Convert Figma logo to code with AI

kumahq logokuma

🐻 The multi-zone service mesh for containers, Kubernetes and VMs. Built with Envoy. CNCF Sandbox Project.

3,602
332
3,602
390
View on GitHubView on NPM

Top Related Projects

istio's avatar

istio

35,688

Connect, secure, control, and observe services.

linkerd's avatar

linkerd2

10,567

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.

consuldemocracy's avatar

consuldemocracy

1,422

Consul Democracy - Open Government and E-Participation Web Software

traefik's avatar

traefik

50,061

The Cloud Native Application Proxy

envoyproxy's avatar

envoy

24,693

Cloud-native high-performance edge/middle/service proxy

Quick Overview

Kuma is an open-source, universal service mesh that provides a platform-agnostic control plane for managing service-to-service communication across cloud-native environments. It aims to simplify the deployment and management of service meshes, making it easier for organizations to adopt and scale microservices architectures.

Pros

  • Platform-Agnostic: Kuma can be deployed on a variety of platforms, including Kubernetes, Consul, and VMs, making it a flexible choice for organizations with diverse infrastructure.
  • Simplified Configuration: Kuma's declarative configuration model and intuitive API make it easier to manage service mesh policies and configurations across multiple environments.
  • Scalable and Resilient: Kuma is designed to be highly scalable and resilient, with features like high availability and automatic failover.
  • Comprehensive Observability: Kuma provides comprehensive observability features, including detailed metrics, tracing, and logging, to help organizations monitor and troubleshoot their service mesh deployments.

Cons

  • Learning Curve: Kuma's feature-rich capabilities and flexibility may come with a steeper learning curve for some users, especially those new to service mesh technologies.
  • Limited Community: Compared to more established service mesh solutions like Istio or Linkerd, Kuma has a smaller community and ecosystem, which may limit the availability of third-party integrations and resources.
  • Maturity: As a relatively new project, Kuma may not have the same level of maturity and production-readiness as some of the more established service mesh solutions.
  • Documentation: While Kuma's documentation is generally good, some users may find it could be more comprehensive or easier to navigate, especially for more advanced use cases.

Getting Started

To get started with Kuma, you can follow these steps:

  1. Install the Kuma control plane:
# For Kubernetes
kubectl apply -f https://kuma.io/install.yaml

# For other platforms
curl -L https://kuma.io/install.sh | sh
  1. Create a Kuma mesh:
# kuma-mesh.yaml
type: Mesh
name: default

# Apply the mesh configuration
kubectl apply -f kuma-mesh.yaml
  1. Deploy a service with Kuma sidecar:
# example-service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-service
spec:
  selector:
    matchLabels:
      app: example-service
  template:
    metadata:
      labels:
        app: example-service
    spec:
      containers:
      - name: example-service
        image: example/service:v1
        ports:
        - containerPort: 8080
      - name: kuma-proxy
        image: kumahq/kuma-dp:latest
        ports:
        - containerPort: 10000

# Deploy the service
kubectl apply -f example-service.yaml
  1. Verify the deployment:
# Check the Kuma mesh status
kubectl get meshes
# Check the Kuma data plane status
kubectl get dataplanes

That's a basic overview of getting started with Kuma. For more advanced use cases and configuration options, please refer to the Kuma documentation.

Competitor Comparisons

istio logo

istio

35,688

Connect, secure, control, and observe services.

Pros of Istio

  • Istio has a larger community and more contributors, which can lead to faster development and more features.
  • Istio has a more comprehensive set of features, including advanced traffic management, security, and observability capabilities.
  • Istio has better integration with popular cloud platforms, such as Google Cloud, Amazon Web Services, and Microsoft Azure.

Cons of Istio

  • Istio can be more complex to set up and configure, especially for smaller or less experienced teams.
  • Istio has a higher resource footprint, which can impact the performance of your applications.
  • Istio's documentation can be less user-friendly compared to Kuma's.

