Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
      Docs Contribution Guidelines
      Want to help out, or found an issue in the docs and want to let us know?
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Mesh
2.0.x
  • Home icon
  • Kong Mesh
  • Policies
  • Protocol support in Kong Mesh
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 2.4.x (latest)
  • 2.3.x
  • 2.2.x
  • 2.1.x
  • 2.0.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • 1.6.x
  • 1.5.x
  • 1.4.x
  • 1.3.x
  • 1.2.x
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • HTTP/2 support
  • TLS support
  • Websocket support
You are browsing documentation for an outdated version. See the latest documentation here.

Protocol support in Kong Mesh

At its core, Kong Mesh distinguishes between the following major categories of traffic: http, grpc, kafka and opaque tcp traffic.

For http, grpc and kafka traffic Kong Mesh provides deep insights down to application-level transactions, in the latter tcp case the observability is limited to connection-level statistics.

So, as a user of Kong Mesh, you’re highly encouraged to give it a hint whether your service supports http , grpc, kafka or not.

By doing this,

  • you will get richer metrics with Traffic Metrics policy
  • you will get richer logs with Traffic Log policy
  • you will be able to use Traffic Trace policy
Kubernetes
Kubernetes (deprecated)
Universal

On Kubernetes, to give Kong Mesh a hint that your service supports HTTP protocol, you need to add an appProtocol to the k8s Service object.

E.g.,

apiVersion: v1
kind: Service
metadata:
  name: web
  namespace: kuma-example
spec:
  selector:
    app: web
  ports:
  - port: 8080
    appProtocol: http # let Kong Mesh know that your service supports HTTP protocol

On Kubernetes, to give Kong Mesh a hint that your service supports HTTP protocol, you need to add a <port>.service.kuma.io/protocol annotation to the k8s Service object.

E.g.,

apiVersion: v1
kind: Service
metadata:
  name: web
  namespace: kuma-example
  annotations:
    8080.service.kuma.io/protocol: http # let Kong Mesh know that your service supports HTTP protocol
spec:
  selector:
    app: web
  ports:
  - port: 8080

On Universal, to give Kong Mesh a hint that your service supports the http protocol, you need to add a kuma.io/protocol tag to the inbound interface of your Dataplane.

E.g.,

type: Dataplane
mesh: default
name: web
networking:
  address: 192.168.0.1 
  inbound:
  - port: 80
    servicePort: 8080
    tags:
      kuma.io/service: web
      kuma.io/protocol: http # let Kong Mesh know that your service supports HTTP protocol

HTTP/2 support

Kong Mesh by default upgrades connection between Dataplanes to HTTP/2. If you want to enable HTTP/2 on connections between a dataplane and an application, use kuma.io/protocol: http2 tag.

TLS support

Whenever a service already initiates a TLS request to another service - and mutual TLS is enabled - Kong Mesh can enforce both TLS connections end-to-end as long as the service that is generating the TLS traffic is explicitly tagged with tcp protocol (ie: kuma.io/protocol: tcp).

Effectively kuma-dp will send the raw original TLS request as-is to the final destination, while in the meanwhile it will be enforcing its own TLS connection (if mutual TLS is enabled). Hence, the traffic must be marked as being tcp, so kuma-dp won’t try to parse it.

Note that in this case no advanced HTTP or GRPC statistics or logging are available. As a best practice - since Kong Mesh will already secure the traffic across services via the mutual TLS policy - we suggest disabling TLS in the original services in order to get L7 metrics and capabilities.

Websocket support

Kong Mesh out of the box support’s Websocket protocol. The service exposing Websocket should be marked as tcp.

As Websockets use pure TCP connections under the hood, your service have to be recognised by Kong Mesh as the TCP one. It’s also the default behavior for Kong Mesh to assume the service’s inbound interfaces are the TCP ones, so you don’t have to do anything, but if you want to be explicit, you can configure your services exposing Websocket endpoints with appProtocol property. I.e.:

Kubernetes
Universal
apiVersion: v1
kind: Service
metadata:
  name: websocket-server
  namespace: kuma-example
spec:
  selector:
    app: websocket-server
  ports:
  - port: 8080
    appProtocol: tcp
type: Dataplane
mesh: default
name: websocket-server
networking:
  address: 192.168.0.1 
  inbound:
  - port: 80
    servicePort: 8080
    tags:
      kuma.io/service: websocket-server
      kuma.io/protocol: tcp
Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023