# OpenShift

To install and run Kuma on OpenShift execute the following steps:

Finally you can follow the Quickstart to take it from here and continue your Kuma journey.

# 1. Download Kuma

To run Kuma on OpenShift, you need to download a compatible version of Kuma for the machine from which you will be executing the commands.

    # 2. Run Kuma

    Once downloaded, you will find the contents of Kuma in the kuma-1.0.0 folder. In this folder, you will find - among other files - the bin directory that stores the executables for Kuma, including the CLI client kumactl.

    Note: On OpenShift - of all the Kuma binaries in the bin folder - we only need kumactl.

    So we enter the bin folder by executing:

    $ cd kuma-1.0.0/bin

    We suggest adding the kumactl executable to your PATH so that it's always available in every working directory. Or - alternatively - you can also create link in /usr/local/bin/ by executing:

    ln -s ./kumactl /usr/local/bin/kumactl

    And we can then proceed to install Kuma on OpenShift with:

      This example will run Kuma in standalone mode for a "flat" deployment, but there are more advanced deployment modes like "multi-zone".

      It may take a while for OpenShift to start the Kuma resources, you can check the status by executing:

      $ oc get pod -n kuma-system

      # 3. Use Kuma

      Kuma (kuma-cp) will be installed in the newly created kuma-system namespace! Now that Kuma has been installed, you can access the control-plane via either the GUI, oc, the HTTP API, or the CLI:

        You will notice that Kuma automatically creates a Mesh entity with name default.

        Kuma explicitly specifies UID for kuma-dp sidecar to avoid capturing traffic from kuma-dp itself. For that reason, nonroot Security Context Constraint (opens new window) has to be granted to the application namespace:

        $ oc adm policy add-scc-to-group nonroot system:serviceaccounts:<app-namespace>

        If namespace is not configured properly, we will see following error on the Deployment or DeploymentConfig

        'pods "kuma-demo-backend-v0-cd6b68b54-" is forbidden: unable to validate against any security context constraint: [spec.containers[1].securityContext.securityContext.runAsUser: Invalid value: 5678: must be in the ranges: [1000540000, 1000549999]]'

        # 4. Quickstart

        Congratulations! You have successfully installed Kuma on OpenShift 🚀.

        In order to start using Kuma, it's time to check out the quickstart guide for Kubernetes deployments.

        Before running Kuma Demo in the Quickstart, remember to run the following command

        $ oc adm policy add-scc-to-group anyuid system:serviceaccounts:kuma-demo

        In case of Kuma Demo, one of the component requires root access therefore we use anyuid instead of nonroot permission.

        Last Updated: 11/17/2020, 4:59:15 PM