Kuma Star

Careful!

You are browsing documentation for the next version of Kuma. Use this version at your own risk.

Dataplane

The Dataplane resource defines the configuration of a data plane proxy (also called a sidecar). A data plane proxy runs next to each workload and handles all inbound and outbound traffic for that workload.

On Kubernetes, Kuma automatically generates Dataplane resources when pods are injected with the sidecar. On Universal, you must manually create Dataplane resources to register workloads with the mesh.

Each Dataplane belongs to exactly one mesh.

Examples

Basic Dataplane with single inbound (Universal)

type: Dataplane
mesh: default
name: web-01
networking:
  address: 192.168.0.1
  inbound:
    - port: 8080
      servicePort: 8080
      tags:
        kuma.io/service: web
        kuma.io/protocol: http
        version: v1

Dataplane with multiple inbounds (Universal)

When a workload exposes multiple ports:

type: Dataplane
mesh: default
name: backend-01
networking:
  address: 192.168.0.2
  inbound:
    - port: 8080
      servicePort: 8080
      tags:
        kuma.io/service: backend-http
        kuma.io/protocol: http
    - port: 9090
      servicePort: 9090
      tags:
        kuma.io/service: backend-grpc
        kuma.io/protocol: grpc

Dataplane with outbounds (Universal, without transparent proxying)

type: Dataplane
mesh: default
name: web-01
networking:
  address: 192.168.0.1
  inbound:
    - port: 8080
      servicePort: 8080
      tags:
        kuma.io/service: web
        kuma.io/protocol: http
  outbound:
    - port: 10001
      tags:
        kuma.io/service: backend
    - port: 10002
      tags:
        kuma.io/service: database

Dataplane with transparent proxying (Universal)

type: Dataplane
mesh: default
name: web-01
networking:
  address: 192.168.0.1
  inbound:
    - port: 8080
      servicePort: 8080
      tags:
        kuma.io/service: web
        kuma.io/protocol: http
  transparentProxying:
    redirectPortInbound: 15006
    redirectPortOutbound: 15001
    reachableServices:
      - backend
      - database

Dataplane with service probes (Universal)

type: Dataplane
mesh: default
name: web-01
networking:
  address: 192.168.0.1
  inbound:
    - port: 8080
      servicePort: 8080
      tags:
        kuma.io/service: web
        kuma.io/protocol: http
      serviceProbe:
        interval: 10s
        timeout: 2s
        unhealthyThreshold: 3
        healthyThreshold: 1
        tcp: {}

Dataplane with advertised address (Universal)

For proxies in private networks (like Docker):

type: Dataplane
mesh: default
name: web-01
networking:
  address: 172.17.0.2
  advertisedAddress: 10.0.0.1
  inbound:
    - port: 8080
      servicePort: 8080
      tags:
        kuma.io/service: web
        kuma.io/protocol: http

Delegated gateway Dataplane

type: Dataplane
mesh: default
name: kong-gateway
networking:
  address: 192.168.0.10
  gateway:
    type: DELEGATED
    tags:
      kuma.io/service: kong-gateway

Builtin gateway Dataplane

type: Dataplane
mesh: default
name: edge-gateway
networking:
  address: 192.168.0.10
  gateway:
    type: BUILTIN
    tags:
      kuma.io/service: edge-gateway

See also

All options

metrics object → MetricsBackend
MetricsBackend defines metric backends
conf object
Configuration of the backend
name string
Name of the backend, can be then used in Mesh.metrics.enabledBackend
type string
Type of the backend (Kuma ships with 'prometheus')
networking object → Networking
Networking describes inbound and outbound interfaces of a data plane proxy.
address string
IP on which the data plane proxy is accessible to the control plane and other data plane proxies in ...
port integer
Port on which Envoy Admin API server will be listening
advertisedAddress string
In some situations, a data plane proxy resides in a private network (e.g. Docker) and is not reachab...
Gateway describes a service that ingress should not be proxied.
tags object
Tags associated with a gateway of this data plane to, e.g. `kuma.io/service=gateway`, `env=prod`. `k...
type enum
Values: DELEGATED | BUILTIN
Inbound describes a list of inbound interfaces of the data plane proxy. Inbound describes a service ...
address string
Address on which inbound listener will be exposed. Defaults to `networking.address`.
Health describes the status of an inbound
ready boolean
Ready indicates if the data plane proxy is ready to serve the traffic.
name string
Name adds another way of referencing this port, usable with MeshService
port integer
Port of the inbound interface that will forward requests to the service. When transparent proxying i...
serviceAddress string
Address of the service that requests will be forwarded to. Defaults to 'inbound.address', since Kuma...
servicePort integer
Port of the service that requests will be forwarded to. Defaults to the same value as `port`.
ServiceProbe defines parameters for probing service's port
healthy_threshold integer
Number of consecutive healthy checks before considering a host healthy.
interval string
Interval between consecutive health checks.
tcp object → Tcp
timeout string
Maximum time to wait for a health check response.
unhealthy_threshold integer
Number of consecutive unhealthy checks before considering a host unhealthy.
state enum
Values: Ready | NotReady | Ignored
tags object
Tags associated with an application this data plane proxy is deployed next to, e.g. `kuma.io/service...
Outbound describes a list of services consumed by the data plane proxy. For every defined Outbound, ...
address string
IP on which the consumed service will be available to this data plane proxy. On Kubernetes, it's usu...
kind string
Kind is a type of the object to target. Allowed: MeshService
labels object
Labels to select a single object. If no object is selected then outbound is not created. If multiple...
name string
Name of the targeted object
port integer
Port of the targeted object. Required when kind is MeshService.
port integer
Port on which the consumed service will be available to this data plane proxy. When transparent prox...
tags object
Tags of consumed data plane proxies. `kuma.io/service` tag is required. These tags can then be refer...
TransparentProxying describes configuration for transparent proxying.
direct_access_services array
List of services that will be accessed directly via IP:PORT Use `*` to indicate direct access to eve...
ip_family_mode enum
Values: UnSpecified | DualStack | IPv4 | IPv6
kind string
Type of the backend: MeshService or MeshExternalService +required
labels object
Labels used to select backends
name string
Name of the backend.
namespace string
Namespace of the backend. Might be empty
port integer
Port of the backend.
reachable_services array
List of reachable services (represented by the value of `kuma.io/service`) via transparent proxying....
redirect_port_inbound integer
Port on which all inbound traffic is being transparently redirected.
redirect_port_outbound integer
Port on which all outbound traffic is being transparently redirected.
probes object → Probes
List of endpoints to expose without mTLS.
inbound_path string
Inbound path is a path of the application from which we expose the endpoint. It is recommended to be...
inbound_port integer
Inbound port is a port of the application from which we expose the endpoint.
path string
Path is a path on which we expose inbound path on the probes port.
port integer
Port on which the probe endpoints will be exposed. This cannot overlap with any other ports.