1
2
3
4
5
作者:李晓辉

微信联系:lxh_chat

联系邮箱: 939958092@qq.com

最近在折腾容器化项目,想试试OpenShift,我最近发现了一个超棒的工具——CRC(CodeReady Containers)。这玩意儿简直就是OpenShift的“开箱即用神器”,能让你在本地电脑上快速搭建一个完整的OpenShift集群,而且操作简单到不行!

OpenShift现在在容器编排领域可是大名鼎鼎,它能帮你轻松管理容器应用,让开发和部署变得超高效。但安装OpenShift一直是个让人头疼的事儿,尤其是对于新手来说。不过,CRC的出现完美解决了这个问题。它就像是OpenShift的“私人管家”,帮你把复杂的安装过程简化到极致。不管你是Windows用户、macOS用户还是Linux用户,CRC都能搞定。

今天,我就来给大家详细讲讲怎么用CRC安装OpenShift。这篇文章绝对适合那些想快速上手OpenShift的开发者和测试人员,跟着我一步步来,保证让你轻松搞定!以下是我这次安装所用的机器配置,给你参考以下~

项目详细信息
操作系统Rocky Linux 9.4
OpenShift版本4.18.2
额外硬盘容量500G
硬盘用途用于创建CRC卷组(vg)
CRC卷组名称crc
安装工具CRC (CodeReady Containers)
安装用户lixiaohui
硬件配置8核心, 16G内存
虚拟化支持已开启

安装前的准备

用户要求

crc安装只能用非root账号,且要求这个账号有sudo权限,我们来创建一个lixiaohui用户并分配sudo权限吧~

1
useradd -G wheel lixiaohui
1
2
3
4
5
6
[root@lxh-host1 ~]# passwd lixiaohui
Changing password for user lixiaohui.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.

还有记得,必须使用ssh的方式登录系统才行,不能用su的方式,不然有可能报这个错

1
Executing systemctl action failed:  exit status 1: Failed to connect to bus: No medium found

硬件要求

要是资源不够,CRC可就跑不起来啦

要是你想用CRC来跑OpenShift Container Platform,那得准备好以下资源:

  • CPU:得有4个物理CPU核心。别担心,现在大多数电脑都能轻松满足这个要求。

  • 内存:至少得有10.5GB的空闲内存。要是你的电脑内存不够,可能就得清理一下其他占用内存的应用程序啦!

  • 磁盘空间:至少得有35GB的空闲存储空间。尤其是在你准备用于安装的这个普通账号的家目录中,它会创建一个.crc的文件夹用于缓存虚拟机镜像,会占用很大空间,这个空间主要是用来存放OpenShift的镜像文件和集群数据,所以别小气,腾出足够的空间哦!

  • 额外的硬盘: 安装之前,还需要你准备一个名为crc的lvm vg,请分配多一点的空间给它。

如果没有名为crc的vg卷组,就会报这个错:

1
Error creating machine: error with pre-create check: Use 'crc setup' to define the machine driver storage pool, Use 'crc setup' to define the storage pool, viMessage='Failed to connect socket to '/var/run/libvirt/virtstoraged-sock': No such file or directory'

注意事项

  • 资源分配:这些资源要求是CRC运行的最低标准,要是你的工作负载比较复杂,可能还需要更多的资源。比如,如果你要部署一些大型应用或者同时运行多个服务,那内存和CPU可能就得再加一加。

  • 别卡死自己:虽然CRC会自动分配资源给OpenShift集群,但别忘了给自己留点余地。要是把所有资源都分配给集群,你的电脑可能会卡成“老年机”哦!

  • 随时调整:要是你在运行过程中发现资源不够用,别慌,CRC支持动态调整资源分配。你可以随时用命令调整CPU和内存的分配,比如crc config set memory 16384(把内存调整到16GB)。

操作系统要求

在咱们开始安装CRC之前,先得看看你的电脑系统符不符合要求。

Windows用户

  • 最低要求:得是Windows 10或者Windows 11,而且得是最新版本的,不然CRC可能会“罢工”哦!

  • 注意:Windows Home版是不行的,得是专业版或者企业版。要是你用的是Windows Home版,可能得考虑升级一下系统啦。

macOS用户

  • 最低要求:得是macOS 13 Ventura或者更新的版本。要是你的系统太老,CRC可就不认账啦!

  • 注意:macOS的更新很重要,记得定期检查一下系统更新哦!

