Skip to content

Instantly share code, notes, and snippets.

@bentito

bentito/steps-to-crc-dev.md

Last active March 20, 2023 16:51
Show Gist options
  • Save bentito/177d8a49f7e60d9813409c8251faa259 to your computer and use it in GitHub Desktop.
Save bentito/177d8a49f7e60d9813409c8251faa259 to your computer and use it in GitHub Desktop.
Download ZIP
Steps to be able to do local dev on OpenShift Local (CRC)
Raw
steps-to-crc-dev.md

To enable faster dev process with OpenShift Local (CRC) where you can push dev images to the local internal registry included with OpenShift and pull those same images internally in the cluster you need to follow these steps:

Push images to OpenShift Local's image registry, must be labeled like:

REGISTRY=$(oc get route/default-route -n openshift-image-registry -o=jsonpath='{.spec.host}'); \
IMAGE_PUSH=$($REGISTRY/openshift/pod-identity-webhook:0.4) \

or simpler and actually working:

IMAGE_PUSH = default-route-openshift-image-registry.apps-crc.testing/default/pod-identity-webhook:0.4

oc login as kubeadmin to the cluster.

docker login to the cluster internal regsistry with:

docker login -u kubeadmin -p $(oc whoami -t) default-route-openshift-image-registry.apps-crc.testing

This results in a push-able registry:image:tag that looks something like this:

default-route-openshift-image-registry.apps-crc.testing/default/pod-identity-webhook:0.4

Pulling from the internal registry requires using a different image pull spec (see below) AND the following enabling steps:

$ oc debug node/$(oc get node | grep master | head -1 | awk '{print $1}')
sh-4.4# chroot /host
sh-4.4# oc login -u kubeadmin -p <PASSWORD>  https://api.<CLUSTER_NAME>.<DOMAIN_NAME>:6443
sh-4.4# oc create sa image-puller -n openshift-config
sh-4.4# oc adm policy add-cluster-role-to-user system:image-puller -z image-puller -n openshift-config
sh-4.4# TOKEN=$(oc create token image-puller -n openshift-config)
sh-4.4# oc get secret pull-secret -n openshift-config -o json | jq '.data.".dockerconfigjson"' -r | base64 -d > /tmp/pull-secret
sh-4.4# oc registry login --registry=image-registry.openshift-image-registry.svc:5000 --auth-basic=image-puller:${TOKEN} --to=/tmp/pull-secret
sh-4.4# oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=/tmp/pull-secret
sh-4.4# exit
sh-4.4# exit

Pull images from internal registry (like in a Deployment for instance) with the following:

    spec:
      containers:
      - name: pod-identity-webhook
        image: image-registry.openshift-image-registry.svc:5000/default/pod-identity-webhook:0.4

Note: the deployment namespace name, default is substituted for openshift in the pull spec and overall the registry name is not the same as the push registry name.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment