root user
ssh crc-lab@<public-ip-address>
Install CodeReady Containers
Now let’s install and configure CRC
wget -c https://mirror.openshift.com/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz#Extract package
tar xfv crc-linux-amd64.tar.xz#Move binary to /usr/local/bin.
sudo mv crc-linux-1.23.1-amd64/crc /usr/local/bin/
Copy your pull secret by go to https://cloud.redhat.com/openshift/install
- Login with your RH account
- Choose Local
- Copy pull secret
On terminal, create new file called pull_secret and paste your secret there.
Now let’s run CRC setup
crc setup
Continue with start CRC
crc start -p pull_secret
Configure HA Proxy
We will use HA Proxy to forward HTTP/S traffic to CRC, as an alternative you can also use nginx as reverse proxy.
Create backup of HA Proxy configuration
sudo cp /etc/haproxy/haproxy.cfg{,.bak}
Configure HA Proxy
#Get your CRC VM IP
export CRC_IP=$(crc ip)#Modify haproxy configuration
sudo tee /etc/haproxy/haproxy.cfg &>/dev/null <<EOF
global
debug
defaults
log global
mode http
timeout connect 5000
timeout client 5000
timeout server 5000
frontend apps
bind 0.0.0.0:80
option tcplog
mode tcp
default_backend apps
frontend apps_ssl
bind 0.0.0.0:443
option tcplog
mode tcp
default_backend apps_ssl
backend apps
mode tcp
balance roundrobin
server webserver1 $CRC_IP:80 check
backend apps_ssl
mode tcp
balance roundrobin
option ssl-hello-chk
server webserver1 $CRC_IP:443 check
frontend api
bind 0.0.0.0:6443
option tcplog
mode tcp
default_backend api
backend api
mode tcp
balance roundrobin
option ssl-hello-chk
server webserver1 $CRC_IP:6443 check
EOF
Start and enable HA Proxy
sudo systemctl start haproxy
sudo systemctl enable haproxy
Modify Laptop DNS
My laptop is windows-based, in order to access the system i need add line in hosts file in Windows/System32/drivers/etc/hosts
<public-ip> api.crc.testing oauth-openshift.apps-crc.testing console-openshift-console.apps-crc.testing default-route-openshift-image-registry.apps-crc.testing
Replace <public-ip> with your droplet ip public.
After you modify your file, go to https://console-openshift-console.apps-crc.testing/ and accept certificate.
Now you can access your CRC from browser.