README

CircleCI Go Report Card License Artifact HUB Slack Twitter

Kuma is a modern enterprise-ready control plane for service mesh and microservices, on every cloud, in a single or multi-zone capacity, across both Kubernetes and VMs. Thanks to this universality, combined with native support for Envoy as its data plane proxy technology (but with no Envoy expertise required), Kuma provides modern L4-L7 service connectivity, discovery, security, observability, routing and more across any service on any platform, databases included.

Originally created by Kong, Kuma is today CNCF (Cloud Native Computing Foundation) Sandbox project and therefore available with the same openness and neutrality as every other CNCF project. Kuma has been engineered to be both powerful yet simple to use, reducing the complexity of running a service mesh across every organization with very unique capabilities like multi-zone support, multi-mesh support, and a gradual and intuitive learning curve.

Kuma runs today across mission-critical production environments across a large variety of industries, including telecommunications, financial services, e-commerce, travel and technology organizations. Users that require enterprise-level support for Kuma can explore the enterprise offerings available.

Built by Envoy contributors at Kong 🦍.

Need help? In your journey with Kuma you can get in touch with the broader community via the official Slack chat.

Installation | Documentation | Community + Slack Chat | Blog

Summary

Why Kuma?

Built with enterprise use-cases in mind, Kuma is a universal service mesh that supports both Kubernetes and VMs deployments across single and multi-zone setups, with turnkey mesh policies to get up and running easily while supporting multi-tenancy and multi-mesh on the same control plane. Kuma is a CNCF Sandbox project.

Modern applications will inevitably make requests over a network to communicate to other services, like databases, caches or microservices. But - as we all know - the network is by default unreliable and unsecure, and can introduce significant challenges to any modern environment like security, tracing and routing among the others.

Kuma is a better way to build L4/L7 connectivity among your services and applications (Service Mesh) by reducing the code that application teams have to write, enabling to ship products faster and improve the reliability and security of the overall architecture with minimal effort.

Kuma embraces the sidecar proxy model by bundling Envoy as its sidecar data-plane technology and by providing a platform-agnostic Control Plane that can run on both modern Kubernetes and existing VM/Bare Metal architectures in order to deliver business value across every team in the organization with one comprehensive solution.

Kuma has been built with universality and scalability in mind. Kubernetes and VMs are both first class citizens, it supports multiple isolated meshes on one control plane and offers global/remote CPs deployments for both single and multi zone setups across different platforms, clouds and data-centers in order to tackle the most complex deployments. With built-in connectivity thanks to the automatic ingress mode and built-in discovery, Kuma abstracts away connectivity across the entire mesh.

Features

  • Universal Control Plane: Easy to use, distributed, runs anywhere on both Kubernetes and VM/Bare Metal.
  • Lightweight Data Plane: Powered by Envoy to process any L4/L7 traffic, with automatic Envoy bootstrapping.
  • Automatic DP Injection: No code changes required in K8s. Easy YAML specification for VM and Bare Metal deployments.
  • Multi-Mesh: To setup multiple isolated Meshes in one cluster and one Control Plane, lowering OPs cost.
  • Single and Multi Zone: To deploy a service mesh that is cross-platform, cross-cloud and cross-cluster.
  • Automatic Discovery & Ingress: With built-in service discovery and connectivity across single and multi-zones.
  • Global & Remote CPs: For scalability across deployments with multiple zones, including hybrid VMs + K8s meshes.
  • mTLS: Automatic mTLS issuing, identity and encryption with optional support for third-party CA.
  • TLS Rotation: Automatic certificate rotation for all the data planes, with configurable settings.
  • Internal & External Services: Aggregation of internal services and support for services outside the mesh.
  • Traffic Permissions: To firewall traffic between the services of a Mesh.
  • Traffic Routing: With dynamic load-balancing for blue/green, canary, versioning and rollback deployments.
  • Fault Injection: To harden our systems by injecting controlled artificial faults and observe the behavior.
  • Traffic Logs: To log all the activity to a third-party service, like Splunk or ELK.
  • Traffic Tracing: To observe the full trace of the service traffic and determine bottlenecks.
  • Traffic Metrics: For every Envoy dataplane managed by Kuma with native Prometheus/Grafana support.
  • Retries: To improve application reliability by automatically retrying requests.
  • Proxy Configuration Templating: The easiest way to run and configure Envoy with low-level configuration.
  • Gateway Support: To support any API Gateway or Ingress, like Kong Gateway.
  • Healthchecks: Both active and passive.
  • GUI: Out of the box browser GUI to explore all the Service Meshes configured in the system.
  • Tagging Selectors: To apply sophisticated regional, cloud-specific and team-oriented policies.
  • Platform-Agnostic: Support for Kubernetes, VMs, and bare metal. Including hybrid deployments.
  • Transparent Proxying: Out of the box transparent proxying on Kubernetes, VMs and any other platform.
  • Network Overlay: Create a configurable Mesh overlay across different Kubernetes clusters and namespaces.

