OpenShift Cluster Remote Access

oc, kubectl, helm and podman configuration

1. The CLI client utilities (oc and kubectl commands) are provided in platform specific archives downloadable from Red Hat Customer Portal. (Note: RedHat Subscription login required). Here are links to setup instructions and download links for each of the supported desktop platform: Windows Linux MacOS Once you log into the Red Hat Customer Portal using one of the above link you will be able to select version of the client and access download links:
* [Clients for older releases (up to 3.11 are also available from the Release page of OpenShift Origin available at OpenShift Origin GitHub (you may need to scroll down to Assets section to locate download links for various desktop clients)].
2. Download version of the client utilities appropriate for your cluster version, extract the files and provide the required execution permission to the oc and kubectl files in the extracted directory and copy oc and kubectl binaries to the appropriate folders, for example on MacOS:
cp oc kubectl /usr/local/bin
3. Run the command
oc login -u <user-name> -p <user-password> <cluster-api-server-url> --insecure-skip-tls-verify Note: <cluster-api-server-url> will be provided in your on-boarding slack channel once a cluster is assigned to your group. This will allow you to access RHOS projects and also use kubectl commands from your system.

Helm utility configuration

1. Tiller server provided with CPD version 2.5 requires specific version of the helm client, download helm utility (v 2.12.3) from GitHub for your operating system. Extract the file and copy the helm utility to the required directory, for example, on MacOS:
cp helm /usr/local/bin
2. Make sure oc utility is downloaded and has execute permissions and copied to the right path, for example on MacOS -> copy to /usr/local.bin).
3. Run the command
oc login -u <user-name> -p <user-password> <cluster-api-server-url> --insecure-skip-tls-verify
4. Run
export HELM_HOME=~/.helm
helm init --client-only
to initiate helm
5. Run
oc project zen
to set the project where tiller service is running.
6. Run
cd ~/.helm
and then execute the following commands:
CPD version 2.5
tiller_pod=$(oc get po | grep icpd-till | awk '{print $1}'); oc cp ${tiller_pod}:etc/certs/ cert.pem; oc cp ${tiller_pod}:etc/certs/ key.pem
CPD version 3.0+
cd $HELM_HOME && oc get secret helm-secret -n $TILLER_NAMESPACE -o yaml|grep -A3 '^data:'|tail -3 | awk -F: '{system("echo "$2" |base64 --decode > "$1)}' export HELM_TLS_CA_CERT=$HELM_HOME/ca.cert.pem
export HELM_TLS_CERT=$HELM_HOME/helm.cert.pem
export HELM_TLS_KEY=$HELM_HOME/helm.key.pem
7. Run
to set the tiller namespace.
8. Run
helm version --tls
to check if you get the following output:
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.12.2", GitCommit:"7d2b0c73d734f6586ed222a567c5d103fed435be", GitTreeState:"clean"}
9. Run
oc new-project <namespace name>
to create new project called <namespace name>
10. Run
oc project <namespace name>
to select <namespace name> as your current project
11. Run
helm install <helm_chart> --namespace <namespace> --tls
to install the helm chart on the cluster.

Podman utility configuration

1. To access and work with images in cluster’s internal container registry you will need to install podman utility. Podman utility is a tool that RedHat recommends to access and manage container images in OpenShift cluster. It’s available here: To simplify installation and usage it’s highly recommended to use podman on a Linux system. (Other platforms may require additional setup configuration as documented in Podman’s online documentation). Once podman is installed and working you can access your cluster’s internal container registry:
2. Authenticate with cluster API server: oc login -u <user-name> -p <user-password> <cluster-api-server-url> --insecure-skip-tls-verify
3. Log into cluster’s container registry using externally exposed registry route:
podman login -u $(oc whoami) -p $(oc whoami -t) <your-cluster-external-route> --tls-verify=false where <your-cluster-external-route> typically is:
default-route-openshift-image-registry.<domain-of-your assigned-cluster> For example, if your assigned cluster URL is:
then the external name of your cluster container registry would be:
4. Pulling images from the cluster registry: podman pull <your-cluster-external-route> image-name>:<image-tag> --tls-verify=false
Pushing images to cluster’s registry: First, tag the image with cluster’s registry route:
podman tag 2d4f4b5309b1 <your-cluster-external-route> /<project>/<image-name>:<image-tag>
Push the image using the new tag: podman push <your-cluster-external-route>/<project>/<image-name>:<image-tag> --tls-verify=false