# OpenShift

To install and run Kuma on OpenShift execute the following steps:

Finally you can follow the Quickstart to take it from here and continue your Kuma journey.

# 1. Download Kuma

To run Kuma on OpenShift, you need to download a compatible version of Kuma for the machine from which you will be executing the commands.

    # 2. Run Kuma

    Once downloaded, you will find the contents of Kuma in the kuma-1.4.0 folder. In this folder, you will find - among other files - the bin directory that stores the executables for Kuma, including the CLI client kumactl.

    Note: On OpenShift - of all the Kuma binaries in the bin folder - we only need kumactl.

    So we enter the bin folder by executing:

    cd kuma-1.4.0/bin

    We suggest adding the kumactl executable to your PATH so that it's always available in every working directory. Or - alternatively - you can also create link in /usr/local/bin/ by executing:

    ln -s ./kumactl /usr/local/bin/kumactl

    Finally we can install and run Kuma in either standalone or multi-zone mode:

      It may take a while for OpenShift to start the Kuma resources, you can check the status by executing:

      oc get pod -n kuma-system

      # 3. Use Kuma

      Kuma (kuma-cp) will be installed in the newly created kuma-system namespace! Now that Kuma has been installed, you can access the control-plane via either the GUI, oc, the HTTP API, or the CLI:

        You will notice that Kuma automatically creates a Mesh entity with name default.

        Kuma explicitly specifies UID for kuma-dp sidecar to avoid capturing traffic from kuma-dp itself. For that reason, nonroot Security Context Constraint (opens new window) has to be granted to the application namespace:

        oc adm policy add-scc-to-group nonroot system:serviceaccounts:<app-namespace>

        If namespace is not configured properly, we will see following error on the Deployment or DeploymentConfig

        'pods "kuma-demo-backend-v0-cd6b68b54-" is forbidden: unable to validate against any security context constraint: [spec.containers[1].securityContext.securityContext.runAsUser: Invalid value: 5678: must be in the ranges: [1000540000, 1000549999]]'

        # 4. Quickstart

        Congratulations! You have successfully installed Kuma on OpenShift 🚀.

        In order to start using Kuma, it's time to check out the quickstart guide for Kubernetes deployments.

        Before running Kuma Demo in the Quickstart, remember to run the following command

        oc adm policy add-scc-to-group anyuid system:serviceaccounts:kuma-demo

        In case of Kuma Demo, one of the component requires root access therefore we use anyuid instead of nonroot permission.

        Last Updated: 11/22/2021, 4:36:48 PM