我的书签
添加书签
移除书签Overview
The first step is obviously to download and install Kuma on the platform of your choice. Different distributions will present different installation instructions that follow the best practices for the platform you have selected.
Regardless of what platform you decide to use, the fundamental behavior of Kuma at runtime will not change across different distributions. These fundamentals are important to explore in order to understand what Kuma is and how it works.
Installing Kuma on Kubernetes is fully automated, while installing Kuma on Linux requires the user to run the Kuma executables. Both ways are very simple, and can be explored from the .
There are two main components of Kuma that are very important to understand:
- Data-Plane: Kuma also bundles a data-plane implementation based on top of Envoy for convenience, in order to get up and running quickly. An instance of the data-plane will run alongside every instance of our services, and it will process both incoming and outgoing requests for the service.
Multi-Mesh: Kuma ships with multi-tenancy support since day one. This means you can create and configure multiple isolated Service Meshes from one control-plane. By doing so we lower the complexity and the operational cost of supporting multiple meshes. .
Since Kuma bundles a data-plane in addition to the control-plane, we decided to call the executables and kuma-dp to differentiate them. Let’s take a look at all the executables that ship with Kuma:
kuma-cp: this is the main Kuma executable that runs the control plane (CP).kuma-dp: this is the Kuma data-plane executable that - under the hood - invokesenvoy.envoy: this is the Envoy executable that we bundle for convenience into the archive.kuma-prometheus-sd: this is a helper tool that enables native integration betweenKumaand . Thanks to it,Prometheuswill be able to automatically find all dataplanes in your Mesh and scrape metrics out of them.kuma-tcp-echo: this is a sample application that echos back the requests we are making, used for demo purposes.
In addition to these binaries, there is another binary that will be executed when running on Kubernetes:
kuma-injector: only for Kubernetes, this is a process that listens to events propagated by Kubernetes, and that automatically injects akuma-dpsidecar container to our services.
universal: when it’s being installed on a Linux compatible machine like MacOS, Virtual Machine or Bare Metal. This also includes those instances where Kuma is being installed on a Linux base machine (ie, a Docker image).
When running in Universal mode, Kuma will require a PostgreSQL database to store its state. The PostgreSQL database and schema will have to be initialized accordingly to the installation instructions.
Unlike kubernetes mode, Kuma won’t require the executable to run:
When running on Kubernetes, Kuma will store all of its state and configuration on the underlying Kubernetes API Server, therefore requiring no dependency to store the data. But it requires the kuma-injector executable to run in a Pod (only one instance per Kubernetes cluster) so that it can automatically inject kuma-dp on any Pod that belongs to a Namespace that includes the following label:
When following the installation instructions, kuma-injector will be automatically started.
When deploying Kuma on Kubernetes, you must ensure that every Pod is part of at least one matching Service. For example, in Kuma’s demo application, the has the following matchLabels:
Full CRD support: When using Kuma in Kubernetes mode you can create Policies with Kuma’s CRDs applied via kubectl.
Once the process is started, it waits for to connect, while at the same time accepting user-defined configuration to start creating Service Meshes and configuring the behavior of those meshes via Kuma Policies.
When we look at a typical Kuma installation, at a higher level it works like this:
When we unpack the underlying behavior, it looks like this:
xDS APIs: Kuma implements the APIs of Envoy in the kuma-cp application so that the Envoy DPs can connect to it and retrieve their configuration.
