Download the CLI tools go this link: https://console.redhat.com/openshift/install/metal/multi and navigate to the command line interface and click the download command-line tools. Once you have the tarball, follow the documentation to install the CLI tools (note: only do steps 4 and 5 in the link), https://docs.redhat.com/en/documentation/openshift_container_platform/4.5/html/installing_on_rhv/cli-installing-cli_installing-rhv-default.
Install the ibmcloud binary with the following command.
# for linux
curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
# for macOS
curl -fsSL https://clis.cloud.ibm.com/install/osx | sh- Login to the cluster from the terminal using the following command:
ibmcloud login --sso. - Download the cluster config with the following command:
ibmcloud ks cluster config --cluster d7llvfhr0oi9kj43639g.
a. If you get the error that says that pluginksis not available, install the plugin with the following command.
ibmcloud plugin install kubernetes-serviceand then rerun the above command. - Log in to the openshift cluster using
oc login --web. - Check if you have access by running
oc whoami. - (Non admins) Please refer to the Users section to set up development.
- Invite newly created user to the group.
ibmcloud account user-invite user@email.com
Currently configuring user creation and credentials using htpasswd.
The command to generate an HTPasswd file is htpasswd -c -B users.htpasswd alice (for first time creation and this will generate a users.htpasswd file.)
Then the following command for adding additional users, htpasswd -B users.htpasswd bob.
- Download the existing htpasswd file
oc get secret htpasswd-secret -n openshift-config -o jsonpath='{.data.htpasswd}' | base64 -d > htpasswd - Add a new user
htpasswd -B htpasswd newuser# this will prompt for a password. - Update the secret
oc create secret generic htpasswd-secret \
--from-file=htpasswd=htpasswd \
-n openshift-config \
--dry-run=client -o yaml | oc replace -f -
- Verify the user can log in
oc login -u newuser
# Delete a user from htpasswd
htpasswd -D htpasswd olduser
# list current users
cat htpasswd
Run create_dev_admin.sh (The following explain the content in case you want to do them individually. This script is for admin only!)
- Create namespace for the user
oc apply -f <(sed "s/<username>/alice/g" namespace.yml) - Apply anyuid to bypass SCC so that they can run as root.
oc adm policy add-scc-to-user anyuid -z default -n alice - Apply edit role to the user to allow them to create resources in their namespace.
oc adm policy add-role-to-user edit alice -n alice - Apply Role and Role bindings so that user can access created secrets.
oc apply -n alice -f <(sed "s/<username>/alice/g" rbac.yml) - Apply PVC to have persisent folder even if pods are destroyed.
oc apply -n alice -f <(sed "s/<username>/alice/g" pvc/persistent-workspace-pvc.yml) - Push quay image secret to pull images from quay
oc apply -f <(sed "s/<username>/alice/g" rh-ee-sampark-dev-bot-secret.yml) - Create configmaps for bazel, gdbinit, and init-script
bash oc apply -f <(sed "s/<username>/alice/g" config_map/bazel-configmap.yml) oc apply -f <(sed "s/<username>/alice/g" config_map/gdbinit-configmap.yml) oc apply -f <(sed "s/<username>/alice/g" config_map/init-script-configmap.yml)
Follow steps 1-3 if there is no kubeconfig file in $HOME/.kube/config. If already done, skip to step 4 and make sure that you have logged in to openshift with oc login --web.
- Create an IBM cloud account by going to https://cloud.ibm.com. Use your Red Hat email.
- Join the cluster group through an invite link sent by an admin.
- Run
ibmcloud login --ssoin the command line to login to IBM cloud in the terminal.
a. (Should have already done this part but showing this step for reference) Runibmcloud ks cluster config --cluster d7llvfhr0oi9kj43639gto download thekubeconfigfile. This file you can put in~/.kube/configso thatkubectlandocwill pick this up automatically. - Once the admin has created a namespace for you, make sure that your working directory is
devcontainers/openshiftand run thecreate_dev_user.shscript. This will automatically setup the basic development templates.
a. This assumes that you have theocbinary already installed!
b. When prompted for the username, use NAME from your email: NAME@redhat.com and omit the@redhat.com
c. When prompted for ssh private key file, give the absolute file path to your ssh key that is registered in your github account. I.E./home/user/.ssh/id_ed25519. DO NOT use the~.
d. When prompted for your gcloud authentication file, give the absolute file path that claude uses for authentication.~/.config/gcloud/application_default_credentials.json. DO NOT use the~. This will give pods the capability of using claude.
Once the cluster admin creates the user and its respective namespace and only then run create_dev_user.sh. The script will prompt the user for OAuth type. Select the appropriate type. The following explain the content in case you want to do them individually. This script is for users to get started with their deployment pod. The script will prompt the user for their Openshift username, path to the ssh private key file, and their gcloud authentication default json file.
- Create openshift secret for git-ssh-key.
oc create secret generic $USERNAME-git-ssh-key \
--namespace=$USERNAME \
--from-file=ssh-privatekey=$HOME/.ssh/id_github \
--from-file=ssh-publickey=$HOME/.ssh/id_github.pub \
--from-file=known_hosts=<(ssh-keyscan github.com 2>/dev/null)- Create openshift secret for the gcloud authentication json file for claude use.
oc create secret generic $USERNAME-gcloud-config \
--namespace=$USERNAME \
--from-file=$HOME/.config/gcloud/application_default_credentials.json- Apply deployment manifest file.
oc apply -f <(sed "s/<username>/alice/g" deployment/deployment.yml)
Do not open tmux or screen from vscode. As the vscode is tied to that shell session when vscode closes so will all tmux sessions. Run this command outside of vscode to make sure that your tmux session will run even if vscode closes. oc exec -it <ur-pod-name> -- tmux new -s <tmux-session-name>. Use ctrl + b and then d to exit the session without killing tmux. This will ensure tmux is running even if vscode closes.
Once the admin creates the credentials for the user, the user just has to login via username and password to receive a kubeconfig in $HOME/.kube/config.
Run the following command: oc login <cluster-url> -u <newuser> -p <password>