Below you can find a snapshot of the GUI that ships with Kuma:

Distributions

Kuma is a platform-agnostic product that ships in different distributions. You can explore the available installation options at the official website.

You can use Kuma for modern greenfield applications built on containers as well as existing applications running on more traditional infrastructure. Kuma can be fully configured via CRDs (Custom Resource Definitions) on Kubernetes and via a RESTful HTTP API in other environments that can be easily integrated with CI/CD workflows.

Kuma also provides an easy to use kumactl CLI client for every environment, and an official GUI that can be accessed by the browser.

Development

Kuma is under active development and production-ready.

See Developer Guide for further details.

Enterprise Support

If you are implementing Kuma in a mission-critical environment and require enterprise support and features, please visit Enterprise to explore the available offerings.

License

Copyright 2021 the Kuma Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Expand ▾ Collapse ▴

Directories

Path Synopsis
app/kuma-cp
app/kuma-cp/cmd
app/kuma-dp
app/kuma-dp/cmd
app/kuma-dp/pkg/config
app/kuma-dp/pkg/dataplane/accesslogs
app/kuma-dp/pkg/dataplane/accesslogs/v2
app/kuma-dp/pkg/dataplane/accesslogs/v3
app/kuma-dp/pkg/dataplane/envoy
app/kuma-prometheus-sd
app/kuma-prometheus-sd/cmd
app/kuma-prometheus-sd/pkg/discovery/xds
app/kuma-prometheus-sd/pkg/util/go-kit/log
app/kuma-ui/pkg/resources
app/kumactl
app/kumactl/cmd
app/kumactl/cmd/apply
app/kumactl/cmd/completion
app/kumactl/cmd/config
app/kumactl/cmd/delete
app/kumactl/cmd/generate
app/kumactl/cmd/get
app/kumactl/cmd/inspect
app/kumactl/cmd/install
app/kumactl/cmd/uninstall
app/kumactl/pkg/cmd
app/kumactl/pkg/config
app/kumactl/pkg/errors
app/kumactl/pkg/install/data
app/kumactl/pkg/install/k8s
app/kumactl/pkg/install/k8s/control-plane
app/kumactl/pkg/install/k8s/logging
app/kumactl/pkg/install/k8s/metrics
app/kumactl/pkg/install/k8s/tracing
app/kumactl/pkg/output
app/kumactl/pkg/output/json
app/kumactl/pkg/output/printers
app/kumactl/pkg/output/table
app/kumactl/pkg/output/yaml
app/kumactl/pkg/resources
app/kumactl/pkg/tokens
pkg/api-server
pkg/api-server/authz
pkg/api-server/customization
pkg/api-server/definitions
pkg/api-server/types
pkg/catalog
pkg/clusterid
pkg/cmd
pkg/cmd/version
pkg/config
pkg/config/api-server
pkg/config/api-server/catalog
pkg/config/app/kuma-cp
pkg/config/app/kuma-dp
pkg/config/app/kuma-prometheus-sd
pkg/config/app/kumactl/v1alpha1
pkg/config/core
pkg/config/core/resources/store
pkg/config/diagnostics
