이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 2. Installing CodeReady Workspaces on OpenShift v3
This section describes how to obtain installation files for Red Hat CodeReady Workspaces and how to use them to deploy the product on an instance of OpenShift (such as Red Hat OpenShift Container Platform) v3.
Prerequisites
Minimum hardware requirements
- Minimum 5 GB RAM to run CodeReady Workspaces. The Red Hat Single Sign-On (Red Hat SSO) authorization server and the PostgreSQL database require extra RAM. CodeReady Workspaces uses RAM in the following distribution: - The CodeReady Workspaces server: Approximately 750 MB
- Red Hat SSO: Approximately 1 GB
- PostgreSQL: Approximately 515 MB
- Workspaces: 2 GB of RAM per workspace. The total workspace RAM depends on the size of the workspace runtime(s) and the number of concurrent workspace pods.
 
Software requirements
- CodeReady Workspaces deployment script and configuration file
- Container images required for deployment: Important- The container images are now published on the registry.redhat.io registry and will only be available from registry.redhat.io. For details, see Red Hat Container Registry Authentication.
- To use this registry you must be logged into it. - To authorize from the local Docker daemon, see Using Authentication.
- To authorize from an OpenShift cluster, see Allowing Pods to Reference Images from Other Secured Registries.
 
- It is not necessary to download any of the referenced images manually. - All container images required for deployment are automatically downloaded by the CodeReady Workspaces deployment script.
- Stack images are automatically downloaded by CodeReady Workspaces when new workspaces are created.
 
 - 
							registry.redhat.io/codeready-workspaces/server-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/server-operator-rhel8:1.2
- 
							registry.redhat.io/rhscl/postgresql-96-rhel7:1-40
- 
							registry.redhat.io/redhat-sso-7/sso73-openshift:1.0-11
- 
							registry.redhat.io/ubi8-minimal:8.0-127
 
- Container images with preconfigured stacks for creating workspaces: - 
							registry.redhat.io/codeready-workspaces/stacks-java-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-node-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-php-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-python-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-golang-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-java-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-cpp-rhel8:1.2
- 
							registry.redhat.io/codeready-workspaces/stacks-node:1.2
 
- 
							
Other
To be able to download the CodeReady Workspaces deployment script, Red Hat asks that you register for the free Red Hat Developer Program. This allows you to agree to license conditions of the product. For instructions on how to obtain the deployment script, see Section 2.2, “Downloading the CodeReady Workspaces deployment script”.
2.1. Downloading the Red Hat OpenShift Origin Client Tools
This procedure describes steps to obtain and unpack the archive with the Red Hat OpenShift Origin Client Tools.
The CodeReady Workspaces deployment and migration scripts require the use of OpenShift Origin Client Tools 3.11. Later versions may be supported in future but as deployment of CodeReady Workspaces to OpenShift Container Platform and OpenShift Dedicated 4 can be done via the embedded OperatorHub, using a deployment script is no longer necessary.
Procedure
- Change to a temporary directory. Create it if necessary. For example: - mkdir ~/tmp cd ~/tmp - $ mkdir ~/tmp $ cd ~/tmp- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
						Download the archive with the ocfile from: oc.tar.gz.
- Unpack the downloaded archive. The - ocexecutable file is unpacked in your current directory:- tar xf oc.tar.gz && ./oc version - $ tar xf oc.tar.gz && ./oc version- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
						Add the ocfile to your path.
2.2. Downloading the CodeReady Workspaces deployment script
This procedure describes how to obtain and unpack the archive with the CodeReady Workspaces deployment shell script.
The CodeReady Workspaces deployment script uses the OpenShift Operator to deploy Red Hat Single Sign-On, the PostgreSQL database, and the CodeReady Workspaces server container images on an instance of Red Hat OpenShift Container Platform. The images are available in the Red Hat Container Catalog.
Procedure
- Change to a temporary directory. Create it if necessary. For example: - mkdir ~/tmp cd ~/tmp - $ mkdir ~/tmp $ cd ~/tmp- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- 
						Download the archive with the deployment script and the custom-resource.yamlfile using the browser with which you logged into the Red Hat Developer Portal: codeready-workspaces-1.2.2.GA-operator-installer.tar.gz.
- Unpack the downloaded archive and change to the created directory: - tar xvf codeready-workspaces-1.2.2.GA-operator-installer.tar.gz \ && cd codeready-workspaces-operator-installer/ - $ tar xvf codeready-workspaces-1.2.2.GA-operator-installer.tar.gz \ && cd codeready-workspaces-operator-installer/- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Next steps
Continue by configuring and running the deployment script. See Section 2.3, “Running the CodeReady Workspaces deployment script”.
2.3. Running the CodeReady Workspaces deployment script
				The CodeReady Workspaces deployment script uses command-line arguments and the custom-resource.yaml file to populate a set of configuration environment variables for the OpenShift Operator used for the actual deployment.
			
