Ubuntu

    To install and run Kuma on Ubuntu (amd64) execute the following steps:

    You can download Kuma from here or by running:

    You can extract the archive and check the contents of the folder by running:

    1. $ tar xvzf kuma-0.3.2-ubuntu-amd64.tar.gz
    2. $ cd bin/ && ls
    3. envoy   kuma-dp   kuma-tcp-echo   kuma-cp   kuma-prometheus-sd   kumactl

    As you can see Kuma already ships with an executable ready to use.

    To run Kuma execute:

    1. $ ./kuma-cp run

    By default this will run Kuma with a memory backend, but you can change this to use PostgreSQL by updating the conf/kuma-cp.conf file.

    Before starting the sidecar proxy data-plane, the service should already be running. For demo purposes, we can start a sample TCP server that comes bundled with Kuma and that echoes back the requests we are sending to it:

    1. $ ./kuma-tcp-echo -port 9000

    You can then consume the service by making requests to 127.0.0.1:9000, like: curl http://127.0.0.1:9000/ or nc 127.0.0.1 9000

    We now have our control-plane and services running. For each service we can now provision a that configures the inbound and outbound networking configuration:

    Next, generate a data-plane token that is used by the control-plane to verify identity of the data-plane:

    1. $ ./kumactl generate dataplane-token --dataplane=dp-echo-1 > /tmp/kuma-dp-echo-1
    1. $ ./kuma-dp run \
    2.   --mesh=default \
    3.   --cp-address=http://127.0.0.1:5681 \
    4.   --dataplane-token-file=/tmp/kuma-dp-echo-1

    You can now consume the service on port 10000, which will be internally redirected to the service on port 9000:

    1. $ curl http://127.0.0.1:10000
    2. GET / HTTP/1.1
    3. Host: 127.0.0.1:10000
    4. User-Agent: curl/7.54.0
    5. Accept: */*

    Now you can start applying Policies to your default Service Mesh, like Mutual TLS:

    With mTLS enabled, all traffic is restricted by default unless we specify a policy that enables it again. For example, we can apply the following permissive policy to enable all traffic across every data-plane again:

    1. $ echo "type: TrafficPermission
    2. name: enable-all-traffic
    3. mesh: default
    5.       service: '*'
    6. destinations:
    7.   - match:
    8.       service: '*'" | ./kumactl apply -f -

    You can configure kumactl to point to any remote kuma-cp instance by running:

    1. $ ./kumactl config control-planes add --name=XYZ --address=http://address.to.kuma:5681

    If you consume the service again on port 10000, you will now notice that the communication requires now a TLS connection.

    1. $ ./kumactl get meshes
    2. NAME      mTLS   CA        METRICS
    3. default   on     builtin   off
    5. $ ./kumactl get traffic-permissions

    and you can list the data-planes that have been registered, and their status: