Preparing a client to connect to the cluster

Make sure that the client that you intend to use to connect to the Red Hat OpenShift cluster has all the necessary tools.

About this task

A Red Hat OpenShift Kubernetes Service (ROKS) cluster and a private Red Hat OpenShift cluster have different requirements. Make sure that the client can connect to the cluster you want to use, and has the necessary CLI tools. Install the appropriate tools from the following list.

Client-side requirements
Table 1. Client-side requirements step by step
Requirement More information
Kubernetes 1.21+ CLI

Use a kubectl version that is within one minor version difference of your cluster. For more information, see Install Tools. Using the latest version of kubectl helps avoid unforeseen issues.

  1. Set the required version to an environment variable:
    export KUBECTL_VERSION=`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`
  2. Download the latest release with the command for your VM/machine architecture:

    Linux on AMD x86-64 or amd64

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl"

    Linux on Power or ppc64le

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/ppc64le/kubectl"

    Linux on IBM Z or s390x

    curl -LO "https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/s390x/kubectl"

Use the chmod command to give access to kubectl and make it executable for all users.

chmod a+x kubectl

To check the version, run the following command.

kubectl version --client

Place the kubectl binary in a directory that is on your PATH. To check your PATH, run the following command.

echo $PATH
OpenShift Container Platform CLI For more information, see the Red Hat OpenShift 4.10 documentation and go to the download link. Download the latest version for your OpenShift Container Platform cluster.

The CLI has commands for managing your applications, and lower-level tools to interact with each component of your system.

Place the oc binary in a directory that is on your PATH. To check your PATH, run the following command.

echo $PATH

When the CLI is in your PATH, it is available by running the oc command.

Podman CLI If you plan to download the Cloud Pak images to a private registry, you must install the Podman CLI. You can install Podman by running the following command.
yum -y install podman
Note: The Podman CLI is needed on an OpenShift Container Platform registry, as OpenShift Container Platform does not support a Docker login. If you plan to run the scripts on macOS or you want to stick with docker, you must install the Docker CLI and add the following line to the /etc/docker/deamon.json file.
"insecure-registries":["route"]
Where route is the name of the route for your image registry. For example, { "insecure-registries":["default-route-openshift-image-registry.apps.<hostname>"] }.

Use this solution for isolated testing or in tightly controlled environments only. For more information, see Deploy a plain HTTP registry.

cert-kubernetes Download the cert-kubernetes repository.
Note: Releases with interim fixes are packaged in archives with a new minor version. The version numbers follow the release.major.minor standard. For example, the first interim fix for 23.0.2 is packaged in the archive ibm-cp-automation-5.1.0.tgz. All available and future interim fixes provide an associated CASE package. To find the relevant instructions, go to the interim fix readme file.
  1. Download the 23.0.2 package by clicking Container Application Software for Enterprises (CASE) package 5.1.0, or go to the CASE packages URL and download the package for a specific or the latest interim fix.
    wget <case_package_url>
  2. Extract the package.
    tar -xvzf ibm-cp-automation-5.1.0.tgz
    cd ibm-cp-automation/inventory
    cd cp4aOperatorSdk/files/deploy/crs
    tar -xvf cert-k8s-23.0.2.tar
Bastion host Any virtual network or VLAN such as a VPC in AWS, a VNet in ARO, or a VPC in IBM Cloud, are configured with private IP addresses, so you need to be inside the VLAN, VPC, VNet, or private network in order to communicate with resources by using private IP addresses. If you are outside of the private network and you want to talk to the private IP addresses, you must have a tunnel into the private network. Otherwise, the resource needs to have a public IP address or an FQDN that can be discovered with public DNS for you to talk to from outside the private network.
What else is needed before you run the installation scripts
Table 2. Script requirements
Requirement More information
Operating system The scripts can be used on amd64/x86/ppc64le/s390x based (CentOS Stream/RHEL/MacOS) VM/machines. You can also run the scripts on an amd64/x86 machine, for example, and connect to a Linux on Z or a Linux on Power based cluster.

What to do next

Go to and complete the next step in Preparing a namespace for the operator.