Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 2.1.x (latest)
  • 2.0.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • 1.6.x
  • 1.5.x
  • 1.4.x
  • 1.3.x
  • 1.2.x
  • 1.1.x
  • 1.0.x
    • Introduction to Kong Mesh
    • What is Service Mesh?
    • How Kong Mesh works
    • Deployments
    • Version support policy
    • Stability
    • Release notes
    • Installation Options
    • Kubernetes
    • Helm
    • OpenShift
    • Docker
    • Amazon ECS
    • Amazon Linux
    • Red Hat
    • CentOS
    • Debian
    • Ubuntu
    • macOS
    • Windows
    • Explore Kong Mesh with the Kubernetes demo app
    • Explore Kong Mesh with the Universal demo app
    • Standalone deployment
    • Multi-zone deployment
    • License
    • Overview
    • Data plane proxy
    • Data plane on Kubernetes
    • Data plane on Universal
    • Gateway
    • Zone Ingress
    • Zone Egress
    • CLI
    • GUI
    • Observability
    • Inspect API
    • Kubernetes Gateway API
    • Networking
    • Service Discovery
    • DNS
    • Kong Mesh CNI
    • Transparent Proxying
    • IPv6 support
    • Secure access across Kong Mesh components
    • Secrets
    • Kong Mesh API Access Control
    • API server authentication
    • Data plane proxy authentication
    • Zone proxy authentication
    • Data plane proxy membership
    • Dataplane Health
    • Fine-tuning
    • Control Plane Configuration
    • Upgrades
    • Requirements
    • Introduction
    • General notes about Kong Mesh policies
    • Applying Policies
    • How Kong Mesh chooses the right policy to apply
    • Understanding TargetRef policies
    • Protocol support in Kong Mesh
    • Mesh
    • Mutual TLS
    • Traffic Permissions
    • Traffic Route
    • Traffic Metrics
    • Traffic Trace
    • Traffic Log
    • Locality-aware Load Balancing
    • Fault Injection
    • Health Check
    • Circuit Breaker
    • Proxy Template
    • External Service
    • Retry
    • Timeout
    • Rate Limit
    • Virtual Outbound
    • MeshGateway
    • MeshGatewayRoute
    • Service Health Probes
    • MeshTrace (Beta)
    • MeshAccessLog (Beta)
    • MeshTrafficPermission (Beta)
    • Overview
    • HashiCorp Vault CA
    • Amazon ACM Private CA
    • cert-manager Private CA
    • OPA policy support
    • Multi-zone authentication
    • FIPS support
    • Certificate Authority rotation
    • Role-Based Access Control
    • UBI Images
    • Windows Support
    • Auditing
    • HTTP API
    • Annotations and labels in Kubernetes mode
    • Kong Mesh data collection
      • Mesh
      • CircuitBreaker
      • ExternalService
      • FaultInjection
      • HealthCheck
      • MeshGateway
      • MeshGatewayRoute
      • ProxyTemplate
      • RateLimit
      • Retry
      • Timeout
      • TrafficLog
      • TrafficPermission
      • TrafficRoute
      • TrafficTrace
      • VirtualOutbound
      • Dataplane
      • ZoneEgress
      • ZoneIngress
      • kuma-cp
      • kuma-dp
      • kumactl
    • Kuma-cp configuration reference

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Prerequisites
  • 1. Download Kong Mesh
  • 2. Run Kong Mesh
  • 3. Verify the Installation
  • 4. Quickstart
Kong Mesh
2.0.x
  • Home
  • Kong Mesh
  • Installation
  • Kong Mesh with Debian
You are browsing documentation for an outdated version. See the latest documentation here.

Kong Mesh with Debian

To install and run Kong Mesh on Debian (amd64):

  1. Download Kong Mesh
  2. Run Kong Mesh
  3. Verify the Installation

Finally, you can follow the Quickstart to take it from here and continue your Kong Mesh journey.

Prerequisites

You have a license for Kong Mesh.

1. Download Kong Mesh

Script
Manually

Run the following script to automatically detect the operating system and download Kong Mesh:

curl -L https://docs.konghq.com/mesh/installer.sh | VERSION=2.0.3 sh -

You can also download the distribution manually.

Then, extract the archive with:

tar xvzf kong-mesh-2.0.3*.tar.gz

2. Run Kong Mesh

Once downloaded, you will find the contents of Kong Mesh in the kong-mesh-2.0.x folder. In this folder, you will find — among other files — the bin directory that stores all the executables for Kong Mesh.

Navigate to the bin folder:

cd kong-mesh-/bin

Then, run the control plane with:

KMESH_LICENSE_PATH=/path/to/file/license.json kuma-cp run

Where /path/to/file/license.json is the path to a valid Kong Mesh license file on the file system.

This example will run Kong Mesh in standalone mode for a flat deployment, but there are more advanced deployment modes like multi-zone.

We suggest adding the kumactl executable to your PATH so that it’s always available in every working directory. Alternatively, you can also create a link in /usr/local/bin/ by executing:

ln -s ./kumactl /usr/local/bin/kumactl

This runs Kong Mesh with a memory backend, but you can use a persistent storage like PostgreSQL by updating the conf/kuma-cp.conf file.

3. Verify the Installation

Now that Kong Mesh has been installed, you can access the control plane using either the GUI, the HTTP API, or the CLI:

GUI (Read-Only)
HTTP API (Read & Write)
kumactl (Read & Write)

Kong Mesh ships with a read-only GUI that you can use to retrieve Kong Mesh resources. By default, the GUI listens on the API port 5681.

To access Kong Mesh, navigate to 127.0.0.1:5681/gui to see the GUI.

Kong Mesh ships with a read and write HTTP API that you can use to perform operations on Kong Mesh resources. By default, the HTTP API listens on port 5681.

To access Kong Mesh, navigate to 127.0.0.1:5681 to see the HTTP API.

You can use the kumactl CLI to perform read and write operations on Kong Mesh resources. The kumactl binary is a client to the Kong Mesh HTTP API. For example:

$ kumactl get meshes
NAME          mTLS      METRICS      LOGGING   TRACING
default       off       off          off       off

Or, you can enable mTLS on the default Mesh with:

$ echo "type: Mesh
  name: default
  mtls:
    enabledBackend: ca-1
    backends:
    - name: ca-1
      type: builtin" | kumactl apply -f -

You can configure kumactl to point to any remote kuma-cp instance by running:

$ kumactl config control-planes add \
--name=XYZ \
--address=http://{address-to-mesh}:5681

You will notice that Kong Mesh automatically creates a Mesh entity with the name default.

4. Quickstart

To start using Kong Mesh, see the quickstart guide for Universal deployments.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023