Careful!
You are browsing documentation for a version of Kuma that is not the latest release.
Kuma in Production
Production deployment of Kuma involves choosing the right topology, deploying control and data planes, and configuring security and operational features. This section guides you through all aspects of running Kuma in production.
Deployment topologies
Choose the deployment model that fits your infrastructure:
- Deployment overview - Understand deployment modes and when to use each
- Single-zone deployment - Deploy Kuma in a single Kubernetes cluster or data center
- Multi-zone deployment - Connect multiple zones across regions, clouds, or data centers
Common scenarios:
| Scenario | Recommended topology |
|---|---|
| Single Kubernetes cluster or VPC | Single-zone |
| Multiple regions, clouds, or data centers | Multi-zone |
| Hybrid Kubernetes and VMs | Multi-zone |
| Cloud migration (on-premise to cloud) | Multi-zone |
Control plane deployment
Deploy and configure the Kuma control plane:
- Single-zone control plane - Deploy control plane for a single zone
- Multi-zone global control plane - Deploy global and zone control planes for multi-zone setup
- Zone Ingress - Configure cross-zone service communication
- Zone Egress - Route external traffic through dedicated egress proxies
- Zone proxy authentication - Secure zone proxy connections to the global control plane
- Kubernetes deployment - Kubernetes-specific control plane configuration
- systemd deployment - Run control plane as a system daemon on Universal
- Control plane configuration reference - Complete configuration options for kuma-cp
Data plane configuration
Configure data plane proxies for Kubernetes and Universal:
- Data plane proxy overview - Understand how data plane proxies work
- Kubernetes data plane - Configure proxies with sidecar injection on Kubernetes
- Universal data plane - Configure proxies on VMs or bare metal
- Transparent proxying - Enable automatic traffic interception without code changes
- Kuma CNI - Use CNI plugin for network configuration on Kubernetes
- IPv6 support - Configure IPv6 networking
Secure your deployment
Protect your mesh with authentication, authorization, and encryption:
- Secrets management - Store and manage sensitive data like certificates and keys
- API access control - Control administrative access to the Kuma API
- API server authentication - Configure authentication for the control plane API
- Data plane proxy authentication - Require proxies to authenticate before receiving configuration
- Data plane proxy membership - Restrict which proxies can join specific meshes
- Certificates - Manage TLS certificates for control plane and data plane communication
Mesh configuration and multi-tenancy
Organize services and manage multiple teams:
- Mesh resource configuration - Configure mesh resources and multi-tenancy
- Using your mesh - Best practices for mesh usage in production
Operations and maintenance
Manage, monitor, and upgrade your deployment:
- Upgrade Kuma - Safely upgrade control and data planes
- Version-specific upgrade notes - Important changes and breaking updates per version
- Performance fine-tuning - Optimize control plane and proxy performance
- Kuma GUI - Web interface for managing and observing your mesh
- Inspect API - Debug proxy configuration and policy application
- Control plane configuration - Modify and inspect control plane settings
Tools and utilities
Essential command-line tools:
- kumactl CLI - Command-line interface for managing Kuma
- HTTP API reference - Complete HTTP API for programmatic access
Next steps
- Choose your topology: Start with deployment topologies to decide between single-zone and multi-zone
- Deploy control plane: Follow single-zone or multi-zone guides
- Configure data plane: Set up proxies for Kubernetes or Universal
- Secure your mesh: Enable authentication and access control