Installing Che on CodeReady Containers

This chapter describes the creation of a single-node OpenShift cluster for deploying a Che instance using CodeReady Containers. To install Che, use the`chectl` command-line tool or the OpenShift web console GUI.

Using chectl to install Che on CodeReady Containers

This section describes how to install Che on CodeReady Containers (CRC) using chectl.

Prerequisites
Procedure
  1. Initiate the CRC platform:

    1. Configure your host machine for CodeReady Containers:

      $ crc setup
    2. Remove any previous cluster:

      $ crc delete
    3. Initiate the oc command line interface within CRC:

      $ eval $(crc oc-env)
    4. Start the CodeReady Containers virtual machine with at least 12 GB of RAM and specify the path to your pull secret:

      $ crc start --memory 12288 --pull-secret-file <download-path>pull-secret.txt
    5. Take note of the password for the user kubeadmin, displayed at the end of the CRC initiation.

  2. Log into OpenShift cluster using the kubeadmin username, the corresponding <kubeadmin-password> password, and the CRC URL pointer displayed at the end of the CRC initiation phase:

    $ oc login --username="kubeadmin" --password="<kubeadmin-password>" https://api.crc.testing:6443
  3. Install the Che instance using chectl:

    $ chectl server:deploy --platform crc
  4. Use the Users Dashboard CRC testing URL and sign in as:

    Login: developer
    Password: developer
    • For the first time Che installation, a user needs to import the Che certificate to the browser of their choice. See, Importing certificates to browsers.

      For a chectl installation, the browser certificate is copied to the /tmp/cheCA.crt folder by the chectl cacert:export command during the deployment. This is the same certificate that can be extracted from the User Dashboard of a Che instance, the export of which is described in the link above, and can be used for the direct browser import.

  5. Enter the user’s credentials and start using Che.

Using the OpenShift web console to install Che on CodeReady Containers

Prerequisites
Procedure
  1. To configure your host machine for CodeReady Containers, run:

    $ crc setup
  2. To remove any previous cluster, run:

    $ crc delete
  3. To start the CodeReady Containers virtual machine with at least 12 GB of RAM, run:

    $ crc start --memory 12288
  4. When prompted, supply your user pull secret.

  5. Take note of the password for the user kubeadmin, which the crc start --memory 12288 command outputs.

  6. To access the OpenShift web console, run:

    $ crc console
  7. In the web console, log in with the username developer and the password developer.

  8. In the top right corner of the OpenShift web console, click developerLog out.

  9. Log in with the kubeadmin username and the corresponding password.

  10. Follow the procedure for Installing Che on OpenShift 4 using OperatorHub.

Importing certificates to browsers

This section describes how to import a root certificate authority into a web browser to use Che with self-signed TLS certificates.

When a TLS certificate is not trusted, the error message "Your Eclipse Che server may be using a self-signed certificate. To resolve the issue, import the server CA certificate in the browser." blocks the login process. To prevent this, add the public part of the self-signed CA certificate into the browser after installing Che.

Adding certificates to Google Chrome on Linux or Windows

Procedure
  1. Navigate to URL where Che is deployed.

  2. Save the certificate:

    1. Click the warning or open lock icon on the left of the address bar.

    2. Click Certificates and navigate to the Details tab.

    3. Select the top-level certificate, which is the needed Root certificate authority (do not export the unfolded certificate from the lower level), and export it:

      • On Linux, click the Export button.

      • On Windows, click the Save to file button.

  3. Go to Google Chrome Certificates settings in the Privacy and security section and navigate to the Authorities tab.

  4. Click the Import button and open the saved certificate file.

  5. Select Trust this certificate for identifying websites and click the OK button.

  6. After adding the Che certificate to the browser, the address bar displays the closed lock icon next to the URL, indicating a secure connection.

Adding certificates to Google Chrome on macOS

Procedure
  1. Navigate to URL where Che is deployed.

  2. Save the certificate:

    1. Click the lock icon on the left of the address bar.

    2. Click Certificates.

    3. Select the certificate to use and drag its displayed large icon to the desktop.

  3. Open the Keychain Access application.

  4. Select the System keychain and drag the saved certificate file to it.

  5. Double-click the imported CA, then go to Trust and select When using this certificate: Always Trust.

  6. Restart the browser for the added certificated to take effect.

Adding certificates to Mozilla Firefox

Procedure
  1. Navigate to URL where Che is deployed.

  2. Save the certificate:

    1. Click the lock icon on the left of the address bar.

    2. Click the > button next to the Connection not secure warning.

    3. Click the More information button.

    4. Click the View Certificate button on the Security tab.

    5. Select the second certificate tab. The certificate Common Name should start with ingress-operator

    6. Click the PEM (cert) link and save the certificate.

  3. Navigate to about:preferences, search for certificates, and click View Certificates.

  4. Go to the Authorities tab, click the Import button, and open the saved certificate file.

  5. Check Trust this CA to identify websites and click OK.

  6. Restart Mozilla Firefox for the added certificated to take effect.

  7. After adding the Che certificate to the browser, the address bar displays the closed lock icon next to the URL, indicating a secure connection.