Deploy a standalone control plane

In order to deploy Kong Mesh in a standalone deployment, the kuma-cp control plane must be started in standalone mode:

kumactl install control-plane \
  --set "kuma.controlPlane.mode=standalone" \
  | kubectl apply -f -

helm install --create-namespace --namespace kong-mesh-system \
  --set "kuma.controlPlane.mode=standalone" \
  kong-mesh kong-mesh/kong-mesh

kumactl install control-plane \
  --set "kuma.controlPlane.mode=standalone" \
  --set "kuma.egress.enabled=true" \
  | kubectl apply -f -

helm install --create-namespace --namespace kong-mesh-system \
  --set "kuma.controlPlane.mode=standalone" \
  --set "kuma.egress.enabled=true" \
  kong-mesh kong-mesh/kong-mesh

kuma-cp run

Once Kong Mesh is up and running, data plane proxies can now connect directly to it.

When the mode is not specified, Kong Mesh will always start in standalone mode by default.

Optional: control plane authentication

Running administrative tasks (like generating a dataplane token) requires authentication by token or a connection via localhost when interacting with the control plane.

Localhost authentication

For kuma-cp to recognize requests issued to docker published port it needs to run the container in the host network. To do this, add --network="host" parameter to the docker run command.

Authenticate via token

You can also configure kumactl to access kuma-dp from the container. Get the kuma-cp container id:

docker ps # copy kuma-cp container id

export KUMA_CP_CONTAINER_ID='...'

Configure kumactl:

TOKEN=$(bash -c "docker exec -it $KUMA_CP_CONTAINER_ID wget -q -O - http://localhost:5681/global-secrets/admin-user-token" | jq -r .data | base64 -d)

kumactl config control-planes add \
 --name my-control-plane \
 --address http://localhost:5681 \
 --auth-type=tokens \
 --auth-conf token=$TOKEN \
 --skip-verify