You are browsing documentation for the next version of Kuma. Use this version at your own risk.
Deploy a single-zone control plane
In order to deploy Kuma in a single-zone deployment, the
kuma-cp control plane must be started in
This is the standard installation method.
With zone egress:
It’s possible to run
ZoneEgress for single-zone deployment. In order to deploy Kuma with
ZoneEgress run the install command with an additional parameter.
Once Kuma is up and running, data plane proxies can now connect directly to it.
When the mode is not specified, Kuma will always start in
zone mode by default.
Optional: control plane authentication
Running administrative tasks (like generating auth tokens) requires authentication by token or a connection via localhost when interacting with the control plane.
You can authenticate by port-forwarding API service and extracting admin user token.
kubectl port-forward svc/kuma-control-plane -n kuma-system 5681:5681
export ADMIN_TOKEN=$(kubectl get secrets -n kuma-system admin-user-token -ojson | jq -r .data.value | base64 -d)
kumactl config control-planes add \
--address http://localhost:5681 \
--headers "authorization=Bearer $ADMIN_TOKEN" \
--name "zone-cp" \
Moving to a multi-zone deployment
You can transform a single-zone deployment into a multi-zone deployment by doing federation.