GUIDE: Install OpenShift 4 — The Easy Way — Part 2


In Part 1 of this guide we install a three-node OCP 4.7 cluster using the assisted installer. In Part 2 we will:

  • Download and configure the oc client
  • Setup an authentication provider using htpasswd
  • Configure the registry (non-production)
  • Create an ephemeral Drupal project.

Download the oc client:

Browse to and download the client appropriate for your system.

For Linux clients, wget the client tar file, extract the client tar file, and move the kubectl and oc executables to /usr/local/bin:

tar -zxvf openshift-client-linux.tar.gz
sudo mv kubectl/usr/local/bin/

Test the oc client:

Download the kubeconfig for your cluster from

Set the KUBECONFIG environment variable and test the connection:

export KUBECONFIG=~/Downloads/kubeconfig
oc get nodes

Running ‘oc get nodes’ should return the information pictured above.

Setup an authentication provider using htpasswd:

The kubeadmin user is not for permanent use, instead you should setup other means of authentication. The easiest way to set up a local user is with htpasswd. Create the users.htpasswd using the following command for testuser:

htpasswd -c -B users.htpasswd testuser

Create a secret in the openshift-config project using the users.htpasswd file you generated:

oc create secret generic htpass-secret --from-file=htpasswd=users.htpasswd -n openshift-config

Download the identity provider template for htpasswd from Github:


Add the identity provider:

oc apply -f htpasswd_provider.yaml

Logout of the OpenShift Console. Then select htpasswd_provider and login with testuser and test password credentials.

If you visit the Administrator page you should see no projects:

Give yourself cluster-admin access using ‘oc adm policy’, and the projects should immediately populate:

oc adm policy add-cluster-role-to-user cluster-admin testuser

Your user should now have cluster-admin level access:

Configure the registry as ephemeral (non-production):

In this example, we will set the registry to an empty directory. The result of this is that all images will be lost when the registry pod restarts.

Patch the registry operator to management state and storage:

oc patch cluster --type merge --patch '{"spec":{"managementState":"Managed"}}'
oc patch cluster --type merge --patch '{"spec":{"storage":{"emptyDir":{}}}}'

Create an ephemeral Drupal project:

Create a new project using the oc client:

oc new-project drupal-test

Create a new app using the php 7.3 S2i image and use the cragr/drupal-lab GitHub repo for the source. Expose the service to create a route.

oc new-app openshift/php:7.3~
oc expose svc/drupal

Create a new app using the MariaDB 10.3 image with some environment variables:

oc new-app openshift/mariadb:10.3 --name mariadb --env MYSQL_DATABASE=drupal --env MYSQL_USER=drupal --env MYSQL_PASSWORD=drupal

Open the OpenShift console and browse to the drupal-test project. Once the WordPress image is built and ready, it will be dark blue like the MariaDB instance show here:

Create a secure route using the terminal:

oc create route edge drupal --service=drupal-lab --insecure-policy=Redirect

Browse to your drupal URL and begin to configure the site:

Congratulations! You have an excellent environment for development and testing of OpenShift applications. Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *