Kong Mesh with OpenShift
To install and run Kong Mesh on OpenShift, execute the
Finally, you can follow the Quickstart to take it from here
and continue your Kong Mesh journey.
You have a license for Kong Mesh.
1. Download Kong Mesh
To run Kong Mesh on OpenShift, you need to download a
compatible version of Kong Mesh for the machine from which
you will be executing the commands.
2. Run Kong Mesh
Note: Before running the Kong Mesh
control plane process in the next step — which is served by the
kuma-cp container — you need to have a valid
Kong Mesh license in place.
Navigate to the
$ cd kong-mesh-1.2.4/bin
We suggest adding the
kumactl executable to your
PATH so that it’s always
available in every working directory. Alternatively, you can also create a link
/usr/local/bin/ by executing:
$ ln -s ./kumactl /usr/local/bin/kumactl
Then, run the control plane on OpenShift with:
/path/to/license.json is the path to a valid Kong Mesh
license file on the file system.
This example will run Kong Mesh in standalone mode for a flat
deployment, but there are more advanced deployment modes
It may take a while for OpenShift to start the
Kong Mesh resources. You can check the status by executing:
$ oc get pod -n kuma-system
3. Verify the Installation
Now that Kong Mesh (
kuma-cp) has been installed in the newly
kuma-system namespace, you can access the control plane using either
oc, the HTTP API, or the CLI:
You will notice that Kong Mesh automatically creates a
entity with the name
Kong Mesh explicitly specifies a UID
sidecar to avoid capturing traffic from
itself. For that reason, a
Security Context Constraint
has to be granted to the application namespace:
$ oc adm policy add-scc-to-group nonroot system:serviceaccounts:<app-namespace>
If the namespace is not configured properly, you will see the following error
'pods "kuma-demo-backend-v0-cd6b68b54-" is forbidden: unable to validate against any security context constraint:
[spec.containers.securityContext.securityContext.runAsUser: Invalid value: 5678: must be in the ranges: [1000540000, 1000549999]]'
Congratulations! You have successfully installed Kong Mesh.
Before running the Kuma Demo in the Quickstart guide,
run the following command:
$ oc adm policy add-scc-to-group anyuid system:serviceaccounts:kuma-demo
One of the components in the demo requires root access, therefore it uses the
instead of the
After installation and the above command, the Kuma quickstart documentation
is fully compatible with Kong Mesh, except that you are
running Kong Mesh containers instead of the vanilla Kuma ones.
To start using Kong Mesh, see the
quickstart guide for Kubernetes deployments.