Prerequisites
- Downloaded and unpacked deployment script and the configuration file. See Section 2.2, “Downloading the CodeReady Workspaces deployment script”.
- A running instance of Red Hat OpenShift Container Platform 3.11 or OpenShift Dedicated 3.11. To install OpenShift Container Platform, see the Getting Started with OpenShift Container Platform guide.
- 
						The OpenShift Origin Client Tools 3.11, oc, is in the path. See Section 2.1, “Downloading the Red Hat OpenShift Origin Client Tools”.
- 
						The user is logged in to the OpenShift instance (using, for example, oc login).
- CodeReady Workspaces is supported for use with Google Chrome 70.0.3538.110 (Official Build) (64bit).
- cluster-adminrights to successfully deploy CodeReady Workspaces using the deploy script. The following table lists the objects and the required permissions:- Expand - Type of object - Name of the object that the installer creates - Description - Permission required - CRD - - - Custom Resource Definition - CheCluster - cluster-admin- CR - codeready- Custom Resource of the CheCluster type of object - cluster-admin. Alternatively, you can create a- clusterrole.- ServiceAccount - codeready-operator- Operator uses this service account to reconcile CodeReady Workspaces objects - The edit role in a target namespace. - Role - codeready-operator- Scope of permissions for the operator-service account - cluster-admin- RoleBinding - codeready-operator- Assignment of a role to the service account - The edit role in a target namespace. - Deployment - codeready-operator- Deployment with operator image in the template specification - The edit role in a target namespace. - ClusterRole - codeready-operator- ClusterRoleallows you to create, update, delete oAuthClients- cluster-admin- ClusterRoleBinding - ${NAMESPACE}-codeready-operator- ClusterRoleBindingallows you to create, update, delete oAuthClients- cluster-admin- Role - secret-reader- Roleallows you to read secrets in the router namespace- cluster-admin- RoleBinding - ${NAMESPACE}-codeready-operator- RoleBindingallows you to read secrets in router namespace- cluster-admin
By default, the operator-service account gets privileges to list, get, watch, create, update, and delete ingresses, routes, service accounts, roles, rolebindings, PVCs, deployments, configMaps, secrets. It also has privileges to run execs into pods, watch events, and read pod logs in a target namespace.
With self-signed certificates support enabled, the operator-service account gets privileges to read secrets in an OpenShift router namespace.
With OpenShift OAuth enabled, the operator-service account gets privileges to get, list, create, update, and delete oAuthclients at a cluster scope.
2.3.1. Deploying CodeReady Workspaces with default settings
- Run the following command: - ./deploy.sh --deploy - $ ./deploy.sh --deploy- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow Note- Run the - ./deploy.sh --helpcommand to get a list of all available arguments. For a description of all the options, see Section 2.6, “CodeReady Workspaces deployment script parameters”.- The following messages indicates that CodeReady Workspaces is getting installed: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The CodeReady Workspaces successfully deployed and available at <URL> message confirms that the deployment is successful. 
- Open the OpenShift web console.
- In the My Projects pane, click workspaces.
- Click Applications > Pods. The pods are shown running. - Figure 2.1. Pods for codeready shown running 
2.3.2. Deploying CodeReady Workspaces with a self-signed certificate and OpenShift OAuth
To deploy CodeReady Workspaces with a self-signed certificate, run the following command:
./deploy.sh --deploy --oauth
$ ./deploy.sh --deploy --oauthIf you use the TLS mode with a self-signed certificate, ensure that your browser trusts the certificate. If it does not trust the certificate, the Authorization token is missed error is displayed on the login page and the running workspace may not work as intended.
2.3.3. Deploying CodeReady Workspaces with a public certificate
To deploy CodeReady Workspaces to a cluster configured with public certificates, run the following command:
./deploy.sh --deploy --public-certs
$ ./deploy.sh --deploy --public-certs2.3.4. Deploying CodeReady Workspaces with external Red Hat Single Sign-On
To deploy with an external Red Hat Single Sign-On (Red Hat SSO) and enable a Red Hat SSO instance, take the following steps:
- Update the following values in the - custom-resource.yamlfile:- auth: externalIdentityProvider: 'true' identityProviderURL: 'https://my-red-hat-sso.com' identityProviderRealm: 'myrealm' identityProviderClientId: 'myClient' - auth: externalIdentityProvider: 'true'- 1 - identityProviderURL: 'https://my-red-hat-sso.com'- 2 - identityProviderRealm: 'myrealm'- 3 - identityProviderClientId: 'myClient'- 4 - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- Instructs the operator on whether or not to deploy the Red Hat SSO instance. When set totrue, provisions the connection details.
- 2
- Retrieved from the respective route or ingress unless explicitly specified in CR (when theexternalIdentityProvidervariable istrue).
- 3
- Name of a Red Hat SSO realm. This realm is created when theexternalIdentityProvidervariable istrue. Otherwise, it is passed to the CodeReady Workspaces server.
- 4
- The ID of a Red Hat SSO client. This client is created when theexternalIdentityProvidervariable isfalse. Otherwise, it is passed to the CodeReady Workspaces server.
 
