Home / Kong Mesh
Edit
Report

Running built-in gateway pods on Kubernetes

Uses: Kong Mesh
Related Documentation
All Mesh Documentation
Related Resources
Add a builtin gateway
Deploy Kong Mesh on Kubernetes
Configure a built-in gateway
Configuring built-in routes

MeshGatewayInstance is a Kubernetes-only resource for deploying Kong Mesh’s builtin gateway.

MeshGateway and MeshHTTPRoute/MeshTCPRoute allow specifying builtin gateway listener and route configuration but don’t handle deploying kuma-dp instances that listen and serve traffic.

Kuma offers MeshGatewayInstance to manage a Kubernetes Deployment and Service that together provide service capacity for the MeshGateway.

If you’re not using the default Mesh, you’ll need to label the MeshGatewayInstance using kuma.io/mesh.

Consider the following example:

apiVersion: kuma.io/v1alpha1
kind: MeshGatewayInstance
metadata:
  name: edge-gateway
  namespace: default
  labels:
    kuma.io/mesh: default # only necessary if not using default Mesh
spec:
  replicas: 2
  serviceType: LoadBalancer
Copied to clipboard!

Once a MeshGateway exists with kuma.io/service: edge-gateway_default_svc, the control plane creates a new Deployment in the default namespace. This Deployment deploys 2 replicas of kuma-dp and corresponding builtin gateway Dataplane running with kuma.io/service: edge-gateway_default_svc.

The control plane also creates a new Service to send network traffic to the builtin Dataplane pods. The Service is of type LoadBalancer, and its ports are automatically adjusted to match the listeners on the corresponding MeshGateway.

Customization

Additional customization of the generated Service or Pods is possible via spec.serviceTemplate and spec.podTemplate.

For example, you can add annotations and/or labels to the generated objects:

apiVersion: kuma.io/v1alpha1
kind: MeshGatewayInstance
metadata:
  name: edge-gateway
  namespace: default
spec:
  replicas: 1
  serviceType: LoadBalancer
  serviceTemplate:
    metadata:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-internal: "true"
  podTemplate:
    metadata:
      labels:
        app-name: my-app
Copied to clipboard!

You can also modify several resource limits or security-related parameters for the generated Pods or specify a loadBalancerIP for the Service:

apiVersion: kuma.io/v1alpha1
kind: MeshGatewayInstance
metadata:
  name: edge-gateway
  namespace: default
spec:
  replicas: 1
  serviceType: LoadBalancer
  resources:
    requests:
      memory: 64Mi
      cpu: 250m
    limits:
      memory: 128Mi
      cpu: 500m
  serviceTemplate:
    metadata:
      labels:
        svc-id: "19-001"
    spec:
      loadBalancerIP: 172.17.0.1
  podTemplate:
    metadata:
      annotations:
        app-monitor: "false"
    spec:
      serviceAccountName: my-sa
      securityContext:
        fsGroup: 2000
      container:
        securityContext:
          readOnlyRootFilesystem: true
Copied to clipboard!

Schema

apiVersionstring

APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kindstring

Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadataobject
specobject

MeshGatewayInstanceSpec specifies the options available for a GatewayDataplane.

Hide Child Parameters
podTemplateobject

PodTemplate configures the Pod owned by this config.

Hide Child Parameters
metadataobject

Metadata holds metadata configuration for a Service.

Hide Child Parameters
annotationsobject

Annotations holds annotations to be set on an object.

labelsobject

Labels holds labels to be set on an objects.

specobject

Spec holds some customizable fields of a Pod.

Hide Child Parameters
containerobject

Container corresponds to PodSpec.Container

Show Child Parameters
securityContextobject

PodSecurityContext corresponds to PodSpec.SecurityContext

Show Child Parameters
serviceAccountNamestring

ServiceAccountName corresponds to PodSpec.ServiceAccountName.

replicasinteger(int32)

Replicas is the number of dataplane proxy replicas to create. For
now this is a fixed number, but in the future it could be
automatically scaled based on metrics.

Default:1

>= 1

resourcesobject

Resources specifies the compute resources for the proxy container.
The default can be set in the control plane config.

Hide Child Parameters
claimsarray[object]

ResourceClaim references one entry in PodSpec.ResourceClaims.

Hide Child Parameters
namestringrequired

Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.

requeststring

Request is the name chosen for a request in the referenced claim.
If empty, everything from the claim is made available, otherwise
only the result of this request.

limitsobject

Limits describes the maximum amount of compute resources allowed.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

requestsobject

Requests describes the minimum amount of compute resources required.
If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
otherwise to an implementation-defined value. Requests cannot exceed Limits.
More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

serviceTemplateobject

ServiceTemplate configures the Service owned by this config.

Hide Child Parameters
metadataobject

Metadata holds metadata configuration for a Service.

Hide Child Parameters
annotationsobject

Annotations holds annotations to be set on an object.

labelsobject

Labels holds labels to be set on an objects.

specobject

Spec holds some customizable fields of a Service.

Hide Child Parameters
loadBalancerIPstring

LoadBalancerIP corresponds to ServiceSpec.LoadBalancerIP.

serviceTypestring

ServiceType specifies the type of managed Service that will be
created to expose the dataplane proxies to traffic from outside
the cluster. The ports to expose will be taken from the matching Gateway
resource. If there is no matching Gateway, the managed Service will
be deleted.

Allowed values:LoadBalancerClusterIPNodePort

Default:LoadBalancer

tagsobject

Tags specifies the Kuma tags that are propagated to the managed
dataplane proxies. These tags should not include kuma.io/service tag
since is auto-generated, and should match exactly one Gateway
resource.

statusobject

MeshGatewayInstanceStatus holds information about the status of the gateway
instance.

Hide Child Parameters
conditionsarray[object]

Condition contains details for one aspect of the current state of this API Resource.

Hide Child Parameters
lastTransitionTimestring(date-time)required

lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

messagestringrequired

message is a human readable message indicating details about the transition.
This may be an empty string.

<= 32768 characters

observedGenerationinteger(int64)

observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.

>= 0

reasonstringrequired

reason contains a programmatic identifier indicating the reason for the condition’s last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.

Match pattern:^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$

>= 1 characters<= 1024 characters

statusstringrequired

status of the condition, one of True, False, Unknown.

Allowed values:TrueFalseUnknown

typestringrequired

type of condition in CamelCase or in foo.example.com/CamelCase.

Match pattern:^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$

<= 316 characters

loadBalancerobject

LoadBalancer contains the current status of the load-balancer,
if one is present.

Hide Child Parameters
ingressarray[object]

LoadBalancerIngress represents the status of a load-balancer ingress point:
traffic intended for the service should be sent to an ingress point.

Hide Child Parameters
hostnamestring

Hostname is set for load-balancer ingress points that are DNS based
(typically AWS load-balancers)

ipstring

IP is set for load-balancer ingress points that are IP based
(typically GCE or OpenStack load-balancers)

ipModestring

IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
Setting this to “VIP” indicates that traffic is delivered to the node with
the destination set to the load-balancer’s IP and port.
Setting this to “Proxy” indicates that traffic is delivered to the node or pod with
the destination set to the node’s IP and node port or the pod’s IP and port.
Service implementations may use this information to adjust traffic routing.

portsarray[object]

PortStatus represents the error condition of a service port

Show Child Parameters

Did this doc help?

Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support