Configure a built-in gateway

The built-in gateway is configured using a combination of MeshGateway, MeshHTTPRoute and MeshTCPRoute, and served by Envoy instances represented by Dataplanes configured as built-in gateways. Kuma policies are then used to configure built-in gateways.

New to Kuma? Checkout our guide to get quickly started with builtin gateways!

Deploying gateways

The process for deploying built-in gateways is different depending on whether you’re running in Kubernetes or Universal mode.

For managing gateway instances on Kubernetes, Kuma provides a MeshGatewayInstance CRD.

This resource launches kuma-dp in your cluster. If you are running a multi-zone Kuma, MeshGatewayInstance needs to be created in a specific zone, not the global cluster. See the dedicated section for using built-in gateways on multi-zone.

This resource manages a Kubernetes Deployment and Service suitable for providing service capacity for the MeshGateway.

Heads up! In previous versions of Kuma, setting the tag directly within a MeshGatewayInstance resource was used to identify the service. However, this practice is deprecated and no longer recommended for security reasons since Kuma version 2.7.0.

We’ve automatically switched to generating the service name for you based on your MeshGatewayInstance resource name and namespace (format: {name}_{namespace}_svc).

kind: MeshGatewayInstance
  name: edge-gateway
  namespace: default
  replicas: 1
  serviceType: LoadBalancer

See the MeshGatewayInstance docs for more options.

Kuma gateways are configured with the Envoy best practices for edge proxies.


The Kuma Gateway resource types, MeshGateway, MeshHTTPRoute and MeshTCPRoute, are synced across zones by the Kuma control plane. If you have a multi-zone deployment, follow existing Kuma practice and create any Kuma Gateway resources in the global control plane. Once these resources exist, you can provision serving capacity in the zones where it is needed by deploying built-in gateway Dataplanes (in Universal zones) or MeshGatewayInstances (Kubernetes zones).

See the multi-zone docs for a refresher.