Kong Mesh with OpenShift
To install and run Kong Mesh on OpenShift:
- Download Kong Mesh
- Run Kong Mesh
- Verify the Installation
Finally, you can follow the Quickstart to take it from here
and continue your Kong Mesh journey.
You have a license for Kong Mesh.
1. Download Kong Mesh
To run Kong Mesh on OpenShift, you need to download a
compatible version of Kong Mesh for the machine from which
you will be executing the commands.
2. Run Kong Mesh
We suggest adding the
kumactl executable to your
PATH so that it’s always
available in every working directory. Alternatively, you can also create a link
/usr/local/bin/ by executing:
ln -s kong-mesh-2.1.0/bin/kumactl /usr/local/bin/kumactl
Then, run the control plane on OpenShift with:
/path/to/license.json is the path to a valid Kong Mesh
license file on the file system.
This example will run Kong Mesh in standalone mode for a flat
deployment, but there are more advanced deployment modes
It may take a while for OpenShift to start the
Kong Mesh resources. You can check the status by running:
oc get pod -n kong-mesh-system
3. Verify the Installation
Now you can access the control plane with the GUI,
oc, the HTTP API, or the CLI:
Notice that Kong Mesh automatically creates a
entity with the name
Kong Mesh explicitly specifies a UID
kuma-dp sidecar to avoid capturing traffic from
kuma-dp itself. You must grant a
Security Context Constraint
to the application namespace:
oc adm policy add-scc-to-group nonroot system:serviceaccounts:<app-namespace>
If the namespace is not configured properly, you will see the following error
'pods "kuma-demo-backend-v0-cd6b68b54-" is forbidden: unable to validate against any security context constraint:
[spec.containers.securityContext.securityContext.runAsUser: Invalid value: 5678: must be in the ranges: [1000540000, 1000549999]]'
Congratulations! You have successfully installed Kong Mesh.
Before running the demo in the Quickstart guide,
run the following command:
oc adm policy add-scc-to-group anyuid system:serviceaccounts:kuma-demo
One of the components in the demo requires root access, therefore it uses the
anyuid instead of the
To start using Kong Mesh, see the
quickstart guide for Kubernetes deployments.