Build, Secure and Observe
your modern Service Mesh

The open-source control plane for your Service Mesh, delivering high performance and reliability.

Kuma service diagram

Universal Control Plane

Universal Control Plane diagram

Built on top of Envoy, Kuma is a modern control plane to orchestrate L4/L7 traffic, including Microservices and Service Mesh.

Powerful Policies

Universal Control Plane diagram

Out of the box Ingress and Service Mesh service management policies for security, observability, routing, and more.

Platform Agnostic

Platform Agnostic diagram

Enterprise-ready and platform agnostic with native Kubernetes + CRD support, as well as VM and Bare Metal via YAML + REST.

Get Started In 1 Minute

Kubernetes Logo Tab Icon Kubernetes Logo Active Tab Icon

Kubernetes

  1. Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kumactl install control-plane | kubectl apply -f -
    
    1
  2. Deploy your Services

    You can now deploy your services, which will be automatically injected with a Kuma sidecar data-plane:

    $ kubectl apply -f https://raw.githubusercontent.com/Kong/kuma/master/examples/kubernetes/sample-service.yaml
    
    1
  3. Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "apiVersion: kuma.io/v1alpha1
    kind: Mesh
    metadata:
      namespace: kuma-system
      name: default
    spec:
      mtls:
        enabled: true
        ca:
          builtin: {}" | kubectl apply -f -
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
Universal Logo Tab Icon Universal Logo Active Tab Icon

Universal

  1. Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kuma-cp run &
    
    1
  2. Start your Services and start the data-plane

    For each Service that belongs to the Service Mesh, you must start a Dataplane Entity. After configuring the networking, you can start the data-plane process:

    $ kuma-tcp-echo --port 9000 # This is a sample service
    
    $ echo "type: Dataplane
    mesh: default
    name: dp-echo-1
    networking:
      inbound:
      - interface: 127.0.0.1:10000:9000
        tags:
          service: echo" | kumactl apply -f -
    
    $ KUMA_CONTROL_PLANE_BOOTSTRAP_SERVER_URL=http://127.0.0.1:5682 \
      KUMA_DATAPLANE_MESH=default \
      KUMA_DATAPLANE_NAME=dp-echo-1 \
      kuma-dp run
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
  3. Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "type: Mesh
    name: default
    mtls:
      enabled: true
      ca:
        builtin: {}" | kumactl apply -f -
    
    1
    2
    3
    4
    5
    6

Run Services, Not Networks

Before

Before implementing Kuma

After

After implementing Kuma