Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 3. Installing CodeReady Workspaces in a restricted enviroment

By default, Red Hat CodeReady Workspaces uses various external resources, mainly container images available in public registries.

To deploy CodeReady Workspaces in an environment where these external resources are not available (for example, on a cluster that is not exposed to the public Internet):

  1. Identify the image registry used by the OpenShift cluster, and ensure you can push to it.
  2. Push all the images needed for running CodeReady Workspaces to this registry.
  3. Configure CodeReady Workspaces to use the images that have been pushed to the registry.
  4. Proceed to the CodeReady Workspaces installation.

The procedure for installing CodeReady Workspaces in restricted environments is different based on the installation method you use:

Notes on network connectivity in restricted environments

Restricted network environments range from a private subnet in a cloud provider to a separate network owned by a company, disconnected from the public Internet. Regardless of the network configuration, CodeReady Workspaces works provided that the Routes that are created for CodeReady Workspaces components (codeready-workspaces-server, identity provider, devfile and plugin registries) are accessible from inside the OpenShift cluster.

Take into account the network topology of the environment to determine how best to accomplish this. For example, on a network owned by a company or an organization, the network administrators must ensure that traffic bound from the cluster can be routed to Route hostnames. In other cases, for example, on AWS, create a proxy configuration allowing the traffic to leave the node to reach an external-facing Load Balancer.

When the restricted network involves a proxy, follow the instructions provided in Section 3.3, “Preparing CodeReady Workspaces Custom Resource for installing behind a proxy”.

3.1. Installing CodeReady Workspaces in a restricted enviroment using OperatorHub
링크 복사

Prerequisites

On disconnected OpenShift 4 clusters running on restricted networks, an Operator can be successfully installed from OperatorHub only if it meets the additional requirements defined in Enabling your Operator for restricted network environments.

The CodeReady Workspaces operator meets these requirements and is therefore compatible with the official documentation about OLM on a restricted network.

Procedure

To install CodeReady Workspaces from OperatorHub:

  1. Build a redhat-operators catalog image. See Building an Operator catalog image.
  2. Configure OperatorHub to use this catalog image for operator installations. See Configuring OperatorHub for restricted networks.
  3. Proceed to the CodeReady Workspaces installation as usual as described in Section 2.1, “Installing CodeReady Workspaces using the CodeReady Workspaces Operator in OpenShift 4 web console”.

3.2. Installing CodeReady Workspaces in a restricted enviroment using CLI management tool
링크 복사

Note

Use CodeReady Workspaces CLI management tool to install CodeReady Workspaces on restricted networks only if installation through OperatorHub is not available. This method is not officially supported for OpenShift Container Platform 4.1 or later.

Prerequisites

Prerequisites

  • The oc tool is installed.
  • An image registry that is accessible from the OpenShift cluster. Ensure you can push to it from a location that has, at least temporarily, access to the Internet.

  • The podman tool is installed.

    Note

    When pushing images to other registry than the OpenShift internal registry, and the podman tool fails to work, use the docker tool instead.

The following placeholders are used in this section.

Expand
Table 3.1. Placeholders used in examples

<internal-registry>

host name and port of the container-image registry accessible in the restricted environment

<organization>

organization of the container-image registry

Note

For the OpenShift internal registry, the placeholder values are typically the following:

Expand
Table 3.2. Placeholders for the internal OpenShift registry

<internal-registry>

image-registry.openshift-image-registry.svc:5000

<organization>

openshift

See OpenShift documentation for more details.

Procedure

  1. Define the environment variable with the external endpoint of the image registry:

    For the OpenShift internal registry, use: 

    $ REGISTRY_ENDPOINT=$(oc get route default-route --namespace openshift-image-registry \
  --template='{{ .spec.host }}')

    For other registries, use the host name and port of the image registry: 

    $ REGISTRY_ENDPOINT=<internal-registry>

  2. Log into the internal image registry: 

    $ podman login --username <user> --password <password> <internal-registry>
    Note

    When using the OpenShift internal registry, follow the steps described in the related OpenShift documentation to first expose the internal registry through a route, and then log in to it.

  3. Download, tag, and push the necessary images. Repeat the step for every image in the following lists: 

    $ podman pull <image_name>:<image_tag>
$ podman tag <image_name>:<image_tag> ${REGISTRY_ENDPOINT}/<organization>/<image_name>:<image_tag>
$ podman push ${REGISTRY_ENDPOINT}/<organization>/<image_name>:<image_tag>

    Essential images

    Every workspace launch requires infrastructure images from the following list:

    • CodeReady Workspaces deployment and workspace support

      • registry.redhat.io/codeready-workspaces/crw-2-rhel8-operator:2.2
      • registry.redhat.io/codeready-workspaces/crw-2-rhel8-operator-metadata:2.2
      • registry.redhat.io/codeready-workspaces/devfileregistry-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/server-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/imagepuller-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/jwtproxy-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/pluginbroker-artifacts-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/pluginbroker-metadata-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/pluginregistry-rhel8:2.2
      • registry.redhat.io/redhat-sso-7/sso74-openshift-rhel8:7.4
      • registry.access.redhat.com/ubi8-minimal:8.2

    • Plugins and editors

      • registry.redhat.io/codeready-workspaces/machineexec-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/theia-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/theia-endpoint-rhel8:2.2

    • Workspace tooling

      • registry.redhat.io/rhscl/jboss-eap-7/eap73-openjdk8-openshift-rhel7:7.3.1
      • registry.redhat.io/rhel8/postgresql-96:1

    Workspace-specific images

    CodeReady Workspaces uses a subset of the following images to run a workspace. It is only necessary to include the images related to required technology stacks.