Linux用户

Linux用户稍微复杂一点,不过别怕,我给你分门别类说清楚。

  • Red Hat Enterprise Linux(RHEL)

    • 最低要求:得是最近两个小版本的RHEL。

    • 注册:你的主机得在Red Hat客户门户网站上注册,不然可能会遇到权限问题。

    • 安装包:得安装libvirtNetworkManager这两个包。安装方法也很简单,直接在终端里运行下面的命令就行:

1
sudo dnf install libvirt NetworkManager

CentOS

  • 最低要求:得是CentOS 8或9的最近两个小版本。

  • 安装包:同样需要安装libvirtNetworkManager,命令和上面一样:

1
sudo dnf install libvirt NetworkManager

Fedora

  • 最低要求:得是最近两个稳定版本的Fedora。

  • 安装包:还是得安装libvirtNetworkManager,命令也是一样的:

1
sudo dnf install libvirt NetworkManager

它既然支持红帽这些rpm体系的系统,那rocky也应该是支持的,我本次用rocky这个系统来安装

Ubuntu和Debian用户注意啦!

  • 最低要求:Ubuntu得是18.04 LTS或者更新版本,Debian得是10或者更新版本。

  • 注意:虽然CRC理论上支持这些系统,但可能会需要手动配置一些东西。不过别怕,只要安装好libvirtnetwork-manager,基本也能搞定。安装命令如下:

1
sudo apt install qemu-kvm libvirt-daemon libvirt-daemon-system network-manager

下载crc安装包

crc软件的下载地址:https://console.redhat.com/openshift/create/local

这里可以根据你的需求,下载Windows、macos、linux版本,我既然打算用rockylinux,就下载Linux版本

从页面来看,我选择了Linux版本,你可以点击下拉框选别的平台,还有记得下载一下那个pull-secret文件,一会儿要用的

Linux版本的crc下载地址是:https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz

1
[root@lxh-host1 ~]# wget https://developers.redhat.com/content-gateway/rest/mirror/pub/openshift-v4/clients/crc/latest/crc-linux-amd64.tar.xz

解压一下压缩包

1
2
3
4
[root@lxh-host1 ~]# tar xvf crc-linux-amd64.tar.xz
crc-linux-2.49.0-amd64/
crc-linux-2.49.0-amd64/LICENSE
crc-linux-2.49.0-amd64/crc

把压缩包里的crc程序放到PATH路径中,方便使用

1
2
3
[root@lxh-host1 ~]# mv crc-linux-2.49.0-amd64/crc /usr/bin
[root@lxh-host1 ~]# chmod +x /usr/bin/crc
[root@lxh-host1 ~]#

看看成功没,顺便看看版本号

1
2
3
4
[root@lxh-host1 ~]# crc version
CRC version: 2.49.0+e843be
OpenShift version: 4.18.2
MicroShift version: 4.18.2

准备crc卷组

看看有哪个空硬盘,做一个crc卷组

1
2
3
[root@lxh-host1 ~]# lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
nvme0n7     259:9    0   500G  0 disk

好的,用我的nvme0n7创建一个名为crc的卷组

1
2
3
4
5
6
[root@lxh-host1 ~]# vgcreate crc /dev/nvme0n7
  Physical volume "/dev/nvme0n7" successfully created.
  Volume group "crc" successfully created
[root@lxh-host1 ~]# vgs
  VG                                        #PV #LV #SN Attr   VSize    VFree
  crc                                         1   0   0 wz--n- <500.00g <500.00g

准备crc依赖

再次提醒,请使用ssh方式登录你准备好的普通用户

1
[root@lxh-host1 ~]# ssh lixiaohui@localhost

crc setup命令会安装和检测集群启动的所有依赖,如果失败,可以crc setup --log-level debug来输出更详细的日志

1
2
3
[lixiaohui@lxh-host1 ~]$ crc config set consent-telemetry no
Successfully configured consent-telemetry to no
[lixiaohui@lxh-host1 ~]$ crc setup

输出以下信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
[lixiaohui@lxh-host1 ~]$ crc setup
INFO Using bundle path /home/lixiaohui/.crc/cache/crc_libvirt_4.18.2_amd64.crcbundle
INFO Checking if running as non-root
INFO Checking if running inside WSL2
INFO Checking if crc-admin-helper executable is cached
INFO Caching crc-admin-helper executable
INFO Using root access: Changing ownership of /home/lixiaohui/.crc/bin/crc-admin-helper-linux-amd64

