Careful!

You are browsing documentation for a version of Kuma that is not the latest release.

Go here to browse the documentation for the latest version.

Looking for even older versions? Learn more.

Kuma CNI

The operation of the Kuma data plane proxy, precludes that all the relevant inbound and outbound traffic on the host (or container) that runs the service is diverted to pass through the proxy itself. This is done through transparent proxying, which is set up automatically on Kubernetes. Installing it requires certain privileges, which are delegated to pre-sidecar initialisation steps. There are two options to do this with Kuma:

  • use the standard kuma-init, which is the default
  • use the Kuma CNI

Kuma CNI can be leveraged in the two installation methods for Kubernetes: using kumactl and with Helm. The default settings are tuned for OpenShift with Multus, therefore to use it in other environments we need to set the relevant configuration parameters.

Below are the details of how to set-up each of the options, considering and example where a plain Kubernetes cluster deployed with kubeadm and the default Calico CNI is used.

Supply the following arguments to kumactl, to enable the CNI setup and configure it for chaining with the CNI plugin.

kumactl install control-plane \
  --cni-enabled \
  --cni-chained \
  --cni-net-dir /etc/cni/net.d \
  --cni-bin-dir /opt/cni/bin \
  --cni-conf-name 10-calico.conflist
Last Updated: 10/26/2022, 10:13:28 AM