What is OpenShift?
OpenShift is a Kubernetes-based enterprise container platform developed by Red Hat.
It provides everything you need to build, deploy, manage, and scale applications using containers.
Think of OpenShift as:
-
Kubernetes + more automation + built-in security + developer tools + enterprise support.
Key Components of OpenShift
1. Kubernetes (Core Orchestrator)
OpenShift is built on top of Kubernetes and includes:
-
Pod & container orchestration
-
Service discovery
-
Auto-scaling
-
Load balancing
2. OpenShift API Server
-
Central control point
-
Manages all cluster operations
3. OpenShift Container Registry (OCR)
-
Built-in Docker-compatible registry
-
Stores images internally in a secure manner
4. OpenShift Router
-
Based on HAProxy
-
Handles external traffic
-
Supports routes, TLS, sticky sessions, etc.
5. Operators
-
Automate lifecycle of apps & infrastructure (install → upgrade → manage)
-
OpenShift uses OperatorHub to provide many certified operators
6. Developer Tools
-
Source-to-Image (S2I): build apps from source code
-
Dev Spaces (formerly CodeReady Workspaces)
-
Pipelines (Tekton-based CI/CD)
-
GitOps (ArgoCD)
Types of OpenShift Platforms
1. OpenShift Container Platform (OCP)
-
Self-managed version
-
Install on your own infrastructure (on-prem, private cloud, bare-metal)
2. OpenShift Online
-
Fully managed SaaS offering by Red Hat
3. OpenShift Dedicated
-
Customer-specific cluster
-
Managed by Red Hat on AWS or GCP
4. ROSA (Red Hat OpenShift on AWS)
-
Joint Red Hat–AWS managed service
5. ARO (Azure Red Hat OpenShift)
-
Joint Red Hat–Microsoft managed platform
Architecture Overview
OpenShift has 3 major layers:
1. Master/Control Plane
-
API Server
-
etcd
-
Scheduler
-
Controller Manager
-
Machine API
2. Worker Nodes
-
Run containers/pods
-
Include:
-
CRI-O or Docker runtime
-
Kubelet
-
Node services
-
3. Services Layer
-
Monitoring (Prometheus)
-
Logging / EFK stack
-
Image registry
-
Networking (OpenShift SDN / OVN-Kubernetes)
Key Features of OpenShift
✔ Enterprise Security
-
Role-Based Access Control (RBAC)
-
Image scanning (Clair)
-
Network policies
-
Security Context Constraints (SCC)
✔ Built-in CI/CD
-
Tekton pipelines
-
ArgoCD for GitOps
✔ Developer-Friendly
-
Web console + dashboard
-
S2I build system
-
UI-based deployment
-
Integrated logging & monitoring
✔ Autoscaling
-
Horizontal Pod Autoscaler
-
Cluster autoscaler
-
Machine autoscaler
✔ Multi-Cloud + Hybrid Support
-
Deploy anywhere
-
Consistent experience across environments
How Deployment Works in OpenShift
-
Developer pushes code to Git repo
-
OpenShift pipeline triggers build
-
Build creates Docker image / S2I image
-
Image is stored in internal registry
-
DeploymentConfig or Deployment creates pods
-
Router exposes app through a public route
Command Line Tools
1. oc CLI (OpenShift Client)
Used to interact with OpenShift, similar to kubectl but with extra features:
2. kubectl
Also works because OpenShift is Kubernetes under the hood.
OpenShift vs Kubernetes
| Feature | Kubernetes | OpenShift |
|---|---|---|
| Installation | Complex | Automated installer |
| Security | Basic | Strict, enterprise-grade |
| UI Dashboard | Basic | Advanced web console |
| Built-in CI/CD | No | Yes (Tekton + ArgoCD) |
| Image registry | External | Built-in |
| Multi-tenancy | Limited | Strong security & isolation |
| Developer tools | Minimal | Strong developer experience |
Security Enhancements in OpenShift
-
SCCs (Security Context Constraints)
-
Enforces non-root containers
-
Audit logs
-
TLS everywhere
-
Vulnerability scanning
Use Cases of OpenShift
-
Microservices architecture
-
Modernizing legacy applications
-
Hybrid cloud deployments
-
Banking & FinTech applications
-
Telecom workloads
-
Enterprise CI/CD pipelines
Advantages
-
Enterprise-ready
-
Highly secure
-
Great for large teams
-
Rich developer ecosystem
Disadvantages
-
Cost is high
-
Complex for small projects
-
Steeper learning curve than basic Kubernetes
What Is OpenShift Local?
OpenShift Local is a single-node OpenShift cluster (1 master + 1 worker inside one VM).
It is used for:
-
Local learning
-
Testing
-
Small development
-
Proof-of-concept
Setup OpenShift
Enable Hyper-V on Windows 10/11 Home Edition
Option 1: Using PowerShell (Admin Mode)
Run this in PowerShell (as Administrator):
Restart your PC.
Option 2: Enable using reference script
Reference: https://mylemans.online/posts/EnableHyperv-Windows11-Home/
Cross-check: Go to → Control Panel → Programs → Turn Windows features on or off → Ensure Hyper-V is checked.
Step 1 : Create Red Hat Developer Account
Go to: https://developers.redhat.com/register
Sign up (free) or log in with an existing Red Hat account.
You’ll need this account to download OpenShift Local and your Pull Secret.