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lixiaohui:
INFO Using root access: Setting suid for /home/lixiaohui/.crc/bin/crc-admin-helper-linux-amd64
INFO Checking if running on a supported CPU architecture
INFO Checking if crc executable symlink exists
INFO Creating symlink for crc executable
INFO Checking minimum RAM requirements
INFO Check if Podman binary exists in: /home/lixiaohui/.crc/bin/oc
INFO Checking if Virtualization is enabled
INFO Checking if KVM is enabled
INFO Checking if libvirt is installed
INFO Installing libvirt service and dependencies
INFO Using root access: Installing virtualization packages
INFO Checking if user is part of libvirt group
INFO Adding user to libvirt group
INFO Using root access: Adding user to the libvirt group
INFO Checking if active user/process is currently part of the libvirt group
INFO Checking if libvirt daemon is running
INFO Checking if a supported libvirt version is installed
INFO Checking if crc-driver-libvirt is installed
INFO Installing crc-driver-libvirt
INFO Checking crc daemon systemd service
INFO Setting up crc daemon systemd service
INFO Checking crc daemon systemd socket units
INFO Setting up crc daemon systemd socket units
INFO Checking if vsock is correctly configured
INFO Setting up vsock support
INFO Using root access: Setting CAP_NET_BIND_SERVICE capability for /usr/bin/crc executable
INFO Using root access: Creating udev rule for /dev/vsock
INFO Using root access: Changing permissions for /etc/udev/rules.d/99-crc-vsock.rules to 644
INFO Using root access: Reloading udev rules database
INFO Using root access: Loading vhost_vsock kernel module
INFO Using root access: Creating file /etc/modules-load.d/vhost_vsock.conf
INFO Using root access: Changing permissions for /etc/modules-load.d/vhost_vsock.conf to 644
INFO Checking if CRC bundle is extracted in '$HOME/.crc'
INFO Checking if /home/lixiaohui/.crc/cache/crc_libvirt_4.18.2_amd64.crcbundle exists
INFO Getting bundle for the CRC executable
INFO Downloading bundle: /home/lixiaohui/.crc/cache/crc_libvirt_4.18.2_amd64.crcbundle...
5.74 GiB / 5.74 GiB [---------------------------------------------------------------------------------------------------------------] 100.00% 45.52 MiB/s
INFO Uncompressing /home/lixiaohui/.crc/cache/crc_libvirt_4.18.2_amd64.crcbundle
crc.qcow2:  20.25 GiB / 20.25 GiB [-------------------------------------------------------------------------------------------------------------] 100.00%
oc:  176.52 MiB / 176.52 MiB [------------------------------------------------------------------------------------------------------------------] 100.00%
Your system is correctly setup for using CRC. Use 'crc start' to start the instance
[lixiaohui@lxh-host1 ~]$

ok,从上面最后一条信息看,提示我们用’crc start’来启动集群

启动crc 实例

别忘了指定一下你下载的pull-secret文件

crc start如果失败,可以crc start --log-level debug来输出更详细的日志

1
[lixiaohui@lxh-host1 ~]$ crc start --pull-secret-file /pull-secret.txt

输出以下信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
[lixiaohui@lxh-host1 ~]$ crc start --pull-secret-file /pull-secret.txt
INFO Using bundle path /home/lixiaohui/.crc/cache/crc_libvirt_4.18.2_amd64.crcbundle
INFO Checking if running as non-root
INFO Checking if running inside WSL2
INFO Checking if crc-admin-helper executable is cached
INFO Checking if running on a supported CPU architecture
INFO Checking if crc executable symlink exists
INFO Checking minimum RAM requirements
INFO Check if Podman binary exists in: /home/lixiaohui/.crc/bin/oc
INFO Checking if Virtualization is enabled
INFO Checking if KVM is enabled
INFO Checking if libvirt is installed
INFO Checking if user is part of libvirt group
INFO Checking if active user/process is currently part of the libvirt group
INFO Checking if libvirt daemon is running
INFO Checking if a supported libvirt version is installed
INFO Checking if crc-driver-libvirt is installed
INFO Checking crc daemon systemd socket units
INFO Checking if vsock is correctly configured
INFO Loading bundle: crc_libvirt_4.18.2_amd64...
INFO Creating CRC VM for OpenShift 4.18.2...
INFO Generating new SSH key pair...
INFO Generating new password for the kubeadmin user
INFO Starting CRC VM for openshift 4.18.2...
INFO CRC instance is running with IP 127.0.0.1
INFO CRC VM is running
INFO Updating authorized keys...
INFO Configuring shared directories
INFO Check internal and public DNS query...
INFO Check DNS query from host...
INFO Verifying validity of the kubelet certificates...
INFO Starting kubelet service
INFO Waiting for kube-apiserver availability... [takes around 2min]
INFO Adding user's pull secret to the cluster...
INFO Updating SSH key to machine config resource...
INFO Waiting until the user's pull secret is written to the instance disk...
INFO Changing the password for the kubeadmin user
INFO Updating cluster ID...
INFO Updating root CA cert to admin-kubeconfig-client-ca configmap...
INFO Starting openshift instance... [waiting for the cluster to stabilize]
INFO 2 operators are progressing: authentication, console
INFO 2 operators are progressing: authentication, console
INFO Operator authentication is progressing
INFO All operators are available. Ensuring stability...
INFO Operators are stable (2/3)...
INFO Operators are stable (3/3)...
INFO Adding crc-admin and crc-developer contexts to kubeconfig...
Started the OpenShift cluster.

