You are browsing documentation for an older version. See the latest documentation here.
Kong Mesh
A modern control plane built on top of Envoy and focused on simplicity, security, and scalability
Demo: To see Kong Mesh in action, you can request a demo and we will get in touch with you.
Welcome to the official documentation for Kong Mesh!
Kong Mesh is an enterprise-grade service mesh that runs on both Kubernetes and VMs on any cloud. Built on top of CNCF’s Kuma and Envoy and focused on simplicity, Kong Mesh enables the microservices transformation with:
- Out-of-the-box service connectivity and discovery
- Zero-trust security
- Traffic reliability
- Global observability across all traffic, including cross-cluster deployments
Kong Mesh extends Kuma and Envoy with enterprise features and support, while providing native integration with Kong Gateway Enterprise for a full-stack connectivity platform for all of your services and APIs, across every cloud and environment.
Kuma itself was originally created by Kong and donated to CNCF to provide the first neutral Envoy-based service mesh to the industry. Kong still maintains and develops Kuma, which is the foundation for Kong Mesh.
Kong Mesh extends CNCF's Kuma and Envoy to provide an enterprise-grade service mesh with unique features in the service mesh landscape, while still relying on a neutral foundation.
Kong Mesh provides a unique combination of strengths and
features in the service mesh ecosystem, specifically designed for the enterprise
architect, including:
- Universal support for both Kubernetes and VM-based services.
- Single and Multi Zone deployments to support multi-cloud and multi-cluster environments with global/remote control plane modes, automatic Ingress connectivity, and service discovery.
- Multi-Mesh to create as many service meshes as we need, using one cluster with low operational costs.
- Easy to install and use and turnkey, by abstracting away all the complexity of running a service mesh with easy-to-use policies for managing services and traffic.
- Full-Stack Connectivity by natively integrating with Kong and Kong Gateway Enterprise for end-to-end connectivity that goes from the API gateway to the service mesh.
- Powered by Kuma and Envoy to provide a modern and reliable CNCF open source foundation for an enterprise service mesh.
When used in combination with Kong Gateway Enterprise, Kong Mesh provides a full stack connectivity platform for all of our L4-L7 connectivity, for both edge and internal API traffic.
Two different applications - "Banking" and "Trading" - run in their own meshes "A" and "B" across different data centers. In this example, Kong Gateway is being used both for edge communication, and for internal communication between meshes.
Why Kong Mesh?
Organizations are transitioning to distributed software architectures to support and accelerate innovation, gain digital revenue, and reduce costs. A successful transition to microservices requires many pieces to fall into place: that services are connected reliably with minimal latency, that they are protected with end-to-end security, that they are discoverable and fully observable. However, this presents challenges due to the need to write custom code for security and identity, a lack of granular telemetry, and insufficient traffic management capabilities, especially as the number of services grows.
Leading organizations are looking to service meshes to address these challenges in a scalable and standardized way. With a service mesh, you can:
- Ensure service connectivity, discovery, and traffic reliability: Apply out-of-box traffic management to intelligently route traffic across any platform and any cloud to meet expectations and SLAs.
- Achieve Zero-Trust Security: Restrict access by default, encrypt all traffic, and only complete transactions when identity is verified.
- Gain Global Traffic Observability: Gain a detailed understanding of your service behavior to increase application reliability and the efficiency of your teams.
Kong Mesh is the universal service mesh for enterprise organizations focused on simplicity and scalability with Kuma and Envoy. Kong’s service mesh is unique in that it allows you to:
-
Start, secure, and scale with ease:
- Deploy a turnkey service mesh with a single command.
- Group services by attributes to efficiently apply policies.
- Manage multiple service meshes as tenants of a single control plane to provide scale and reduce operational costs.
-
Run anywhere:
- Deploy the service mesh across any environment, including multi-cluster, multi-cloud, and multi-platform.
- Manage service meshes natively in Kubernetes using CRDs, or start with a service mesh in a VM environment and migrate to Kubernetes at your own pace.
-
Connect services end-to-end:
- Integrate into the Kong Gateway Enterprise platform for full stack connectivity, including Ingress and Egress traffic for your service mesh.
- Expose mesh services for internal or external consumption and manage the full lifecycle of APIs.
Thanks to the underlying Kuma runtime, with Kong Mesh, you can easily support multiple clusters, clouds, and architectures using the multi-zone capability that ships out of the box. This — combined with multi-mesh support — lets you create a service mesh powered by an Envoy proxy for the entire organization in just a few steps. You can do this for both simple and distributed deployments, including multi-cloud, multi-cluster, and hybrid Kubernetes/VMs:
Kong Mesh can support multiple zones (like a Kubernetes cluster, VPC, data center, etc.) together in the same distributed deployment. Then, you can create multiple isolated virtual meshes with the same control plane in order to support every team and application in the organization.
Learn more about the
standalone and multi-zone deployment modes in the Kuma documentation.