Build, Secure and Observe
your modern Service Mesh

The open-source control plane to build your Mesh, delivering high performance and reliability.

Kuma service diagram

Universal Control Plane

Universal Control Plane diagram

Built on top of Envoy, Kuma is a modern control plane for Microservices and Service Mesh. Universal for both VMs and Kubernetes.

Intuitive Policies

Universal Control Plane diagram

Easy to use Service Mesh policies for security, observability, routing, and more. Low operational overhead with multi-tenancy since day one.

Platform Agnostic

Platform Agnostic diagram

Runs on both Virtual Machines and Kubernetes in order to deliver value to both existing and modern workloads.

Get Started In 1 Minute

Kubernetes Logo Tab Icon Kubernetes Logo Active Tab Icon

Kubernetes

  1. Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kumactl install control-plane | kubectl apply -f -
    
    1
  2. Deploy your Services

    You can now deploy your services, which will be automatically injected with a Kuma sidecar data-plane:

    $ kubectl apply -f https://raw.githubusercontent.com/Kong/kuma/master/examples/kubernetes/sample-service.yaml
    
    1
  3. Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "apiVersion: kuma.io/v1alpha1
    kind: Mesh
    metadata:
      namespace: kuma-system
      name: default
    spec:
      mtls:
        enabled: true
        ca:
          builtin: {}" | kubectl apply -f -
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
Universal Logo Tab Icon Universal Logo Active Tab Icon

Universal

  1. Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kuma-cp run &
    
    1
  2. Start your Services and start the data-plane

    For each Service that belongs to the Service Mesh, you must start a Dataplane Entity. After configuring the networking, you can start the data-plane process:

    $ kuma-tcp-echo --port 9000 # This is a sample service
    
    $ echo "type: Dataplane
    mesh: default
    name: dp-echo-1
    networking:
      inbound:
      - interface: 127.0.0.1:10000:9000
        tags:
          service: echo" | kumactl apply -f -
    
    $ KUMA_CONTROL_PLANE_BOOTSTRAP_SERVER_URL=http://127.0.0.1:5682 \
      KUMA_DATAPLANE_MESH=default \
      KUMA_DATAPLANE_NAME=dp-echo-1 \
      kuma-dp run
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
  3. Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "type: Mesh
    name: default
    mtls:
      enabled: true
      ca:
        builtin: {}" | kumactl apply -f -
    
    1
    2
    3
    4
    5
    6

Run Services, Not Networks

Before

Before implementing Kuma

After

After implementing Kuma