Skip to content

Running Humio on OpenShift

Reading time: 1 minute

The other day I wanted to test Humio on OpenShift, but I ran into some problems. Mainly due to OpenShift’s reluctance to run containers as root, but also a few other Humio/Zookeeper/Kafka related issues.

After a few tweaks I had it up and running, having the pod use a dedicated system account with root/anyuid privileges. Below is a working deployment configuration and the steps required to make it run, so you too can have Humio run on OpenShift.

This was tested on OKD (Origin) v3.9 and v3.11.

Please note that running containers as root is unadvisable and generally considered bad security practice. Take this into consideration if you plan to use it in a live production environment.

You can find the DC here. These are the main points:

  • A memory limit of 5 GB (set it to anything below and it won’t start)
  • Basic health checks
  • Humio environment variables required for it to run (bind socket and port)
  • ‘Recreate’ deployment strategy – with persistent storage Kafka refuses to start if storage is already claimed by another process, making rolling deployments fail
  • Runs as service account user “humio”

Here’s how to get it up and running:

1. Create a new project (optional)

oc new-project humio-project

2. Create a dedicated serviceaccount with root (anyuid) privileges

oc project humio-project
oc create serviceaccount humio
oc adm policy add-scc-to-user anyuid -z humio

3. Deploy the Humio Docker image using the Docker Hub repository

oc new-app humio/humio
oc expose svc/humio

4. Replace the default deployment configuration

wget https://gitlab.com/snippets/1792577/raw -O humio.yaml
oc replace -f humio.yaml

And that should be it!

If your OpenShift installation supports persistent volumes (PVs), and you want Humio to claim storage, you can add storage claims mapped to the following directories:

/data
/backup

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.