To install and run Kuma on OpenShift execute the following steps:
Finally you can follow the Quickstart to take it from here and continue your Kuma journey.
# 1. Download Kuma
To run Kuma on OpenShift, you need to download a compatible version of Kuma for the machine from which you will be executing the commands.
# 2. Run Kuma
Once downloaded, you will find the contents of Kuma in the
kuma-1.0.0 folder. In this folder, you will find - among other files - the
bin directory that stores the executables for Kuma, including the CLI client
Note: On OpenShift - of all the Kuma binaries in the
bin folder - we only need
So we enter the
bin folder by executing:
$ cd kuma-1.0.0/bin
We suggest adding the
kumactl executable to your
PATH so that it's always available in every working directory. Or - alternatively - you can also create link in
/usr/local/bin/ by executing:
ln -s ./kumactl /usr/local/bin/kumactl
And we can then proceed to install Kuma on OpenShift with:
This example will run Kuma in
standalone mode for a "flat" deployment, but there are more advanced deployment modes like "multi-zone".
It may take a while for OpenShift to start the Kuma resources, you can check the status by executing:
$ oc get pod -n kuma-system
# 3. Use Kuma
kuma-cp) will be installed in the newly created
kuma-system namespace! Now that Kuma has been installed, you can access the control-plane via either the GUI,
oc, the HTTP API, or the CLI:
You will notice that Kuma automatically creates a
Mesh entity with name
Kuma explicitly specifies UID for
kuma-dp sidecar to avoid capturing traffic from
kuma-dp itself. For that reason,
nonroot Security Context Constraint (opens new window) has to be granted to the application namespace:
$ oc adm policy add-scc-to-group nonroot system:serviceaccounts:<app-namespace>
If namespace is not configured properly, we will see following error on the
'pods "kuma-demo-backend-v0-cd6b68b54-" is forbidden: unable to validate against any security context constraint: [spec.containers.securityContext.securityContext.runAsUser: Invalid value: 5678: must be in the ranges: [1000540000, 1000549999]]'
# 4. Quickstart
Congratulations! You have successfully installed Kuma on OpenShift 🚀.
In order to start using Kuma, it's time to check out the quickstart guide for Kubernetes deployments.
Before running Kuma Demo in the Quickstart, remember to run the following command
$ oc adm policy add-scc-to-group anyuid system:serviceaccounts:kuma-demo
In case of Kuma Demo, one of the component requires root access therefore we use
anyuid instead of