- Run the deploy script: - ./deploy.sh --deploy - $ ./deploy.sh --deploy- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
2.3.5. Deploying CodeReady Workspaces with external Red Hat SSO and PostgreSQL
The deploy script supports the following combinations of external Red Hat SSO and PostgreSQL:
- PostgreSQL and Red Hat SSO
- Red Hat SSO only
The deploy script does not support the external database and bundled Red Hat SSO combination currently. Provisioning of the database and the Red Hat SSO realm with the client happens only with bundled resources. If you are connecting your own database or Red Hat SSO, you should pre-create resources.
To deploy with the external PostgreSQL database and Red Hat SSO, take the following steps:
- Update the following PostgreSQL database-related values in the - custom-resource.yamlfile:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- When set totruethe operator skips deploying PostgreSQL and passes the connection details of the existing database to the CodeReady Workspaces server. Otherwise, a PostgreSQL deployment is created.
- 2
- The PostgreSQL database hostname that the CodeReady Workspaces server uses to connect to. Defaults topostgres.
- 3
- The PostgreSQL database port that the CodeReady Workspaces server uses to connect to. Defaults to5432.
- 4
- The PostgreSQL user that the CodeReady Workspaces server when making a database connection. Defaults topgche.
- 5
- The password of a PostgreSQL user. Auto-generated when left blank.
- 6
- The PostgreSQL database name that the CodeReady Workspaces server uses to connect to. Defaults todbche.
 
