This is a quickstart to get you up and running with Kong Mesh in standalone mode on OpenShift.

This tutorial does not require a license, Kong Mesh can start in evaluation mode, and limits you 5 dataplanes/sidecars to use. Just enough dataplanes to get comfortable with the product.

For OpenShfit, we'll be spinning up a ROSA 4.12 cluster. This tutorial does also assume some base level knowledge of OpenShift.

This tutorial will cover:

• How to use the Red Hat Certified Kong Mesh Images
• How to implement the required OpenShift SecurityContextConstraints (SCC) for the kong-mesh sidecar
• Deploy and join the Kong for Kubernetes Ingress Controller (KIC) to the mesh
• Deploy a sample application, bookinfo, on the mesh and validate it's all working

Fun! Let's do it!

• Prerequisites
• Install ROSA
• Install Kong Mesh
• Deploy Bookinfo
• Deploy Kuma-Demo
• Clean Up

The prerequisites for this tutorial:

1. ROSA cli or another OpenShift 4.12 cluster with the ability to create LoadBalancer type Kubernetes Services
2. kubectl cli
3. oc cli
4. Helm 3

Create System Variables:

CLUSTER_NAME=df-mesh-2
REGION=us-west-2

Create a small ROSA cluster:

rosa create cluster --cluster-name=$CLUSTER_NAME --region=$REGION --multi-az=false --version 4.12.13

When the Cluster install is complete, create a cluster-admin user:

rosa create admin --cluster $CLUSTER_NAME

Validate you can login to the cluster via the credentials provided by the rosa cli stdout. Once login is successful you can proceed to the next step.

kubectl create namespace kong-mesh-system

Create the image pull secret:

kubectl create secret docker-registry rh-registry-secret -n kong-mesh-system \
    --docker-server=registry.connect.redhat.com \
    --docker-username=<username> \
    --docker-password=<password> \
    --docker-email=<email>

Add nonroot-v2 to job service accounts:

oc adm policy add-scc-to-user nonroot-v2 system:serviceaccount:kong-mesh-system:kong-mesh-install-crds
oc adm policy add-scc-to-user nonroot-v2 system:serviceaccount:kong-mesh-system:kong-mesh-patch-ns-job 
oc adm policy add-scc-to-user nonroot-v2 system:serviceaccount:kong-mesh-system:kong-mesh-pre-delete-job

Grab the latest helm chart:

helm repo add kong-mesh https://kong.github.io/kong-mesh-charts

Install Kong Mesh

helm upgrade -i kong-mesh kong-mesh/kong-mesh --version 2.2.0 -f kong-mesh/values.yaml -n kong-mesh-system

Open a second terminal and port-forward to reach the mesh GUI:

kubectl port-forward svc/kong-mesh-control-plane -n kong-mesh-system 5681:5681

You should be able to reach the Kong-Mesh UI at http://localhost:5681/gui

Last, do some prep work for the sidecar itself so sidecars will startup successfully. Apply the kong-mesh-sidecar scc and corresponding container patches:

kubectl create -f kong-mesh/kong-mesh-sidecar-scc.yaml
kubectl apply -f kong-mesh/container-patch.yaml 

From here, you can proceed to the Bookinfo tutorial or the Kuma-Demo tutorial to test out Kong Mesh.

Tear Down bookinfo:

kubectl delete deploy,svc,ingress --all -n bookinfo

Tear Down KIC:

helm uninstall kong -n kong

Tear Down Kuma-Demo:

kubectl delete deploy,svc --all -n kuma-demo

Last Tear Down Kong Mesh:

helm uninstall kong-mesh -n kong-mesh-system

And all the components should be down! It's safe to destroy the ROSA cluster.

Delete the ROSA cluster-admin user:

rosa delete admin --cluster $CLUSTER_NAME

Delete ROSA cluster:

rosa delete cluster --cluster $CLUSTER_NAME

Thanks for making it to end!