# Build, Secure and Observe
your modern Service Mesh

# The open-source control plane for modern connectivity, delivering high performance and reliability with Envoy.

Kuma service diagram

Kuma 0.3.2 Released with Prometheus Integration, new Gateway Mode, and much more. Install Now!

# CRD + RESTful Interface

Universal Control Plane diagram

Built on top of Envoy, Kuma can be fully operated via simple CRDs on Kubernetes or with a RESTful API on other platforms. GUI included.

# L4 + L7 Policies

Universal Control Plane diagram

Connect your Microservices with Kuma, and apply intuitive policies for security, observability, routing, and more in one command.

# Platform Agnostic

Platform Agnostic diagram

Kuma can run anywhere, on Kubernetes and VMs, in the cloud or on-premise, in single or multi-datacenter setups.

Kuma reduces complexity and accelerates service reliability with an Envoy-based Service Mesh

Portrait photo of Luca Maraschi

Luca Maraschi

Chief Architect at Telus Digital

# Get Started In 1 Minute

Kubernetes Logo Tab Icon Kubernetes Logo Active Tab Icon

# Kubernetes

  1. # Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kumactl install control-plane | kubectl apply -f -
    
    1
  2. # Deploy your Services

    You can now deploy your services, which will be automatically injected with a Kuma sidecar data-plane:

    $ kubectl apply -f https://raw.githubusercontent.com/Kong/kuma/master/examples/kubernetes/sample-service.yaml
    
    1
  3. # Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "apiVersion: kuma.io/v1alpha1
    kind: Mesh
    metadata:
      name: default
    spec:
      mtls:
        enabled: true
        ca:
          builtin: {}" | kubectl apply -f -
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
Universal Logo Tab Icon Universal Logo Active Tab Icon

# Universal

  1. # Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kuma-cp run &
    
    1
  2. # Start your Services and start the data-plane

    For each Service that belongs to the Service Mesh, you must start a Dataplane Entity. After configuring the networking, you can start the data-plane process:

    $ kuma-tcp-echo --port 9000 # This is a sample service
    
    $ echo "type: Dataplane
    mesh: default
    name: dp-echo-1
    networking:
      inbound:
      - interface: 127.0.0.1:10000:9000
        tags:
          service: echo" | kumactl apply -f -
    
    $ kumactl generate dataplane-token --dataplane=dp-echo-1 > /tmp/kuma-dp-echo-1
    
    $ kuma-dp run
      --name=dp-echo-1 \
      --mesh=default \
      --cp-address=http://127.0.0.1:5681 \
      --dataplane-token-file=/tmp/kuma-dp-echo-1
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
  3. # Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "type: Mesh
    name: default
    mtls:
      enabled: true
      ca:
        builtin: {}" | kumactl apply -f -
    
    1
    2
    3
    4
    5
    6

# Run Services, Not Networks

Before

Before implementing Kuma

After

After implementing Kuma