Kubernetes

    To run Kuma on Kubernetes, you need to download a compatible version of Kuma for the machine where you will be executing the commands.

    Once downloaded, we can extract the content of the archive with:

    Note: On Kubernetes - of all the Kuma binaries in the folder - we only need kumactl.

      By executing this operation, a new kuma-system namespace will be created.

      On Kubernetes, we can start a simple service by executing the following command:

      Note that two things are happening in the YAML file:

      • We are including a kuma.io/sidecar-injection: enabled label in the Namespace to automatically inject Kuma sidecars into every Pod belonging to the namespace.
      • We are adding a kuma.io/mesh: default annotation to determine on what the service belongs.
      2. kind: Mesh
      3. metadata:
      4.   name: default
      5. spec:
      6.   mtls:
      7.     enabled: true
      8.       builtin: {}" | ./kubectl apply -f -

      With mTLS enabled, all traffic is restricted by default unless we specify a Traffic Permission policy that enables it again. For example, we can apply the following permissive policy to enable all traffic across every data-plane again:

      You can configure to point to any remote kuma-cp instance by running:

      1. $ ./kumactl config control-planes add --name=XYZ --address=http://address.to.kuma:5681

      You can now review the entities created by Kuma by using the CLI. For example you can list the Meshes and the Traffic Permissions:

      1. $ ./kumactl get dataplanes
      2. MESH      NAME        TAGS
      3. default   dp-echo-1   service=echo
      5. $ ./kumactl inspect dataplanes
      7. default   dp-echo-1   service=echo      Online   19s                  18s                2               0