pkg/config/dns-server
pkg/config/dp-server
pkg/config/gui-server
pkg/config/mads
pkg/config/multizone
pkg/config/plugins/resources/k8s
pkg/config/plugins/resources/postgres
pkg/config/plugins/runtime
pkg/config/plugins/runtime/k8s
pkg/config/plugins/runtime/universal
pkg/config/sds
pkg/config/types
pkg/config/xds
pkg/config/xds/bootstrap
pkg/core
pkg/core/bootstrap
pkg/core/ca
pkg/core/ca/issuer
pkg/core/config/manager
pkg/core/datasource
pkg/core/dns/lookup
pkg/core/faultinjections
pkg/core/logs
pkg/core/managers/apis/dataplane
pkg/core/managers/apis/dataplaneinsight
pkg/core/managers/apis/mesh
pkg/core/managers/apis/zone
pkg/core/managers/apis/zoneinsight
pkg/core/permissions
pkg/core/plugins
pkg/core/policy
pkg/core/resources/apis/mesh
pkg/core/resources/apis/system
pkg/core/resources/manager
pkg/core/resources/model
pkg/core/resources/model/rest
pkg/core/resources/registry
pkg/core/resources/store
pkg/core/rest/errors
pkg/core/rest/errors/types
pkg/core/runtime
pkg/core/runtime/component
pkg/core/runtime/reports
pkg/core/secrets/cipher
pkg/core/secrets/manager
pkg/core/secrets/store
pkg/core/validators
pkg/core/xds
pkg/core/xds/v2
pkg/core/xds/v3
pkg/defaults
pkg/defaults/mesh
pkg/diagnostics
pkg/dns
pkg/dns/resolver
pkg/dns/vips
pkg/dp-server
pkg/envoy/accesslog/v2 Package accesslog replicates access log format supported by Envoy.
pkg/envoy/accesslog/v3 Package accesslog replicates access log format supported by Envoy.
pkg/events
pkg/gc
pkg/hds
pkg/hds/authn
pkg/hds/cache
pkg/hds/callbacks
pkg/hds/metrics
pkg/hds/server
pkg/hds/tracker
pkg/insights
pkg/insights/test
pkg/kds Package kds provides support of Kuma Discovery Service, extension of xDS
pkg/kds/cache
pkg/kds/client
pkg/kds/global
pkg/kds/mux
pkg/kds/reconcile
pkg/kds/remote
pkg/kds/server
pkg/kds/store
pkg/kds/util
pkg/log
pkg/mads
pkg/mads/cache
pkg/mads/client
pkg/mads/generator
pkg/mads/reconcile
pkg/mads/server
pkg/metrics
pkg/metrics/components
pkg/metrics/store
pkg/plugins/bootstrap/k8s
pkg/plugins/bootstrap/k8s/cache Package cache provides object caches that act as caching client.Reader instances and help drive Kubernetes-object-based event handlers.
pkg/plugins/bootstrap/k8s/cache/internal
pkg/plugins/bootstrap/universal
pkg/plugins/ca/builtin
pkg/plugins/ca/builtin/config
pkg/plugins/ca/provided
pkg/plugins/ca/provided/config
pkg/plugins/common/k8s
pkg/plugins/common/postgres
pkg/plugins/config/k8s
pkg/plugins/config/universal
pkg/plugins/extensions/k8s
pkg/plugins/leader
pkg/plugins/leader/memory
pkg/plugins/leader/postgres
pkg/plugins/resources/k8s
pkg/plugins/resources/k8s/events
pkg/plugins/resources/memory
