Chapter 4. Installing CodeReady Workspaces in restricted environments

To install CodeReady Workspaces in a restricted environment that has no direct connection to the Internet available, all requisite container images must be downloaded prior to the deployment of the application and then used from a local container registry.

The installation of CodeReady Workspaces consists of the following three deployments:

  • PostgreSQL (database)
  • Red Hat Single Sign-On (Red Hat SSO)
  • CodeReady Workspaces

Each of these deployments uses a container image in the container specification. Normally, the images are pulled from the Red Hat Container Catalog at Red Hat CodeReady Workspaces. When the OpenShift Container Platform cluster used for the CodeReady Workspaces deployment does not have access to the Internet, the installation fails. To allow the installation to proceed, override the default image specification to point to your local registry.

Prerequisites

  • The CodeReady Workspaces deployment script. See Section 2.2, “Downloading the CodeReady Workspaces deployment script” for detailed instructions on how to obtain the script.
  • A local (internal) container registry that can be accessed by the OpenShift instance where CodeReady Workspaces is to be deployed.
  • Container images required for CodeReady Workspaces deployment imported to the local registry.
  • The following images downloaded from registry.redhat.io:

See Section 4.1, “Preparing CodeReady Workspaces deployment from a local registry” for detailed instructions.

4.1. Preparing CodeReady Workspaces deployment from a local registry

To install CodeReady Workspaces in a restricted environment without access to the Internet, the product deployment container images need to be imported from an external container registry into a local (internal) registry.

CodeReady Workspaces deployment requires the following images from the Red Hat Container Catalog at registry.redhat.io:

  • codeready-workspaces/server-rhel8:1.2: CodeReady Workspaces server
  • codeready-workspaces/server-operator-rhel8:1.2: operator that installs and manages CodeReady Workspaces
  • rhscl/postgresql-96-rhel7:1-40: PostgreSQL database for persisting data
  • redhat-sso-7/sso73-openshift:1.0-11: Red Hat SSO for authentication
  • ubi8-minimal:8.0-127: utility image used in preparing the PVCs (Persistant Volume Claims)

Prerequisites

To import container images (create image streams) in your OpenShift Container Platform cluster, you need:

  • cluster-admin rights

Procedure

  1. Import the required images from an external registry to a local registry that your OpenShift Container Platform cluster can reach. See Section 4.4, “Making CodeReady Workspaces images available from a local registry” for example instructions on how to do this.

  2. Edit the custom-resource.yaml configuration file to specify that the CodeReady Workspaces deployment script should use images from your internal registry. Add the following specification fields to the respective blocks. Use the address of your internal registry and the name of the OpenShift project into which you imported the images. For example: 

      spec:

    storage:
      pvcJobsImage: '172.0.0.30:5000/openshift/ubi8-minimal:8.0-127'

    database:
      postgresImage: '172.0.0.30:5000/openshift/rhscl/postgresql-96-rhel7:1-40'

    auth:
      identityProviderImage: '172.0.0.30:5000/openshift/redhat-sso-7/sso73-openshift:1.0-11'
    Important
    • Make sure to use correct indentation as shown above.
    • Substitute 172.0.0.30:5000 for the actual address of your local registry.
    • Substitute openshift for the name of the OpenShift project into which you imported the images.

Additional resources

4.2. Running the CodeReady Workspaces deployment script in a restricted environment

To deploy CodeReady Workspaces in a restricted environment with access to the Internet, it is necessary to use container images from a local (internal) registry. The deployment script (deploy.sh) allows to specify a custom image to be used for installation.

Specification fields from the custom-resource.yaml configuration file and arguments supplied to the deploy.sh script are passed to the operator. The operator then constructs the deployment of CodeReady Workspaces with the images in the container specification.

Prerequisites

  • Imported container images required by CodeReady Workspaces to a local registry.
  • Local addresses of imported images specified in the custom-resource.yaml file.

See Section 4.1, “Preparing CodeReady Workspaces deployment from a local registry” for detailed instructions.

Procedure

To deploy CodeReady Workspaces from an internal registry, run the ./deploy.sh --deploy command and specify custom (locally available) server and operator images.

  1. Use the --server-image and --version parameters to specify the server image and the --operator-image parameter to specify the operator image. For example: 

    $ ./deploy.sh --deploy \
  --server-image=172.0.0.30:5000/openshift/codeready-workspaces/server-rhel8 \
  --version=1.2 \
  --operator-image=172.0.0.30:5000/openshift/codeready-workspaces/server-operator-rhel8:1.2
    Important
    • Substitute 172.0.0.30:5000 for the actual address of your local registry.
    • Substitute openshift for the name of the OpenShift project into which you imported the images.

Additional resources

4.3. Starting workspaces in restricted environments

Starting a workspace in CodeReady Workspaces implies creating a new deployment. Different stacks use different images. All of these stacks are from the Red Hat Container Catalog at Red Hat CodeReady Workspaces. For more information on stacks, see the Stacks chapter in this guide.

It is not possible to override stack images during the installation of CodeReady Workspaces. You need to manually edit preconfigured stacks. See Creating stacks.

Procedure

To start a workspace in a restricted environment:

  1. Import all of the following images you need to an internal registry:

    • registry.redhat.io/codeready-workspaces/stacks-java-rhel8:1.2
    • registry.redhat.io/codeready-workspaces/stacks-node-rhel8:1.2
    • registry.redhat.io/codeready-workspaces/stacks-node:1.2
    • registry.redhat.io/codeready-workspaces/stacks-php-rhel8:1.2
    • registry.redhat.io/codeready-workspaces/stacks-python-rhel8:1.2
    • registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8:1.2
    • registry.redhat.io/codeready-workspaces/stacks-golang-rhel8:1.2
    • registry.redhat.io/codeready-workspaces/stacks-java-rhel8:1.2

    • registry.redhat.io/codeready-workspaces/stacks-cpp-rhel8:1.2

      See Section 4.4, “Making CodeReady Workspaces images available from a local registry” for example instructions on how to transfer container images required for CodeReady Workspaces deployment to a restricted environment.

  2. Modify the preconfigured stacks:

    1. Log in to CodeReady Workspaces as an administrator. (The default login credentials are username: admin and password: admin.)
    2. In the left pane, click Stacks.

    3. From the list of stacks, select a stack to edit.

      Figure 4.1. Selecting a stack to edit

      Selecting a stack to edit
    4. Click and expand DEV-MACHINE.

    5. In the Source field, replace the default Red Hat Container Catalog image with a local image that you pushed to an internal registry.

      Figure 4.2. Editing a stack

      Editing a stack

    6. Click Save.

      Repeat step 2 for all the stacks that you want to use.

  3. By default, the CodeReady Workspaces server is configured to overwrite default stacks on application start. To ensure that the changes persist between restarts, edit the custom config map:

    1. In the OpenShist Web Console, navigate to the Resources > Config Maps tab, and select the custom config map:

      Figure 4.3. Navigate to the custom Config Map

      Navigate to the *custom* Config Map
    2. From the Actions drop-down menu in the top-right corner, select Edit.

    3. Scroll to the CHE_PREDEFINED_STACKS_RELOAD__ON__START key, and enter false:

      Figure 4.4. Set the CHE_PREDEFINED_STACKS_RELOAD__ON__START key to false

      Set the key configuring predefined stacks to false
    4. Save the config map.

  4. Forcibly start a new CodeReady Workspaces deployment, either by scaling the current deployment to 0 and then back to 1, or deleting the CodeReady Workspaces server pod:

    1. In the OpenShist Web Console, navigate to the Applications > Deployments tab, and select the codeready deployment:

      Figure 4.5. Select the codeready deployment

      Select the *codeready* deployment
    2. Click the name of the running codeready pod.

    3. Click the down arrow next to the number of pods, and confirm by clicking the Scale Down button:

      Figure 4.6. Scale down the codeready deployment

      Scale down the *codeready* deployment
    4. Scale the deployment back up by clicking the up arrow.

4.4. Making CodeReady Workspaces images available from a local registry

This procedure is one of the possible ways for making CodeReady Workspaces container images that are required for deployment available from a local (internal) registry. First download the images using a machine connected to the Internet, then use some other method than network connection to transfer them to the restricted environment where you intend to deploy the application. Finally, upload (push) the images to the local registry that will be accessible during the deployment phase.

Prerequisites

  • Machine with access to the Internet that can be used to pull and save container images from registry.redhat.io.
  • Means of transferring the downloaded images to the restricted environment where you intend to deploy CodeReady Workspaces.
  • An account with the rights to push to a local registry within the restricted environment. The local registry must be accessible for the deployment.