Code Comparison

Istio:

func (s *Server) Run(args []string) error {
    // Set up the command line arguments.
    rootCmd := &cobra.Command{
        Use:   "istioctl",
        Short: "Istio control interface",
        Long:  `Istio control interface to manage and diagnose Istio mesh.`,
        RunE: func(cmd *cobra.Command, args []string) error {
            if len(args) > 0 {
                return fmt.Errorf("unknown command %q", args[0])
            }
            cmd.HelpFunc()(cmd, args)
            return nil
        },
    }
    // ...
}

Kuma:

func main() {
    rootCmd := &cobra.Command{
        Use:   "kuma",
        Short: "Kuma - Universal Service Mesh",
        Long:  `Kuma is a universal service mesh to secure, observe and connect services.`,
        RunE: func(cmd *cobra.Command, args []string) error {
            if len(args) > 0 {
                return fmt.Errorf("unknown command %q", args[0])
            }
            cmd.HelpFunc()(cmd, args)
            return nil
        },
    }
    // ...
}
linkerd logo

linkerd2

10,567

Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.

Pros of Linkerd

  • Linkerd is a highly scalable and performant service mesh, capable of handling large-scale deployments.
  • The project has a strong focus on security, with features like automatic mTLS and end-to-end encryption.
  • Linkerd provides a user-friendly command-line interface (CLI) for easy management and configuration.

Cons of Linkerd

  • Linkerd has a higher resource footprint compared to Kuma, which may be a concern for resource-constrained environments.
  • The project's documentation, while comprehensive, can be overwhelming for new users.
  • Linkerd's ecosystem is not as extensive as Kuma's, with fewer integrations and third-party tools available.

Code Comparison

Kuma:

apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
  name: default
spec:
  mtls:
    enabledBackend: ca-1
    backends:
    - name: ca-1
      type: builtin

Linkerd:

apiVersion: linkerd.io/v2
kind: ServiceProfile
metadata:
  name: web
  namespace: default
spec:
  routes:
  - condition:
      method: GET
      pathRegex: /api/v1/hello
    name: hello
    isRetryable: true
    retryBudget:
      retryRatio: 0.2
      minRetriesPerSecond: 10
      ttl: 10s
consuldemocracy logo

consuldemocracy

1,422

Consul Democracy - Open Government and E-Participation Web Software

Pros of consuldemocracy/consuldemocracy

  • Focuses on building a decentralized, democratic decision-making platform, which aligns with the project's mission.
  • Utilizes Consul, a popular service discovery and configuration tool, as the underlying infrastructure.
  • Provides a web-based interface for users to participate in the decision-making process.

Cons of consuldemocracy/consuldemocracy

  • Smaller community and less active development compared to Kuma.
  • Limited documentation and resources available for new contributors.
  • Potential challenges in scaling and maintaining a decentralized system.

Code Comparison

Kuma (kumahq/kuma):

func (s *Server) Start(ctx context.Context) error {
    s.log.Info("Starting Kuma Control Plane")
    defer s.log.Info("Kuma Control Plane stopped")

    s.startMetrics(ctx)
    s.startAPIServer(ctx)
    s.startDataplane(ctx)
    s.startDatastore(ctx)
    s.startDNSServer(ctx)
    s.startHealthServer(ctx)
    s.startKDSServer(ctx)
    s.startKDSGateway(ctx)
    s.startKDSProxy(ctx)
    s.startKDSResolver(ctx)
    s.startKDSWatcher(ctx)
    s.startKumaDP(ctx)
    s.startKumaDNSServer(ctx)
    s.startKumaDNSWatcher(ctx)
    s.startKumaGateway(ctx)
    s.startKumaProxy(ctx)
    s.startKumaResolver(ctx)
    s.startKumaWatcher(ctx)
    s.startMetricsServer(ctx)
    s.startMeshGateway(ctx)
    s.startMeshTransparentProxy(ctx)
    s.startMeshTransparentProxyWatcher(ctx)
    s.startMeshWatcher(ctx)
    s.startMonitoringServer(ctx)
    s.startProxyServer(ctx)
    s.startRBACServer(ctx)
    s.startRPCServer(ctx)
    s.startRPCWatcher(ctx)
    s.startRuntimeServer(ctx)
    s.startRuntimeWatcher(ctx)
    s.startSecretServer(ctx)
    s.startSecretWatcher(ctx)
    s.startTrafficPermissionServer(ctx)
    s.startTrafficPermissionWatcher(ctx)
    s.startTrafficRouteServer(ctx)
    s.startTrafficRouteWatcher(ctx)
    s.startTrafficTraceServer(ctx)
    s.startTrafficTraceWatcher(ctx)

