Kong: Kong installation steps for Openshift

we cannot possibly support all platforms, hence Openshift is one that is not covered. As we do not know openshift, we'd be unable to provide you with those steps.

Now if you tell us what you're specifically running in to, we might be able to help, as we do know Kong...

Hi,

When running postgres.yaml in Openshift for creating postgres container, it failed to start with this error:
"initdb: could not look up effective user ID 1000310000: user does not exist"

postgres.yaml is taken from https://github.com/Mashape/kong-dist-kubernetes/blob/master/postgres.yaml

Also tried running cassandra using https://github.com/Mashape/kong-dist-kubernetes/blob/master/cassandra.yaml

Here is the error log:
Starting Cassandra on 10.1.22.5
CASSANDRA_CONF_DIR /etc/cassandra
CASSANDRA_CFG /etc/cassandra/cassandra.yaml
CASSANDRA_AUTO_BOOTSTRAP true
CASSANDRA_BROADCAST_ADDRESS 10.1.22.5
CASSANDRA_BROADCAST_RPC_ADDRESS 10.1.22.5
CASSANDRA_CLUSTER_NAME 'Test Cluster'
CASSANDRA_COMPACTION_THROUGHPUT_MB_PER_SEC
CASSANDRA_CONCURRENT_COMPACTORS
CASSANDRA_CONCURRENT_READS
CASSANDRA_CONCURRENT_WRITES
CASSANDRA_COUNTER_CACHE_SIZE_IN_MB
CASSANDRA_DC
CASSANDRA_DISK_OPTIMIZATION_STRATEGY ssd
CASSANDRA_ENDPOINT_SNITCH SimpleSnitch
CASSANDRA_GC_WARN_THRESHOLD_IN_MS
CASSANDRA_INTERNODE_COMPRESSION
CASSANDRA_KEY_CACHE_SIZE_IN_MB
CASSANDRA_LISTEN_ADDRESS 10.1.22.5
CASSANDRA_LISTEN_INTERFACE
CASSANDRA_MEMTABLE_ALLOCATION_TYPE
CASSANDRA_MEMTABLE_CLEANUP_THRESHOLD
CASSANDRA_MEMTABLE_FLUSH_WRITERS
CASSANDRA_MIGRATION_WAIT 1
CASSANDRA_NUM_TOKENS 32
CASSANDRA_RACK
CASSANDRA_RING_DELAY 30000
CASSANDRA_RPC_ADDRESS 0.0.0.0
CASSANDRA_RPC_INTERFACE
CASSANDRA_SEEDS
CASSANDRA_SEED_PROVIDER io.k8s.cassandra.KubernetesSeedProvider
sed: couldn't open temporary file /etc/cassandra/sed4lYuYf: Permission denied

Details:
Openshift: v3.3.1.7
kubernetes v1.3.0+52492b4

well, that's not a Kong question, but a postgres one...

Postgres seems to be supported https://developers.openshift.com/databases/postgresql.html but keep in mind that Kong requires 9.4+

@infinitebyte as @Tieske we currently do not support Openshift. It is something we can look into in future but not sure when.

I need this feature also. I think a lot of people need this feature currently in the cloud world.

We would love to deploy Kong in openshift as well.

That's an openshift specific issue. Openshift runs containers with arbitrary UID's so as to not run as root... you need to configure the postgres image to allow this.

read here: https://docs.openshift.com/enterprise/3.0/creating_images/guidelines.html

there's a section on enabling arbitrary UIDs.

Is there a specific reason that the container runs root? from a security standpoint that is unwise i think. but correct me if i am wrong please.

@sanderkooger @xqianwang It works on openshift origin now. I deployed Kong on Openshift today. However, you'll have to modify the base image to run using non-root user. Also, have to update database contact point in an environment variable.

@code2design how did you?
Why there's no support for Openshift now? It's a very growing and trusted technology. Would be very useful have native support and official installations for Kong

Installing k8s software via helm into openshift works pretty well. One normally needs to:

• fork the docker image(s) and remove root usage
• fork the chart(s) and change ingress to routes