Setup CodeReady Containers for OpenShift 4.x with internal image registry

2 minute read

Red Hat CodeReady Containers (CrC) is a project that enables us to run a minimal OpenShift 4.x cluster on a laptop for local development. Since we’ll be frequently building Docker images while developing, we might not want to be forced to push them to Docker Hub every time in order to be able to deploy them to the local cluster: to avoid that, we can make use of OpenShift’s internal image registry.

Note: CrC cannot run on just any laptop, given its hardware requirements:

  • 4 virtual CPUs (vCPUs)
  • 9 GB of free memory
  • 35 GB of storage space

Download and install CrC

A RedHat account is required to use CrC, so sign up here or have your existing credentials at hand (no there’s no way around it, in case you are wondering).

Download the latest release of CrC here along with its pull secret (which you’ll need in a bit).

In a terminal, run the following commands to install and start CrC:

$ crc setup
$ crc start  # provide the pull secret you just downloaded

$ crc oc-env # follow the instructions printed by this command

Note: Once the installation is finished, the Web UI will be accessible by running:

$ crc console

in your terminal. The installation creates two users: developer and kubeadmin (a regular user and an admin, respectively); their credentials can be retrieved at any time by running:

$ crc console --credentials

Gaining access to the internal image registry

The first thing you have to do is to make the internal image registry accessible. To do so, run the following commands in your terminal:

$ oc login -u kubeadmin -p "<your_password>" https://api.crc.testing:6443
$ oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

The internal image registry doesn’t have valid certificates, so you have to change both CrC and Docker to (selectively) allow insecure registries.

Note: According to a CRC maintainer this is actually not needed but I couldn’t get it working in any other way.

Instruct CrC to accept an insecure registry

You can achieve this by patching the cluster configuration as follows:

$ oc patch image.config.openshift.io/cluster --type=merge --patch="{\"spec\": {\"registrySources\": {\"insecureRegistries\": [\"default-route-openshift-image-registry.apps-crc.testing\" ]}}}"

Instruct Docker to accept an insecure registry

Open Docker Desktop > Preferences > Docker Engine and add the following as top-level field in the JSON configuration, then click on Apply & Restart:

"insecure-registries": [
  "default-route-openshift-image-registry.apps-crc.testing"
]

(Source: Test an insecure registry)

On a fresh Docker Desktop installation, the complete JSON configuration would look something like:

{
  "debug": true,
  "experimental": false,
  "insecure-registries": [
    "default-route-openshift-image-registry.apps-crc.testing"
  ]
}

This configuration “lives” in ~/.docker/daemon.json.

Login to the image registry

$ oc whoami -t | docker login -u developer --password-stdin "default-route-openshift-image-registry.apps-crc.testing"

Build your Docker image

When building a Docker image, you have to make sure to include the internal image registry and CrC namespace in its name.

For example, if you’re using CrC’s default namespace and building version 1.2.3 of the myapp application, the commands would look like this:

$ docker build -t default-route-openshift-image-registry.apps-crc.testing/default/myapp:1.2.3 .
$ docker push default-route-openshift-image-registry.apps-crc.testing/default/myapp:1.2.3