    <-ctx.Done()
    return nil
}

consuldemocracy/consuldemocracy:

func (s *Server) Start(ctx context.Context) error {
    s.log.Info("Starting Consul Democracy")
    defer s.log.Info("Consul Democracy stopped")

    s.startConsulClient(ctx)
    s.startWebServer(ctx)
    s.startVotingEngine(ctx)
    s.startNotificationEngine(ctx)

    <-ctx.Done()
    return nil
}
traefik logo

traefik

50,061

The Cloud Native Application Proxy

Pros of Traefik

  • Traefik is a widely-used and mature reverse proxy and load balancer, with a large and active community.
  • It supports a wide range of backends, including Kubernetes, Docker, and various cloud providers.
  • Traefik has a user-friendly web UI for monitoring and managing the proxy.

Cons of Traefik

  • Traefik's configuration can be more complex compared to Kuma, especially for more advanced use cases.
  • Traefik may have a higher resource footprint than Kuma, as it runs as a separate service.

Code Comparison

Kuma:

type: Mesh
name: default
mtls:
  enabled: true
  validation:
    allowedSources:
      - name: default
        type: builtin

Traefik:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  kubernetesIngress:
    ingressClass: traefik
envoyproxy logo

envoy

24,693

Cloud-native high-performance edge/middle/service proxy

Pros of Envoy

  • Envoy is a widely adopted and battle-tested proxy, with a large and active community.
  • Envoy has a rich set of features, including advanced load balancing, circuit breaking, and observability.
  • Envoy is highly performant and scalable, making it suitable for high-traffic environments.

Cons of Envoy

  • Envoy has a steeper learning curve compared to Kuma, especially for developers new to service mesh concepts.
  • Envoy's configuration can be complex, requiring a deeper understanding of its architecture and features.
  • Envoy may have a higher resource footprint compared to Kuma, which can be a concern in resource-constrained environments.

Code Comparison

Envoy configuration (simplified):

static_resources:
  listeners:
  - name: listener_0
    address:
      socket_address:
        address: 0.0.0.0
        port_value: 80
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              - match:
                  prefix: "/"
                route:
                  cluster: some_service

Kuma configuration (simplified):

type: Mesh
name: default
mtls:
  enable: true
  ca:
    builtin: {}
traffic:
  enableMetrics: true
  outbound:
    passthrough: true
  inbound:
    default:
      backend: default

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Builds

GitHub Actions master

Code quality

Go Report Card OpenSSF Best Practices OpenSSF Scorecard License CLOMonitor

Releases

Docker hub Artifact HUB Package Hosting By: Cloudsmith

Social

Slack Twitter

Kuma is a modern Envoy-based service mesh that can run on every cloud, in a single or multi-zone capacity, across both Kubernetes and VMs. Thanks to its broad universal workload support, combined with native support for Envoy as its data plane proxy technology (but with no Envoy expertise required), Kuma provides modern L4-L7 service connectivity, discovery, security, observability, routing and more across any service on any platform, databases included.

Easy to use, with built-in service mesh policies for security, traffic control, discovery, observability and more, Kuma ships with an advanced multi-zone and multi-mesh support that automatically enables cross-zone communication across different clusters and clouds, and automatically propagates service mesh policies across the infrastructure. Kuma is currently being adopted by enterprise organizations around the world to support distributed service meshes across the application teams, on both Kubernetes and VMs.

Originally created and donated by Kong, Kuma is today CNCF (Cloud Native Computing Foundation) Sandbox project and therefore available with the same openness and neutrality as every other CNCF project. Kuma has been engineered to be both powerful yet simple to use, reducing the complexity of running a service mesh across every organization with very unique capabilities like multi-zone support, multi-mesh support, and a gradual and intuitive learning curve.