Step 2 : Download and Install OpenShift Local (CRC)
Visit: https://developers.redhat.com/products/openshift-local/overview
Download: crc-windows-amd64.msi and install it.
Verify installation:
You should see version output.
Download Pull Secret
Go to: https://cloud.redhat.com/openshift/install/pull-secret
Save it somewhere: D:\Software\crc\pull-secret.txt
Step 3 : Setup the OpenShift Cluster
Run in CMD:
This step:
-
Prepares virtualization & networking
-
Validates system
-
Downloads required drivers
-
Sets up image cache
Step 4 : Start the OpenShift Cluster
Run:
You’ll see output like:
-
Web console: https://console-openshift-console.apps-crc.testing
-
Username: kubeadmin
-
Password: <auto-generated-password>
👉 Save these credentials safely.
This step will:
-
Start a VM in Hyper-V
-
Create the OpenShift cluster
-
Configure kubeadmin login
-
Set up networking
Time required: 10–20 minutes.
Step 5 : Login to OpenShift Cluster
CLI Login
Run:
👉 Copy the output and run it (It will sets up the oc CLI path).
Login:
(Password was shown during crc start.)
Web Console Login
Open browser →
https://console-openshift-console.apps-crc.testing/
Login:
-
Username: kubeadmin
-
Password: shown during
crc start
You now have a running local OpenShift cluster.
OpenShift Local Is Now Ready!
You can:
-
Create projects
-
Deploy apps
-
Use S2I
-
Test routes
-
Try pipelines
-
Explore Operators
How to fully reset our CRC/OpenShift Local cluster
1. Stop the CRC VM: crc stop
👉This clears the entire OpenShift cluster
- C:\Users\<your-username>\.crc\
- C:\Users\<your-username>\.kube\
Deploy a Spring Boot Application
(Podman Containerized Application)
on OpenShift
Step 1 : Prepare Your App & Build Podman Image
-
Build Spring Boot JAR:
-
Update your
application.propertiesorapplication.yml:
(Use your system IP from ipconfig.)
-
Build Podman image inside project folder (where your
Containerfileis):
-
Verify image:
podman images
Step 2 : Login Podman to OpenShift Internal Registry
Make sure you set CRC environment variable PATH value: C:\Users\siraj\.crc\bin\oc
On OpenShell: Get OpenShift token
Login Podman:
podman login --tls-verify=false -u kubeadmin -p $TOKEN default-route-openshift-image-registry.apps-crc.testing
Step 3 : Tag and Push Your Image to OpenShift
Create project:
oc new-project springboot-demo
Tag your image:
👉 Note: Due to firewall restrictions on my local system, I was unable to push the image to the local OpenShift cluster’s image registry using the following step. As an alternative, the Podman image can also be pushed to Docker Hub and then deployed and run in the local OpenShift cluster.
Push the image:
Step 4 : Deploy Application in OpenShift
Deploy:
Check the route:
Output example:
Open:
Your Spring Boot app is now deployed and accessible!
Step 5 : Verify Logs & Connectivity
Logs:
Verify MongoDB connectivity:
If you see Connection succeeded! → MongoDB is reachable.
Step 6 : Access Application Locally
Browser or CLI:
You should receive your API output.
Summary
| Step | Action | Command/URL |
|---|---|---|
| 1 | Register Red Hat Account | https://developers.redhat.com/register |
| 2 | Download and install CRC | https://developers.redhat.com/products/openshift-local/overview |
| 5 | Pull Secret | https://cloud.redhat.com/openshift/install/pull-secret |
| 6 | Setup CRC | crc setup |
| 7 | Start CRC | crc start --pull-secret-file D:\Software\crc\pull-secret.txt |
| 8 | Login to Console | https://console-openshift-console.apps-crc.testing |
| 9 | Login CLI | oc login -u kubeadmin -p <password> |
| 10 | Build Image (Podman) | podman build -t springboot-mongodb-example . |
| 11 | Push to OpenShift | podman push default-route-openshift-image-registry.apps-crc.testing/springboot-demo/springboot-mongodb-example |
| 12 | Deploy | oc new-app & oc expose svc/... |
Deploy a Spring Boot Application
(without containerized)
on Openshift using S2I
This approach allows OpenShift to automatically build your app from your GitHub repository using Source-to-Image (S2I).
Step 1: Build Your Spring Boot Project
Push your project code to GitHub or GitLab.
👉 you can skip this Step-1. It is NOT required for OpenShift S2I deployment. This is only for local testing.
Step 2: Login to OpenShift
Login using the OpenShift CLI:
Create a new OpenShift project:
oc new-project springboot-helloworld-project
Step 3: Deploy the Application Using S2I
Deploy your application using the Red Hat UBI 8 OpenJDK 21 S2I builder image:
Clone your Git repository
Build the Spring Boot JAR using Maven (inside OpenShift)
Create an image via S2I
Deploy the application pod
After completing this step, wait for 5–10 minutes to allow the build to finish within the OpenShift cluster.
Step 4: Monitor Build and Deployment
Track the build logs (Note: Track the build with following command and make sure build complete before hitting next commands):
oc get pods
Step 5: Expose the Service (Create a Route)
Expose your application so it can be accessed externally:
Retrieve the route URL:
Open the route URL in a browser. your Spring Boot Hello World Application will now be running on OpenShift!
Step 6: Access OpenShift deployed microservice API
curl http://springboot-helloworld-app-springboot-helloworld-project.apps-crc.testing/hello