    • Plugins

      • registry.redhat.io/codeready-workspaces/plugin-java8-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/plugin-java11-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/plugin-kubernetes-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/plugin-openshift-rhel8:2.2

    • Stacks

      • registry.redhat.io/codeready-workspaces/stacks-cpp-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/stacks-golang-rhel8:2.2
      • registry.redhat.io/codeready-workspaces/stacks-php-rhel8:2.2

    • Workspace tooling

      • registry.redhat.io/rhscl/mongodb-36-rhel7:1-50

3.2.2. Preparing CodeReady Workspaces Custom Resource for restricted environment
링크 복사

When installing CodeReady Workspaces in a restricted environment using crwctl or OperatorHub, provide a CheCluster custom resource with additional information.

3.2.2.1. Downloading the default CheCluster Custom Resource
링크 복사

Procedure

  1. Download the default custom resource YAML file.
  2. Name the downloaded custom resource org_v1_che_cr.yaml. Keep it for further modification and usage.

3.2.2.2. Customizing the CheCluster Custom Resource for restricted environment
링크 복사

Prerequisites

Procedure

  1. In the CheCluster Custom Resource, which is managed by the CodeReady Workspaces Operator, add the fields used to facilitate deploying an instance of CodeReady Workspaces in a restricted environment: 

    # [...]
spec:
  server:
    airGapContainerRegistryHostname: '<internal-registry>'
    airGapContainerRegistryOrganization: '<organization>'
# [...]

    Setting these fields in the Custom Resource uses <internal-registry> and <organization> for all images. This means, for example, that the Operator expects the offline plug-in and devfile registries to be available at: 

    <internal-registry>/<organization>/pluginregistry-rhel8:<ver>
<internal-registry>/<organization>/pluginregistry-rhel8:<ver>

    For example, to use the OpenShift 4 internal registry as the image registry, define the following fields in the CheCluster Custom Resource: 

    # [...]
spec:
  server:
    airGapContainerRegistryHostname: 'image-registry.openshift-image-registry.svc:5000'
    airGapContainerRegistryOrganization: 'openshift'
# [...]
  2. In the downloaded CheCluster Custom Resource, add the two fields described above with the proper values according to the container-image registry with all the mirrored container images.

This sections describes how to start the CodeReady Workspaces installation in a restricted environment using the CodeReady Workspaces CLI management tool.

Prerequisites

  • CodeReady Workspaces CLI management tool is installed.
  • The oc tool is installed.
  • Access to an OpenShift instance.

Procedure

  1. Log in to OpenShift Container Platform: 

    $ oc login ${OPENSHIFT_API_URL} --username ${OPENSHIFT_USERNAME} \
                                --password ${OPENSHIFT_PASSWORD}

  2. Install CodeReady Workspaces with the customized Custom Resource to add fields related to restricted environment: 

    $ crwctl server:start \
  --che-operator-image=<image-registry>/<organization>/server-operator-rhel8:2.2 \
  --che-operator-cr-yaml=org_v1_che_cr.yaml

3.3. Preparing CodeReady Workspaces Custom Resource for installing behind a proxy
링크 복사

This procedure describes how to provide necessary additional information to the CheCluster custom resource when installing CodeReady Workspaces behind a proxy.

Procedure

  1. In the CheCluster Custom Resource, which is managed by the CodeReady Workspaces Operator, add the fields used to facilitate deploying an instance of CodeReady Workspaces in a restricted environment: 

    # [...]
spec:
  server:
    proxyURL: '<URL of the proxy, with the http protocol, and without the port>'
    proxyPort: '<Port of proxy, typically 3128>'
# [...]

  2. In addition to those basic settings, the proxy configuration usually requires adding the host of the external OpenShift cluster API URL in the list of the hosts to be accessed from CodeReady Workspaces without using the proxy.

    To retrieve this cluster API host, run the following command against the OpenShift cluster: 

    $ oc whoami --show-server | sed 's#https://##' | sed 's#:.*$##'

    The corresponding field of the CheCluster Custom Resource is nonProxyHosts. If a host already exists in this field, use | as a delimiter to add the cluster API host: 

    # [...]
spec:
  server:
    nonProxyHosts: 'anotherExistingHost|<cluster api host>'
# [...]
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat맨 위로 이동