A single-node Openshift 3.10 cluster

I need to try running kube-bench on Openshift and the easiest way seemed to me to run a single-node cluster in a Vagrant machine. It was really easy, but here are the steps.

Vagrant machine running Centos

Here’s my Vagrantfile:

Vagrant.configure("2") do |config|
config.vm.provider "virtualbox" do |v|
v.memory = 16384
v.cpus = 2
config.vm.box = "bento/centos-7.6"
config.vm.network "private_network", type: "dhcp"
config.vm.network "forwarded_port", guest: 8443, host: 8443
config.vm.provision "docker"

Put this in an empty directory and run vagrant up

Once it’s up and running, get shell access to it with vagrant ssh

Add insecure registries settings

As per the instructions on this page you need to have Docker running with an insecure registry parameter. Create a file at /etc/docker/daemon.json (you’ll need to sudo) with the following contents:

"insecure-registries": [

Restart Docker:

$ sudo systemctl daemon-reload
$ sudo systemctl restart docker

Download Openshift binaries

Download the version you want (I’m going for 3.10.0) from the Openshift releases page on GitHub, and unpack it.

$ wget https://github.com/openshift/origin/releases/download/v3.10.0/openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz
$ tar xvf openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz

I like to tidy this up:

$ mv openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit openshift
$ rm openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz

Now I have a directory called openshift

$ ls openshift

Add oc to your path

If you’re using Openshift you’ll be running oc all the time (it’s roughly the equivalent of kubectl in Openshift-land) so you’ll want it in your path.

$ export PATH=$PATH:~/openshift

Start the cluster

Red Hat made this super simple!

$ oc cluster up

Open the console

Because of the port forwarding line in the Vagrantfile, you’ll be able to view the console in your browser at https://localhost:8443 (once you have pushed your way through a number of browser certificate warnings). You can log in as “developer” with any password.

The OKD console

All-in-one Vagrantfile

To make this even easier, here’s a Vagrantfile with all the installation steps included. You’ll just need to vagrant up and then oc cluster start