Kong Mesh

1.9.x

You are browsing documentation for an outdated version. See the latest documentation here.

Kong Mesh with Helm

To install and run Kong Mesh on Kubernetes using Helm:

Add the Kong Mesh Helm Repository
Run Kong Mesh
Verify the Installation

Finally, you can follow the Quickstart to take it from here and continue your Kong Mesh journey.

Prerequisites

You have a license for Kong Mesh.

1. Add the Kong Mesh Helm Repository

To start using Kong Mesh with Helm charts, first add the Kong Mesh charts repository to your local Helm deployment:

helm repo add kong-mesh https://kong.github.io/kong-mesh-charts

Once the repo is added, any following updates can be fetched with helm repo update.

2. Run Kong Mesh

Install and run Kong Mesh using the following commands. You can use any Kubernetes namespace to install Kong Mesh, but as a default, we suggest kong-mesh-system.

Upload the license secret to the cluster:
```
 kubectl create secret generic kong-mesh-license -n kong-mesh-system --from-file=/path/to/license.json
```
Where /path/to/license.json is the path to a valid Kong Mesh license file on the file system.

The filename should be license.json, unless otherwise specified in values.yaml.
Deploy the Kong Mesh Helm chart.

By default, the license option is disabled, so you need to enable it for the license to take effect. The easiest option is to override each field on the CLI. The only downside to this method is that you need to supply these values every time you run a helm upgrade, otherwise they will be reverted back to what the chart’s default values are for those fields, i.e. disabled.
```
 $ helm repo update
 $ helm upgrade -i --create-namespace -n kong-mesh-system kong-mesh kong-mesh/kong-mesh \
   --set 'kuma.controlPlane.secrets[0].Env="KMESH_LICENSE_INLINE"' \
   --set 'kuma.controlPlane.secrets[0].Secret="kong-mesh-license"' \
   --set 'kuma.controlPlane.secrets[0].Key="license.json"'
```
This example will run Kong Mesh in standalone mode for a flat deployment, but there are more advanced deployment modes like multi-zone.

You can see all possible parameters of the charts by running helm show values kong-mesh/kong-mesh. The Kong-Mesh chart has the Kuma chart as a helm dependency any value present in helm show values kuma/kuma is available by prepending it with: kuma.

For example, see the following values.yaml snippet:
```
 kuma:
   controlPlane:
     zone: "us-west"
     mode: "zone"
```
This will configure the control-plane as the zone “us-west” in zone mode.

3. Verify the Installation

Now that Kong Mesh (kuma-cp) has been installed in the newly created kong-mesh-system namespace, you can access the control plane using either the GUI, kubectl, the HTTP API, or the CLI:

GUI (Read-Only)

kubectl (Read & Write)

HTTP API (Read-Only)

kumactl (Read-Only)

Kong Mesh ships with a read-only GUI that you can use to retrieve Kong Mesh resources. By default, the GUI listens on the API port 5681.

To access Kong Mesh, port-forward the API service with:

kubectl port-forward svc/kong-mesh-control-plane -n kong-mesh-system 5681:5681

Now you can navigate to 127.0.0.1:5681/gui to see the GUI.

You can use Kong Mesh with kubectl to perform read and write operations on Kong Mesh resources. For example:

kubectl get meshes

NAME          AGE
default       1m

Or, you can enable mTLS on the default Mesh with:

echo "apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
  name: default
spec:
  mtls:
    enabledBackend: ca-1
    backends:
    - name: ca-1
      type: builtin" | kubectl apply -f -

Kong Mesh ships with a read-only HTTP API that you use to retrieve Kong Mesh resources. By default, the HTTP API listens on port 5681.

To access Kong Mesh, port-forward the API service with:

kubectl port-forward svc/kong-mesh-control-plane -n kong-mesh-system 5681:5681

Now you can navigate to 127.0.0.1:5681 to see the HTTP API.

You can use the kumactl CLI to perform read-only operations on Kong Mesh resources. The kumactl binary is a client to the Kong Mesh HTTP API. To use it, first port-forward the API service with:

kubectl port-forward svc/kong-mesh-control-plane -n kong-mesh-system 5681:5681

Then run kumactl. For example:

kumactl get meshes

NAME          mTLS      METRICS      LOGGING   TRACING
default       off       off          off       off

You can configure kumactl to point to any remote kuma-cp instance by running:

kumactl config control-planes add --name=XYZ --address=http://{address-to-kong-mesh}:5681

You will notice that Kong Mesh automatically creates a Mesh entity with the name default.

4. Quickstart

To start using Kong Mesh, see the quickstart guide for Kubernetes deployments.