All Mesh Documentation

  • Kong Mesh

    Learn how Kong Mesh works and how to configure it.

  • About service meshes

    Overview of service mesh concepts and how Kong Mesh simplifies secure and reliable service-to-service communication using sidecar proxies and a Control Plane.

  • Mesh policies

    Bundled features for your service traffic and network configuration.

  • Mesh release notes

    Release notes for supported Kong Mesh versions.

  • Enterprise features

    Explore the features included with Kong Mesh Enterprise, including mTLS backends, RBAC, FIPS support, and signed container images.

  • Kong Mesh quickstart

    Run an instance of Kong Mesh in Universal mode with one command.

  • Requirements

    Learn about the requirements for running Kong Mesh, including supported platforms, sizing guidelines, and Kubernetes setup.

  • Deploy Kong Mesh on Universal

    Guide to deploying Kong Mesh in Universal mode using Docker containers. Walks through installing the Control Plane, adding demo services, enabling mTLS, and configuring gateways.

  • Deploy Kong Mesh on Kubernetes

    Step-by-step guide to deploy Kong Mesh on Kubernetes using Helm and Minikube. Includes demo app setup, GUI exploration, and enabling mTLS for zero-trust security.

  • Kong Mesh on Amazon ECS

    Learn how to deploy Kong Mesh on Amazon ECS with IAM-based authentication and Universal mode support for Fargate and EC2.

  • Get started with Red Hat OpenShift and Kong Mesh

    This guide explains how to get started on Kong Mesh with Red Hat OpenShift, including installation, sidecar setup, and running a demo app.

  • Red Hat Universal Base Images

    Use Red Hat Universal Base Images (UBI) for running Kong Mesh components, available alongside standard Alpine-based images.

  • Deploy Kong Mesh using Terraform and Konnect

    Learn how to provision a Global Control Plane, Mesh, and Kubernetes zone for Kong Mesh using Terraform and Konnect.

  • Konnect Kong Mesh deployment to Terraform

    This guide explains how to import an existing Konnect Kong Mesh deployment into Terraform.

  • Mesh Manager

    Manage service meshes and Control Planes in Konnect.

  • Concepts

    Understand the core concepts of Kong Mesh, including the Control Plane, Data Plane proxies, inbounds and outbounds, and resources like policies.

  • Architecture

    Understand the architecture of a Kong Mesh mesh, including control and Data Plane components, Kubernetes and Universal modes, and how services integrate into the mesh.

  • How ingress works

    Overview of how ingress (north/south) traffic flows through delegated and built-in gateways in Kong Mesh, with visuals and key differences.

  • Service discovery

    Explains how Kong Mesh handles service discovery and communication between Data Plane and Control Plane in single-zone and multi-zone deployments.

  • Configuring your Mesh and multi-tenancy

    Learn how to create and configure isolated service meshes using the Mesh resource in Kong Mesh, supporting multi-tenancy and gradual adoption.

  • Single-zone deployment

    Run Kong Mesh in a single zone with a standalone Control Plane and interconnected Data Plane proxies.

  • Multi-zone deployment

    Group equivalent MeshServices across zones and expose a unified, zone-agnostic service with global failover capabilities.

  • Kong Mesh user interface (GUI)

    Visual overview of your meshes, Data Planes, and policies using the Kong Mesh web-based GUI.

  • Kubernetes annotations and labels

    Reference for all Kubernetes annotations and labels available in Kong Mesh, including sidecar injection, mesh association, transparent proxy settings, and metrics configuration.

  • Data plane proxy

    Explanation of the components, behavior, and configuration of Data Plane proxies in Kong Mesh.

  • Data plane on Kubernetes

    How to configure and operate Data Plane proxies on Kubernetes using Kong Mesh.

  • Data plane on Universal

    How to run and configure Data Plane proxies on Universal mode with Kong Mesh.

  • Kong Mesh license

    Understand how licensing works in Kong Mesh, including limits, behaviors, and how to apply a license in both Kubernetes and Universal modes.

  • Deploy Kong Mesh in production with Helm

    Deploy a production-grade Kong Mesh installation on Kubernetes using Helm charts for single zone, multi-zone, or federated environments.

  • Policies

    Learn how policies in Kong Mesh configure Data Plane proxies by defining rules for traffic behavior, proxy targeting, and merging strategies. This reference covers `targetRef`, directional policies, producer/consumer scopes, and shadow mode simulation.

  • Producer and Consumer policies

    Understand how producer and consumer policies work in to control traffic at the namespace level. This guide walks through setup, roles, and overrides using real examples with MeshService and MeshTimeout.

  • External Service

    The ExternalService policy allows services running inside the mesh to consume services that are not part of the mesh.

  • Mesh Health Check

    This policy will look for errors in the live traffic being exchanged between our data plane proxies. It will mark a data

  • Mesh Timeout

    Connection timeout specifies the amount of time DP will wait for a TCP connection to be established.

  • MeshAccessLog

    With the MeshAccessLog policy you can easily set up access logs on every data plane proxy in a mesh.

  • MeshCircuitBreaker

    This policy will look for errors in the live traffic being exchanged between our data plane proxies. It will mark a data

  • MeshFaultInjection

    With the MeshFaultInjection policy you can easily test your microservices against resiliency.

  • MeshGlobalRateLimit Policy

    This policy adds global rate limit support for Kong Mesh.

  • MeshHttpRoute

    The `MeshHTTPRoute` policy allows altering and redirecting HTTP requests depending on where the request is coming from and where it's going to.

  • MeshLoadBalancingStrategy

    This policy enables Kong Mesh to configure the load balancing strategy for traffic between services in the mesh.

  • MeshMetric

    Kong Mesh facilitates consistent traffic metrics across all data plane proxies in your mesh.

  • MeshOPA

    Kong Mesh integrates the Open Policy Agent (OPA) to provide access control for your Services.

  • meshpassthrough

    This policy enables Kong Mesh to configure traffic to external destinations that is allowed to pass outside the mesh.

  • MeshProxyPatch

    The `MeshProxyPatch` provides configuration options for low-level Envoy resources that Kong Mesh policies do not directly expose.

  • MeshRateLimit

    This policy enables per-instance service request limiting. Policy supports rate limiting of HTTP/HTTP2 requests and TCP connections.

  • MeshRetry

    This policy enables Kong Mesh to know how to behave if there are failed requests which could be retried.

  • MeshTCPRoute

    The MeshTCPRoute policy allows you to alter and redirect TCP requests depending on where the request is coming from and where it’s going to.

  • MeshTLS

    This policy enables Kong Mesh to configure TLS mode, ciphers and version. Backends and default mode values are taken from the Mesh object.

  • MeshTrace

    This policy enables publishing traces to a third party tracing solution.

  • MeshTrafficPermission

    The `MeshTrafficPermission` policy provides access control within Mesh.

  • ACM Private CA Policy

    Configure Kong Mesh to use Amazon Certificate Manager as a Certificate Authority for mTLS, including setup steps and authentication options.

  • Kubernetes cert-manager CA policy

    Use Kubernetes cert-manager as an mTLS backend for issuing Data Plane certificates in Kong Mesh

  • MeshExternalService

    Declare external resources that services in the mesh can consume, enabling TLS, routing, and hostname customization.

  • MeshMultiZoneService

    Group MeshServices across zones into a single multizone service with zone-agnostic hostnames and load balancing.

  • MeshService

    Define and manage services within the mesh, replacing kuma.io/service tags for clearer service targeting and routing.

  • HostnameGenerator

    Customize hostnames for MeshService resources using templated HostnameGenerator policies.

  • HashiCorp Vault CA

    Configure Kong Mesh to use HashiCorp Vault as a Certificate Authority for mTLS, including setup steps and authentication options.

  • Add a builtin gateway

    Deploy a built-in gateway in to expose internal mesh services to external traffic. This guide walks through setting up MeshGatewayInstance and MeshGateway resources, defining routes with MeshHTTPRoute, configuring permissions, and securing the gateway with TLS.

  • Configure a built-in gateway

    Overview and deployment guide for configuring a built-in gateway with Kong Mesh using MeshGateway, MeshGatewayInstance, and Dataplane resources in both Kubernetes and Universal environments.

  • Configuring built-in listeners

    Reference for configuring built-in listeners using MeshGateway, including listener setup, TLS termination, hostnames, and cross-mesh support.

  • Configuring built-in routes

    Reference for configuring HTTP and TCP routing through builtin gateways using MeshHTTPRoute and MeshTCPRoute, including hostname matching and weighted backends.

  • Kubernetes Gateway API

    Expose your services to external traffic using the Kubernetes Gateway API with . This guide walks through setting up a built-in gateway, defining routes, securing traffic with TLS, and configuring permissions.

  • Running built-in gateway pods on Kubernetes

    Guide to running builtin gateway pods with MeshGatewayInstance in Kubernetes and customizing deployments and services.

  • Kubernetes Gateway API

    How to use Kubernetes Gateway API with Kong Mesh, including support for built-in gateways, HTTP/TCP routing, TLS, GAMMA, and multi-zone limitations.

  • Delegated gateways

    Guide to configuring delegated gateways in Kong Mesh, allowing external API gateways to handle ingress while Kong Mesh manages egress to the mesh.

  • Use Kong as a delegated Gateway

    Set up Kong Gateway as a delegated gateway for to expose internal services to external traffic. This guide covers installing the Kong Ingress Controller, enabling sidecar injection, creating routes, configuring permissions with MeshTrafficPermission, and verifying traffic access.

  • Observability

    Learn how to configure observability in Kong Mesh using Prometheus, Grafana, Jaeger, Loki, and Datadog.

  • Collect metrics with OpenTelemetry

    Collect and export metrics from Kong Mesh with OpenTelemetry and visualize them using Prometheus and Grafana.

  • Dataplane Health

    Overview of dataplane health features in Kong Mesh, including circuit breaking, active health checks, and integration with Kubernetes and Universal service probes.

  • Zone Egress

    How to configure Zone Egress to isolate cross-zone and external service traffic.

  • Zone Ingress

    How to deploy and configure Zone Ingress for cross-zone communication in multi-zone mode.

  • CLI

    Reference for the CLI tools included in Kong Mesh, including usage examples and commands for kumactl, kuma-cp, and kuma-dp.

  • Software Bill of Materials

    View and download software bill of materials (SBOMs) for Kong Mesh binaries and Docker images, including license, dependency, and security information.

  • kuma-cp configuration reference

    Configuration Reference

  • Kong Mesh data collection

    Enable or disable data collection in Kong Mesh. Understand what telemetry is collected and how to configure reporting.

  • Configure Data Plane proxy membership

    Control which Data Plane proxies can join a mesh using requirements and restrictions. Useful for enforcing tag consistency, namespace control, and zone-based segmentation.

  • Control Plane configuration

    Guide for configuring the Kong Mesh Control Plane using environment variables or YAML, with details on store types (memory, Kubernetes, PostgreSQL) and configuration inspection.

  • DNS

    Learn how Kong Mesh DNS works with virtual IPs and service naming to enable transparent proxying.

  • IPv6 support

    Instructions for enabling or disabling IPv6 support in Kong Mesh across Universal and Kubernetes environments.

  • Performance fine-tuning

    Reference guide to performance tuning in Kong Mesh, including configuration trimming, Postgres tuning, XDS snapshot generation, profiling, and Envoy concurrency.

  • Kong Mesh vulnerability patching process

    Understand how Kong addresses and patches vulnerabilities in Kong Mesh binaries, third-party dependencies, and Docker images.

  • Kong Mesh version support policy

    Understand the lifecycle and version support guidelines for Kong Mesh, including supported release timelines.

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!