Skip to Content

Container Platform

Last modified by Tommi Tuura on 2025/06/15 15:28

Tike Container Platform

University of Helsinki (henceforth UH or university) has a centralized, shared container platform, Red Hat OpenShift. There are two shared clusters, testing and production. Each project gains access to both clusters.

Using the container platform requires registering the project to platform support. All project members belonging to the IAM-group receive login access to OpenShift and gain admin privileges for the project.

Production: https://console-openshift-console.apps.ocp-prod-0.k8s.it.helsinki.fi/

Testing: https://console-openshift-console.apps.ocp-test-0.k8s.it.helsinki.fi/

Image repository

UH offers an Image repository Quay.io

In addition, OpenShift can build images inside an internal image repository.

You can also use image repositories such as Dockerhub, registry.redhat.com or the one inside Gitlab.

OpenShift client

Programs running in OpenShift can be accessed with the OpenShift client

Download the client from: https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/ (choose client for your operating system, the installer won't help you)

Place the program binary oc in your path, so that your terminal client can find it.

echo $PATH

Make sure you are in the university internal/perimeter network, for example helsinki-fi-only VPN

Using the oc-client to login:

On June 14th 2025, direct logins with LDAP backend were disabled in favor of University of Helsinki SSO (via OpenID Connect). This means the login process will inevitably involve your web browser and login.helsinki.fi. You can either initiate the login with the oc client with '-w' option or use the "Copy login command" at the web console after you have logged in as usual to the web console. This command will include an access token tied to your user account. 

The oc login with -w option requires you to run the oc client on your local workstation, as it opens temporary port for a webhook your browser will connect to after successful login. 

to test

oc login -w https://api.ocp-test-0.k8s.it.helsinki.fi:6443

to prod

oc login -w https://api.ocp-prod-0.k8s.it.helsinki.fi:6443

After successful login, the client will connect to the API-server of the correct OpenShift cluster. Login rights are based on group-membership, which relates to the Project admin group that was given during your project order. Make sure that your user is part of the correct group(s).

Oc terminal client is an expanded version of Kubernetes' kubectl -client. All kubectl function should work 'as is' if you change kubectl → oc.

The package downloaded from Red Hat's url actually contains both the kubectl and oc binaries. In actuality they are both the same program, but after testing it seems like when launching with kubectl the terminal client tries to behave as original kubectl and oc specific functions no longer work.

In addition to OpenShift client, there are other terminal programs,

of these, the OpenShift web-console recommends using Helm or odo.

Instructions

There are two types of instructions available.

  • General instructions for developers
    • How to use OpenShift; what different resource types mean, what changes what and how to do everything
  • Instructions for managing projects
    • how to order one, what the things in the form mean and how to manage your project in Onify.

In addition we have compiled some helpful documentation.

OpenShift documentation:

- OpenShift docs

- The documentation for 3.X is partially applicable.

- The documentation for Kubernetes can also be applied to OpenShift: Kubernetes docs, make sure to look at the correct version of Kubernetes.

After logging inside the oc client in your terminal you can check the underlying Kubernetes version in OpenShift with the command

oc version