kumahq / kuma

[![][kuma-logo]][kuma-url] **Builds** **Code quality** **Releases** **Social** Kuma is a modern Envoy-based service mesh that can run on every cloud, in a single or multi-zone capacity, across both Kubernetes and VMs. Thanks to its broad universal workload support, combined with native support for Envoy as its data plane proxy technology (but with no Envoy expertise required), Kuma provides modern L4-L7 service connectivity, discovery, security, observability, routing and more across any service on any platform, databases included. Easy to use, with built-in service mesh policies for security, traffic control, discovery, observability and more, Kuma ships with an advanced multi-zone and multi-mesh support that automatically enables cross-zone communication across different clusters and clouds, and automatically propagates service mesh policies across the infrastructure. Kuma is currently being adopted by enterprise organizations around the world to support distributed service meshes across the application teams, on both Kubernetes and VMs. Originally created and donated by Kong, Kuma is today CNCF (Cloud Native Computing Foundation) Sandbox project and therefore available with the same openness and neutrality as every other CNCF project. Kuma has been engineered to be both powerful yet simple to use, reducing the complexity of running a service mesh across every organization with very unique capabilities like multi-zone support, multi-mesh support, and a gradual and intuitive learning curve. Users that require enterprise-level support for Kuma can explore the enterprise offerings available. Get Started • Installation • Documentation Get Involved • Join the Kuma Slack or the #kuma channel in the CNCF Slack exists but is not actively in use. • Attend a Community Call monthly on the second Wednesday. Add to Calendar • Follow us on Twitter • Read the blog **Need help?** In your journey with Kuma you can get in touch with the broader community via the official community channels. Summary • **Why Kuma?** • **Features** • **Distributions** • **Development** • **Enterprise Demo** • **License** Why Kuma? Built with enterprise use-cases in mind, Kuma is a universal service mesh that supports both Kubernetes and VMs deployments across single and multi-zone setups, with turnkey service mesh policies to get up and running easily while supporting multi-tenancy and multi-mesh on the same control plane. Kuma is a CNCF Sandbox project. Unlike other service mesh solutions, Kuma innovates the service mesh ecosystem by providing ease of use, native support for both Kubernetes and VMs on both the control plane and the data plane, multi-mesh support that can cross every boundary including Kubernetes namespaces, out of the box multi-zone and multi-cluster support with automatic policy synchronization and connectivity, zero-trust, observability and compliance in one-click, support for custom workload attributes that can be leveraged to accelerate PCI and GDPR compliance, and much more. With Kuma, our application teams can stop building connectivity management code in every service and every application, and they can rely on modern service mesh infrastructure instead to improve their efficiency and the overall agility of the organization: [![][kuma-benefits]][kuma-url] Features • **Universal Control Plane**: Easy to use, distributed, runs anywhere on both Kubernetes and VM/Bare Metal. • **Lightweight Data Plane**: Powered by Envoy to process any L4/L7 traffic, with automatic Envoy bootstrapping. • **Automatic DP Injection**: No code changes required in K8s. Easy YAML specification for VM and Bare Metal deployments. • **Multi-Mesh**: To setup multiple isolated Meshes in one cluster and one Control Plane, lowering OPs cost. • **Single and Multi Zone**: To deploy a service mesh that is cross-platform, cross-cloud and cross-cluster. • **Automatic Discovery & Ingress**: With built-in service discovery and connectivity across single and multi-zones. • **Global & Remote CPs**: For scalability across deployments with multiple zones, including hybrid VMs + K8s meshes. • **mTLS**: Automatic mTLS issuing, identity and encryption with optional support for third-party CA. • **TLS Rotation**: Automatic certificate rotation for all the data planes, with configurable settings. • **Internal & External Services**: Aggregation of internal services and support for services outside the mesh. • **MeshTrafficPermission**: To firewall traffic between services with zero-trust security. • **MeshHTTPRoute & MeshTCPRoute**: With dynamic load-balancing for blue/green, canary, versioning and rollback deployments. • **MeshFaultInjection**: To harden systems by injecting controlled artificial faults and observe behavior. • **MeshAccessLog**: To log all activity to third-party services, like Splunk or ELK. • **MeshTrace**: To observe the full trace of service traffic and determine bottlenecks. • **MeshMetric**: For every Envoy dataplane managed by Kuma with native Prometheus/Grafana support. • **MeshRetry**: To improve application reliability by automatically retrying requests. • **Proxy Configuration Templating**: The easiest way to run and configure Envoy with low-level configuration. • **Gateway Support**: To support any API Gateway or Ingress, like Kong Gateway. • **GUI**: Out of the box browser GUI to explore all the Service Meshes configured in the system. • **Label Selectors**: To apply sophisticated regional, cloud-specific and team-oriented policies. • **Platform-Agnostic**: Support for Kubernetes, VMs, and bare metal. Including hybrid deployments. • **Transparent Proxying**: Out of the box transparent proxying on Kubernetes, VMs and any other platform. • **Network Overlay**: Create a configurable Mesh overlay across different Kubernetes clusters and namespaces. Distributions Kuma is a platform-agnostic product that ships in different distributions. You can explore the available installation options at the official…