The server is accessible via web console at:
  https://console-openshift-console.apps-crc.testing

Log in as administrator:
  Username: kubeadmin
  Password: g38ZF-DP5Qn-aGdVt-obeEa

Log in as user:
  Username: developer
  Password: developer

Use the 'oc' command line interface:
  $ eval $(crc oc-env)
  $ oc login -u developer https://api.crc.testing:6443

访问crc openshift

访问准备

从上面输出来看,已经告诉我们登录地址和用户名密码了,但是我用的是rockylinux的最小化安装,没有图形化,无法本地打开,所以需要把它的hosts添加到我的Windows本机,先看看它加了哪些

1
2
3
4
5
6
7
8
[lixiaohui@lxh-host1 ~]$ cat /etc/hosts
127.0.0.1        localhost localhost.localdomain localhost4 localhost4.localdomain4
::1              localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.201    ceph.xiaohui.cn

# Added by CRC
127.0.0.1        api.crc.testing canary-openshift-ingress-canary.apps-crc.testing console-openshift-console.apps-crc.testing default-route-openshift-image-registry.apps-crc.testing downloads-openshift-console.apps-crc.testing host.crc.testing oauth-openshift.apps-crc.testing
# End of CRC section

看看IP地址

1
2
3
[lixiaohui@lxh-host1 ~]$ ip -br a
lo               UNKNOWN        127.0.0.1/8 ::1/128
ens160           UP             192.168.8.201/24 fe80::20c:29ff:feac:59a/64

那我们把这个crc解析添加到我Windows的hosts文件就行

Windows的hosts文件位置:

1
C:\Windows\System32\drivers\etc\hosts

添加以下内容到我的hosts

1
192.168.8.201 api.crc.testing canary-openshift-ingress-canary.apps-crc.testing console-openshift-console.apps-crc.testing default-route-openshift-image-registry.apps-crc.testing downloads-openshift-console.apps-crc.testing host.crc.testing oauth-openshift.apps-crc.testing

加了hosts还得在机器上开一下防火墙,不然80 443不通

1
2
3
4
[root@lxh-host1 ~]# firewall-cmd --add-port=80/tcp --add-port=443/tcp --add-port=6443/tcp --permanent
success
[root@lxh-host1 ~]# firewall-cmd --reload
success

图形化访问

宝子们!CRC已经安装好了,OpenShift集群也启动起来了,接下来就是激动人心的时刻——访问你的OpenShift集群啦!

根据信息,我们打开https://console-openshift-console.apps-crc.testing

openshift-crc-console

登录看看

它默认显示developer这个普通用户,我们自己用上面信息里的kubeadmin超级用户登录看看

crc-console-page

命令行访问

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
[lixiaohui@lxh-host1 ~]$ oc login -u kubeadmin -p dmFMg-REGzo-inM2K-esGmd https://api.crc.testing:6443
Login successful.

You have access to 65 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".
[lixiaohui@lxh-host1 ~]$ oc get nodes
NAME   STATUS   ROLES                         AGE   VERSION
crc    Ready    control-plane,master,worker   63d   v1.31.6
[lixiaohui@lxh-host1 ~]$ oc get co
NAME                                       VERSION   AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.18.2    True        False         False      7m50s
config-operator                            4.18.2    True        False         False      63d
console                                    4.18.2    True        False         False      8m38s
control-plane-machine-set                  4.18.2    True        False         False      63d
dns                                        4.18.2    True        False         False      8m57s
etcd                                       4.18.2    True        False         False      63d
image-registry                             4.18.2    True        False         False      8m47s
ingress                                    4.18.2    True        False         False      63d
kube-apiserver                             4.18.2    True        False         False      63d
kube-controller-manager                    4.18.2    True        False         False      63d
kube-scheduler                             4.18.2    True        False         False      63d
kube-storage-version-migrator              4.18.2    True        False         False      9m9s
machine-api                                4.18.2    True        False         False      63d
machine-approver                           4.18.2    True        False         False      63d
machine-config                             4.18.2    True        False         False      63d
marketplace                                4.18.2    True        False         False      63d
network                                    4.18.2    True        False         False      63d
openshift-apiserver                        4.18.2    True        False         False      9m5s
openshift-controller-manager               4.18.2    True        False         False      9m22s
openshift-samples                          4.18.2    True        False         False      63d
operator-lifecycle-manager                 4.18.2    True        False         False      63d
operator-lifecycle-manager-catalog         4.18.2    True        False         False      63d
operator-lifecycle-manager-packageserver   4.18.2    True        False         False      9m1s
service-ca                                 4.18.2    True        False         False      63d

完美,我们已经成功部署了crc的openshift平台,玩起来~