Careful!
You are browsing documentation for a version of Kuma that is not the latest release.
Kuma in Production
Production deployment of Kuma involves choosing the right topology, deploying control plane and data planes within a mesh, and configuring security and operational features. This section guides you through all aspects of running Kuma in production.
Deployment topologies
Choose the deployment model that fits your infrastructure:
- Deployment overview - Understand deployment modes and when to use each
- Single-zone deployment - Deploy Kuma in a single Kubernetes cluster or data center
- Multi-zone deployment - Connect multiple zones across regions, clouds, or data centers
Common scenarios:
| Scenario | Recommended topology |
|---|---|
| Single Kubernetes cluster or VPC | Single-zone |
| Multiple regions, clouds, or data centers | Multi-zone |
| Hybrid Kubernetes and VMs | Multi-zone |
| Cloud migration (on-premise to cloud) | Multi-zone |
Control plane deployment
Deploy and configure the Kuma control plane:
- Single-zone control plane - Deploy control plane for a single zone
- Multi-zone global control plane - Deploy global and zone control planes for multi-zone setup
- Zone Ingress - Configure cross-zone service communication
- Zone Egress - Route external traffic through dedicated egress proxies
- Zone proxy authentication - Secure zone proxy connections to the global control plane
- Kubernetes deployment - Kubernetes-specific control plane configuration
- systemd deployment - Run control plane as a system daemon on Universal
- Control plane configuration reference - Complete configuration options for kuma-cp
Data plane configuration
Configure data plane proxies for Kubernetes and Universal:
- Data plane proxy overview - Understand how data plane proxies work
- Kubernetes data plane - Configure proxies with sidecar injection on Kubernetes
- Universal data plane - Configure proxies on VMs or bare metal
- Transparent proxying - Enable automatic traffic interception without code changes
- Kuma CNI - Use CNI plugin for network configuration on Kubernetes
- IPv6 support - Configure IPv6 networking
Secure your deployment
Protect your mesh with authentication, authorization, and encryption:
- Secrets management - Store and manage sensitive data like certificates and keys
- API access control - Control administrative access to the Kuma API
- API server authentication - Configure authentication for the control plane API
- Data plane proxy authentication - Require proxies to authenticate before receiving configuration
- Data plane proxy membership - Restrict which proxies can join specific meshes
- Certificates - Manage TLS certificates for control plane and data plane communication
Mesh configuration and multi-tenancy
Organize services and manage multiple teams:
- Mesh resource configuration - Configure mesh resources and multi-tenancy
- Using your mesh - Best practices for mesh usage in production
Operations and maintenance
Manage, monitor, and upgrade your deployment:
- Upgrade Kuma - Safely upgrade control and data planes
- Version-specific upgrade notes - Important changes and breaking updates per version
- Performance fine-tuning - Optimize control plane and proxy performance
- Kuma GUI - Web interface for managing and observing your mesh
- Inspect API - Debug proxy configuration and policy application
- Control plane configuration - Modify and inspect control plane settings
Tools and utilities
Essential command-line tools:
- kumactl CLI - Command-line interface for managing Kuma
- HTTP API reference - Complete HTTP API for programmatic access
Next steps
- Choose your topology: Start with deployment topologies to decide between single-zone and multi-zone
- Deploy control plane: Follow single-zone or multi-zone guides
- Configure data plane: Set up proxies for Kubernetes or Universal
- Secure your mesh: Enable authentication and access control