- Update the following Red Hat SSO-related values in the - custom-resource.yamlfile:- auth: externalIdentityProvider: 'true' identityProviderURL: 'https://my-red-hat-sso.com' identityProviderRealm: 'myrealm' identityProviderClientId: 'myClient' - auth: externalIdentityProvider: 'true'- 1 - identityProviderURL: 'https://my-red-hat-sso.com'- 2 - identityProviderRealm: 'myrealm'- 3 - identityProviderClientId: 'myClient'- 4 - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- Instructs the operator on whether or not to deploy Red Hat SSO instance. When set totrue, provisions the connection details.
- 2
- Retrieved from the respective route or ingress unless explicitly specified in CodeReady Workspaces (whenexternalIdentityProvideristrue).
- 3
- Name of a Red Hat SSO realm. This realm is created whenexternalIdentityProvideristrue. Otherwise, passed to the CodeReady Workspaces server.
- 4
- ID of a Red Hat SSO client. This client is created whenexternalIdentityProviderisfalse. Otherwise, passed to the CodeReady Workspaces server.
 
- Run the deploy script: - ./deploy.sh --deploy - $ ./deploy.sh --deploy- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Additional resources
- See Section 2.6, “CodeReady Workspaces deployment script parameters” for definitions of the deployment script parameters.
2.4. Viewing CodeReady Workspaces installation logs
You can view the installation logs in the terminal or from the OpenShift console.
2.4.1. Viewing CodeReady Workspaces installation logs in the terminal
To view the installation logs on the terminal, take the following steps:
- To obtain the names of the pods you must switch to project where CodeReady Workspaces is installed: - oc get pods -n=<OpenShift-project-name> - $ oc get pods -n=<OpenShift-project-name>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - Following is an example output. - NAME READY STATUS RESTARTS AGE codeready-76d985c5d8-4sqmm 1/1 Running 2 1d codeready-operator-54b58f8ff7-fc88p 1/1 Running 3 1d keycloak-7668cdb5f5-ss29s 1/1 Running 2 1d postgres-7d94b544dc-nmhwp 1/1 Running 1 1d - NAME READY STATUS RESTARTS AGE codeready-76d985c5d8-4sqmm 1/1 Running 2 1d codeready-operator-54b58f8ff7-fc88p 1/1 Running 3 1d keycloak-7668cdb5f5-ss29s 1/1 Running 2 1d postgres-7d94b544dc-nmhwp 1/1 Running 1 1d- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
- To view the logs for the pod, run: - oc logs <log-name> - $ oc logs <log-name>- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - The following is an example output: - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
2.4.2. Viewing CodeReady Workspaces installation logs in the OpenShift console
To view installation logs in OpenShift console, take the following steps:
- Navigate to the OpenShift web console`.
- In the My Projects pane, click workspaces.
- Click Applications > Pods. Click the name of the pod for which you want to view the logs.
- Click Logs and click Follow. - Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
2.5. Configuring CodeReady Workspaces to work behind a proxy server
This procedure describes how to configure CodeReady Workspaces for use in a deployment behind a proxy server. To access external resources (for example, to download Maven artifacts to build Java projects), change the workspace configuration.
Prerequisites
- 
						OpenShift with a logged in occlient.
- Deployment script. See Section 2.2, “Downloading the CodeReady Workspaces deployment script”.
Procedure
- Update the following values in the - custom-resource.yamlfile:- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow - 1
- Substitutehttp://172.19.20.128for the protocol and hostname of your proxy server.
- 2
- Substitute3128for the port of your proxy server.
- 3
- Substitute172.30.0.1for the value of the$KUBERNETES_SERVICE_HOSTenvironment variable (runecho $KUBERNETES_SERVICE_HOSTin any container running in the cluster to obtain this value).
 You may also have to add a customnonProxyHostsvalue as required by your network. In this example, this value is*.172.19.20.240.nip.io(the routing suffix of the OpenShift Container Platform installation).
 Important- Use correct indentation as shown above.
- 
									Use the bar sign (|) as the delimiter for multiplenonProxyHostsvalues.
- You may need to list the same wildcard and abbreviated - nonProxyHostsvalues more than once. For example:- nonProxyHosts: 'localhost | 127.0.0.1 | *.nip.io | .nip.io | *.example.com | .example.com' - nonProxyHosts: 'localhost | 127.0.0.1 | *.nip.io | .nip.io | *.example.com | .example.com'- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
 
- Run the following command: - ./deploy.sh --deploy - $ ./deploy.sh --deploy- Copy to Clipboard Copied! - Toggle word wrap Toggle overflow 
Additional resources
2.6. CodeReady Workspaces deployment script parameters
				The custom-resource.yaml file contains default values for the installation parameters. Those parameters that take environment variables as values can be overridden from a command line. Not all installation parameters are available as flags.
			