At minimum, the following images need to be made locally available:

  • registry.redhat.io/codeready-workspaces/server-rhel8:1.2
  • registry.redhat.io/codeready-workspaces/server-operator-rhel8:1.2
  • registry.redhat.io/rhscl/postgresql-96-rhel7:1-40
  • registry.redhat.io/redhat-sso-7/sso73-openshift:1.0-11
  • registry.redhat.io/ubi8-minimal:8.0-127
Note

You also need to follow the steps for image import for all stack images that you will want to use within CodeReady Workspaces.

Procedure

Use a tool for container management, such as Podman, to both download the container images and subsequently push them to a local registry within the restricted environment.

Note

The podman tool is available from the podman package in Red Hat Enterprise Linux starting with version 7.6. On earlier versions of Red Hat Enterprise Linux, the docker tool can be used with the same command syntax as suggested below for podman.

Steps to perform on a machine with connection to the Internet

  1. Pull the required images from the registry.redhat.io. For example, for the codeready-workspaces/server-rhel8 image, run: 

    # podman pull registry.redhat.io/codeready-workspaces/server-rhel8:1.2

    Repeat the command for all the images you need.

  2. Save all the pulled images to a tar file in your current directory on the disk. For example, for the codeready-workspaces/server-rhel8 image, run: 

    # podman save --output codeready-server.tar \
  registry.redhat.io/codeready-workspaces/server-rhel8:1.2

    Repeat the command for all the images you need.

Transfer the saved tar image files to a machine connected to the restricted environment.

Steps to perform on a machine within the restricted environment

  1. Load all the required images to the local container repository from which they can uploaded to OpenShift. For example, for the codeready-workspaces/server-rhel8 image, run: 

    # podman load --input codeready-server.tar

    Repeat the command for all the images you need.

  2. Optionally, check that the images have been successfully loaded to your local container repository. For example, to check for the codeready images, run: 

    # podman images */codeready/*
REPOSITORY                                                TAG
registry.redhat.io/codeready-workspaces/server-rhel8    1.2
registry.redhat.io/codeready-workspaces/server-operator-rhel8  1.2

  3. Log in to the instance of OpenShift Container Platform where you intend to deploy CodeReady Workspaces as a user with the cluster-admin role. For example, to log in as the user admin, run: 

    $ oc login --username <admin> --password <password>

    In the above command, substitute <admin> for the username of the account you intend to use to deploy CodeReady Workspaces and <password> for the associated password.

  4. Log in with podman to the local OpenShift registry that CodeReady Workspaces will be deployed from: 

    # podman login --username <admin> \
  --password $(oc whoami --show-token) 172.0.0.30:5000

    In the above command:

    • Substitute <admin> for the username of the account you used to log in to OpenShift.
    • Substitute 172.0.0.30:5000 for the URL of the local OpenShift registry to which you are logging in.

  5. Tag the required images to prepare them to be pushed to the local OpenShift registry. For example, for the codeready-workspaces/server-rhel8 image, run: 

    # podman tag registry.redhat.io/codeready-workspaces/server-rhel8:1.2 \
  172.0.0.30:5000/openshift/codeready-server:1.2

    Repeat the command for all the images you need.

    In the above command, substitute 172.0.0.30:5000 for the URL of the local OpenShift registry to which you will be pushing the images.

  6. Optionally, check that the images have been successfully tagged for pushing to the local OpenShift registry. For example, to check for the codeready images, run: 

    # podman images */openshift/codeready-*
REPOSITORY                                    TAG
172.0.0.30:5000/openshift/codeready-operator  1.2
172.0.0.30:5000/openshift/codeready-server    1.2

  7. Push the required images to the local OpenShift registry. For example, for the codeready-workspaces/server-rhel8 image, run: 

    # podman push 172.0.0.30:5000/openshift/codeready-server:1.2

    Repeat the command for all the images you need.

    In the above command, substitute 172.0.0.30:5000 for the URL of the local OpenShift registry to which you will be pushing the images.

  8. Switch to the openshift project: 

    $ oc project openshift

  9. Optionally, check that the images have been successfully pushed to the local OpenShift registry. For example, to check for the codeready images, run: 

    $ oc get imagestream codeready-*
NAME                DOCKER REPO                                   TAGS
codeready-operator  172.0.0.30:5000/openshift/codeready-operator  1.2
codeready-server    172.0.0.30:5000/openshift/codeready-server    1.2

    You can also verify that the images have been successfully pushed in the OpenShift Console. Navigate to the Builds > Images tab, and look for image streams available in the openshift project:

    Figure 4.7. Confirming images have been pushed to the openshift project

    codeready image streams in the OpenShift registry

The required CodeReady Workspaces container images are now available for use in your restricted environment.

Additional resources