/kuma

🐻 The Universal Service Mesh

Primary LanguageGoApache License 2.0Apache-2.0

CircleCI License Twitter

Kuma is a universal open source control-plane for Service Mesh and Microservices that can run and be operated natively across both Kubernetes and VM environments, in order to be easily adopted by every team in the organization.

Built on top of Envoy, Kuma can instrument any L4/L7 traffic to secure, observe, route and enhance connectivity between any service or database. It can be used natively in Kubernetes via CRDs or via a RESTful API across other environments, and it doesn't require a change to your application's code in order to be used.

Built by Envoy contributors at Kong 🦍.

Need help? Installing and using Kuma should be as easy as possible. Contact and chat with the community in real-time if you get stuck or need clarifications. We are here to help.

Installation | Documentation | Slack Chat | Community | Blog | Kong

Summary

Why Kuma?

If you are building any software architecture, you will inevitably introduce services that will communicate with each other using requests on a network. Every time services interconnect via a network request the end-user experience at risk. As we all know the connectivity between different services can be slow and unpredictable. It can be insecure, hard to trace, and pose many other problems (e.g. routing, versioning, canary deployments).

Kuma's main goal is to reduce the code that has to be written and maintained to build reliable architectures. Therefore, Kuma embraces the sidecar proxy model by leveraging Envoy as its sidecar data-plane technology and by providing a Universal Control Plane that can run on both modern Kubernetes architectures and existing VM-based architectures in order to deliver business value across every team in the organization.

Features

  • Universal Control Plane: Easy to use, distributed, runs anywhere.
  • Lightweight Data Plane: To process any traffic, powered by Envoy.
  • Automatic: No code changes required in K8s, flexible on VMs.
  • Multi-Tenancy: To setup multiple isolated Service Meshes in one cluster and one Control Plane.
  • Network Security: Automatic mTLS encryption.
  • Traffic Segmentation: With flexible ACL rules.
  • Traffic Tracing: Automatic with Zipkin and Jaeger integrations.
  • Traffic Metrics: Automatic with Prometheus/Splunk/ELK integrations.
  • Proxy Configuration Templating: For advanced users, to configure low-level Envoy configuration.
  • Tagging Selectors: To apply sophisticated regional, cloud-specific and team-oriented policies.
  • Platform-Agnostic: Support for K8s, VMs, and bare metal.
  • Powerful APIM Ingress: Via Kong Gateway integration.

Distributions

Kuma is a platform-agnostic product that comes in many shapes. You can explore the available installation options at the official website.

You can use Kuma for modern greenfield applications built on containers as well as existing applications running on more traditional infrastructure. Kuma can be fully configured via CRDs (Custom Resource Definitions) on Kubernetes and via a RESTful HTTP API in other environments that can be easily integrated with CI/CD workflows.

Kuma also provides an easy to use kumactl CLI client for every environment.

Development

Kuma is under active development and production-ready.

See Developer Guide for further details.

Enterprise Demo

If you are implementing Kuma in a mission-critical environment, visit Request Demo and get in touch with Kong.

License

Copyright 2019 Kong Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.