				Before running the deployment script in a fast mode, review the custom-resource.yaml file. Run the ./deploy.sh --help command to get a list of all available arguments.
			
				The following is an annotated example of the custom-resource.yaml file with all available parameters:
			
Server settings:
- 1
- Defaults toche. When set tocodeready, CodeReady Workspaces is deployed. The difference is in images, labels, and in exec commands.
- 2
- The server image used in the Che deployment.
- 3
- The tag of an image used in the Che deployment.
- 4
- TLS mode for Che. Ensure that you either have public certificate or set theselfSignedCertenvironment variable totrue. If you use the TLS mode with a self-signed certificate, ensure that your browser trusts the certificate. If it does not trust the certificate, the Authorization token is missed error is displayed on the login page and the running workspace may not work as intended.
- 5
- When set totrue, the operator attempts to get a secret in the OpenShift router namespace to add it to the ava trust store of the CodeReady Workspaces server. Requires cluster-administrator privileges for the operator service account.
- 6
- The protocol and hostname of a proxy server. Automatically added asJAVA_OPTSvariable andhttps(s)_proxyto the CodeReady Workspaces server and workspaces containers.
- 7
- The port of a proxy server.
- 8
- A list of non-proxy hosts. Use | as a delimiter. Example:localhost|my.host.com|123.42.12.32.
- 9
- The username for a proxy server.
- 10
- The password for a proxy user.
Storage settings:
storage:
      pvcStrategy:      'common'        
      pvcClaimSize:     '1Gi'           
storage:
      pvcStrategy:      'common'        
      pvcClaimSize:     '1Gi'           - 1
- The persistent volume claim strategy for the CodeReady Workspaces server. Can be common (all workspaces PVCs in one volume), per-workspace (one PVC per workspace for all the declared volumes), or unique (one PVC per declared volume). Defaults tocommon.
- 2
- The size of a persistent volume claim for workspaces. Defaults to1Gi.
Database settings:
- 1
- When set totrue, the operator skips deploying PostgreSQL and passes the connection details of the existing database to the CodeReady Workspaces server. Otherwise, a PostgreSQL deployment is created.
- 2
- The PostgreSQL database hostname that the CodeReady Workspaces server uses to connect to. Defaults topostgres.
- 3
- The PostgreSQL database port that the CodeReady Workspaces server uses to connect to. Defaults to5432.
- 4
- The Postgres user that the CodeReady Workspaces server when making a databse connection. Defaults topgche.
- 5
- The password of a PostgreSQL user. Auto-generated when left blank.
- 6
- The PostgreSQL database name that the CodeReady Workspaces server uses to connect to. Defaults todbche.
auth settings:
- 1
- Instructs an operator to enable the OpenShift v3 identity provider in Red Hat SSO and create the respective oAuthClient and configure the Che configMap accordingly.
- 2
- Instructs the operator on whether or not to deploy the RH SSO instance. When set totrue, it provisions the connection details.
- 3
- The desired administrator username of the Red Hat SSO administrator (applicable only when theexternalIdentityProvidervariable isfalse).
- 4
- The desired password of the Red Hat SSO administrator (applicable only when theexternalIdentityProvidervariable isfalse).
- 5
- Retrieved from the respective route or ingress unless explicitly specified in CR (when theexternalIdentityProvidervariable istrue).
- 6
- The name of a Red Hat SSO realm. This realm is created when theexternalIdentityProvidervariable istrue. Otherwise, it is passed to the CodeReady Workspaces server.
- 7
- The ID of a Red Hat SSO client. This client is created when theexternalIdentityProvidervariable isfalse. Otherwise, it is passed to the CodeReady Workspaces server.
