Build, Secure and Observe
your modern Service Mesh

The open-source control plane for modern connectivity, delivering high performance and reliability with Envoy.

Kuma service diagram

Kuma 0.3.2 Released with Prometheus Integration, new Gateway Mode, and much more. Install Now!

CRD + RESTful Interface

Universal Control Plane diagram

Built on top of Envoy, Kuma can be fully operated via simple CRDs on Kubernetes or with a RESTful API on other platforms. GUI included.

L4 + L7 Policies

Universal Control Plane diagram

Connect your Microservices with Kuma, and apply intuitive policies for security, observability, routing, and more in one command.

Platform Agnostic

Platform Agnostic diagram

Kuma can run anywhere, on Kubernetes and VMs, in the cloud or on-premise, in single or multi-datacenter setups.

Get Started In 1 Minute

Kubernetes Logo Tab Icon Kubernetes Logo Active Tab Icon

Kubernetes

  1. Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kumactl install control-plane | kubectl apply -f -
    
    1
  2. Deploy your Services

    You can now deploy your services, which will be automatically injected with a Kuma sidecar data-plane:

    $ kubectl apply -f https://raw.githubusercontent.com/Kong/kuma/master/examples/kubernetes/sample-service.yaml
    
    1
  3. Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "apiVersion: kuma.io/v1alpha1
    kind: Mesh
    metadata:
      name: default
    spec:
      mtls:
        enabled: true
        ca:
          builtin: {}" | kubectl apply -f -
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
Universal Logo Tab Icon Universal Logo Active Tab Icon

Universal

  1. Start the Control Plane

    After downloading and installing Kuma, you can start the control plane. Kuma automatically creates a default Mesh:

    $ kuma-cp run &
    
    1
  2. Start your Services and start the data-plane

    For each Service that belongs to the Service Mesh, you must start a Dataplane Entity. After configuring the networking, you can start the data-plane process:

    $ kuma-tcp-echo --port 9000 # This is a sample service
    
    $ echo "type: Dataplane
    mesh: default
    name: dp-echo-1
    networking:
      inbound:
      - interface: 127.0.0.1:10000:9000
        tags:
          service: echo" | kumactl apply -f -
    
    $ kumactl generate dataplane-token --dataplane=dp-echo-1 > /tmp/kuma-dp-echo-1
    
    $ kuma-dp run
      --name=dp-echo-1 \
      --mesh=default \
      --cp-address=http://127.0.0.1:5681 \
      --dataplane-token-file=/tmp/kuma-dp-echo-1
    
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
  3. Apply Policies

    You can now apply Policies like Mutual TLS to encrypt the communication within the Mesh. Congratulations! You have secured your Service Mesh!

    $ echo "type: Mesh
    name: default
    mtls:
      enabled: true
      ca:
        builtin: {}" | kumactl apply -f -
    
    1
    2
    3
    4
    5
    6

Run Services, Not Networks

Before

Before implementing Kuma

After

After implementing Kuma