pkg/plugins/resources/postgres
pkg/plugins/resources/postgres/events
pkg/plugins/resources/postgres/migrations
pkg/plugins/resources/remote
pkg/plugins/runtime/k8s
pkg/plugins/runtime/k8s/apis/k8s.cni.cncf.io
pkg/plugins/runtime/k8s/apis/k8s.cni.cncf.io/v1
pkg/plugins/runtime/k8s/controllers
pkg/plugins/runtime/k8s/metadata
pkg/plugins/runtime/k8s/probes
pkg/plugins/runtime/k8s/util
pkg/plugins/runtime/k8s/webhooks
pkg/plugins/runtime/k8s/webhooks/injector
pkg/plugins/runtime/universal
pkg/plugins/runtime/universal/outbound
pkg/plugins/secrets/k8s
pkg/plugins/secrets/universal
pkg/sds/ca
pkg/sds/identity
pkg/sds/metrics
pkg/sds/server
pkg/sds/server/v2
pkg/sds/server/v3
pkg/test
pkg/test/apis/sample/v1alpha1
pkg/test/grpc
pkg/test/kds/samples
pkg/test/kds/setup
pkg/test/kds/verifier
pkg/test/logr
pkg/test/matchers
pkg/test/metrics
pkg/test/resources
pkg/test/resources/apis/sample
pkg/test/resources/model
pkg/test/runtime
pkg/test/store
pkg/test/vfsgen
pkg/tls
pkg/tokens/builtin
pkg/tokens/builtin/issuer
pkg/tokens/builtin/server
pkg/tokens/builtin/server/types
pkg/transparentproxy
pkg/transparentproxy/config
pkg/util/cache/v2
pkg/util/cache/v3
pkg/util/channels
pkg/util/envoy
pkg/util/error
pkg/util/files
pkg/util/http
pkg/util/k8s
pkg/util/net
pkg/util/os
pkg/util/prometheus
pkg/util/proto
pkg/util/template
pkg/util/test
pkg/util/watchdog
pkg/util/xds
pkg/util/xds/v2
pkg/util/xds/v3
pkg/util/yaml
pkg/version
pkg/xds/auth
pkg/xds/auth/components
pkg/xds/auth/k8s
pkg/xds/auth/universal
pkg/xds/bootstrap
pkg/xds/bootstrap/types
pkg/xds/cache/cla
pkg/xds/cache/mesh
pkg/xds/cache/once
pkg/xds/context
pkg/xds/envoy
pkg/xds/envoy/clusters
pkg/xds/envoy/clusters/v2
pkg/xds/envoy/clusters/v3
pkg/xds/envoy/endpoints
pkg/xds/envoy/endpoints/v2
pkg/xds/envoy/endpoints/v3
pkg/xds/envoy/listeners
pkg/xds/envoy/listeners/v2
pkg/xds/envoy/listeners/v3
pkg/xds/envoy/metadata/v2
pkg/xds/envoy/metadata/v3
pkg/xds/envoy/names
pkg/xds/envoy/routes
pkg/xds/envoy/routes/v2
pkg/xds/envoy/routes/v3
pkg/xds/envoy/secrets/v2
pkg/xds/envoy/secrets/v3
pkg/xds/envoy/tags
pkg/xds/envoy/tls
pkg/xds/envoy/tls/v2
pkg/xds/envoy/tls/v3
pkg/xds/generator
pkg/xds/generator/modifications
pkg/xds/generator/modifications/v2
pkg/xds/generator/modifications/v3
pkg/xds/ingress
pkg/xds/metrics
pkg/xds/server
pkg/xds/server/callbacks
pkg/xds/server/v2
pkg/xds/server/v3
pkg/xds/sync
pkg/xds/template
pkg/xds/topology
test/e2e
test/framework
test/framework/deployments/externalservice
test/framework/deployments/tracing
test/testenvconfig
MODULE api
MODULE pkg/plugins/resources/k8s/native
MODULE pkg/transparentproxy/istio