You are browsing documentation for an older version.
See the latest documentation here.
Deploy a standalone control plane
In order to deploy Kong Mesh in a standalone deployment, the kuma-cp
control plane must be started in standalone
mode:
This is the standard installation method.
kumactl install control-plane \
--set "kuma.controlPlane.mode=standalone" \
| kubectl apply -f -
Before using Kong Mesh with helm, please follow these steps to configure your local helm repo.
helm install --create-namespace --namespace kong-mesh-system \
--set "kuma.controlPlane.mode=standalone" \
kong-mesh kong-mesh/kong-mesh
With zone egress:
It’s possible to run ZoneEgress
for standalone deployment. In order to deploy Kong Mesh with ZoneEgress
run the install command with an additional parameter.
kumactl install control-plane \
--set "kuma.controlPlane.mode=standalone" \
--set "kuma.egress.enabled=true" \
| kubectl apply -f -
Before using Kong Mesh with helm, please follow these steps to configure your local helm repo.
helm install --create-namespace --namespace kong-mesh-system \
--set "kuma.controlPlane.mode=standalone" \
--set "kuma.egress.enabled=true" \
kong-mesh kong-mesh/kong-mesh
When running the standalone control plane in Universal mode, a database must be used to persist state for production deployments.
Ensure that migrations have been run against the database prior to running the standalone control plane.
This is the standard installation method.
KUMA_STORE_TYPE=postgres \
KUMA_STORE_POSTGRES_HOST=<postgres-host> \
KUMA_STORE_POSTGRES_PORT=<postgres-port> \
KUMA_STORE_POSTGRES_USER=<postgres-user> \
KUMA_STORE_POSTGRES_PASSWORD=<postgres-password> \
KUMA_STORE_POSTGRES_DB_NAME=<postgres-db-name> \
kuma-cp run
With zone egress:
ZoneEgress
works for Universal deployment as well. In order to deploy ZoneEgress
for Universal deployment follow the instruction.
Once Kong Mesh is up and running, data plane proxies can now connect directly to it.
When the mode is not specified, Kong Mesh will always start in standalone
mode by default.
Optional: control plane authentication
Running administrative tasks (like generating a dataplane token) requires authentication by token or a connection via localhost when interacting with the control plane.
Localhost authentication
For kuma-cp
to recognize requests issued to docker published port it needs to run the container in the host network.
To do this, add --network="host"
parameter to the docker run
command.
Authenticate via token
You can also configure kumactl
to access kuma-dp
from the container.
Get the kuma-cp
container id:
docker ps # copy kuma-cp container id
export KUMA_CP_CONTAINER_ID='...'
Configure kumactl
:
TOKEN=$(bash -c "docker exec -it $KUMA_CP_CONTAINER_ID wget -q -O - http://localhost:5681/global-secrets/admin-user-token" | jq -r .data | base64 -d)
kumactl config control-planes add \
--name my-control-plane \
--address http://localhost:5681 \
--auth-type=tokens \
--auth-conf token=$TOKEN \
--skip-verify