Users that require enterprise-level support for Kuma can explore the enterprise offerings available.

Built by Envoy contributors at Kong 🦍.

Get Started

Get Involved

Need help? In your journey with Kuma you can get in touch with the broader community via the official community channels.

Summary

Why Kuma?

Built with enterprise use-cases in mind, Kuma is a universal service mesh that supports both Kubernetes and VMs deployments across single and multi-zone setups, with turnkey service mesh policies to get up and running easily while supporting multi-tenancy and multi-mesh on the same control plane. Kuma is a CNCF Sandbox project.

Unlike other service mesh solutions, Kuma innovates the service mesh ecosystem by providing ease of use, native support for both Kubernetes and VMs on both the control plane and the data plane, multi-mesh support that can cross every boundary including Kubernetes namespaces, out of the box multi-zone and multi-cluster support with automatic policy synchronization and connectivity, zero-trust, observability and compliance in one-click, support for custom workload attributes that can be leveraged to accelerate PCI and GDPR compliance, and much more.

Below is an example of using Kuma's attributes to route all traffic generated by any PCI-compliant service in Switzerland, to only be routed within the Swiss region:

apiVersion: kuma.io/v1alpha1
kind: TrafficRoute
mesh: default
metadata:
  name: ch-pci-compliance
spec:
  sources:
    - match:
        kuma.io/service: '*'
        kuma.io/zone: 'CH'
        PCI: true
  destinations:
    - match:
        kuma.io/service: '*'
  conf:
    loadBalancer:
      roundRobin: {}
    split:
      - weight: 100
        destination:
          kuma.io/service: '*'
          kuma.io/zone: 'CH'

The above example can also be applied on virtual machines via the built-in kumactl CLI.

With Kuma, our application teams can stop building connectivity management code in every service and every application, and they can rely on modern service mesh infrastructure instead to improve their efficiency and the overall agility of the organization:

Features

  • Universal Control Plane: Easy to use, distributed, runs anywhere on both Kubernetes and VM/Bare Metal.
  • Lightweight Data Plane: Powered by Envoy to process any L4/L7 traffic, with automatic Envoy bootstrapping.
  • Automatic DP Injection: No code changes required in K8s. Easy YAML specification for VM and Bare Metal deployments.
  • Multi-Mesh: To setup multiple isolated Meshes in one cluster and one Control Plane, lowering OPs cost.
  • Single and Multi Zone: To deploy a service mesh that is cross-platform, cross-cloud and cross-cluster.
  • Automatic Discovery & Ingress: With built-in service discovery and connectivity across single and multi-zones.
  • Global & Remote CPs: For scalability across deployments with multiple zones, including hybrid VMs + K8s meshes.
  • mTLS: Automatic mTLS issuing, identity and encryption with optional support for third-party CA.
  • TLS Rotation: Automatic certificate rotation for all the data planes, with configurable settings.
  • Internal & External Services: Aggregation of internal services and support for services outside the mesh.
  • Traffic Permissions: To firewall traffic between the services of a Mesh.
  • Traffic Routing: With dynamic load-balancing for blue/green, canary, versioning and rollback deployments.
  • Fault Injection: To harden our systems by injecting controlled artificial faults and observe the behavior.
  • Traffic Logs: To log all the activity to a third-party service, like Splunk or ELK.
  • Traffic Tracing: To observe the full trace of the service traffic and determine bottlenecks.
  • Traffic Metrics: For every Envoy dataplane managed by Kuma with native Prometheus/Grafana support.
  • Retries: To improve application reliability by automatically retrying requests.
  • Proxy Configuration Templating: The easiest way to run and configure Envoy with low-level configuration.
  • Gateway Support: To support any API Gateway or Ingress, like Kong Gateway.
  • Healthchecks: Both active and passive.
  • GUI: Out of the box browser GUI to explore all the Service Meshes configured in the system.
  • Tagging Selectors: To apply sophisticated regional, cloud-specific and team-oriented policies.
  • Platform-Agnostic: Support for Kubernetes, VMs, and bare metal. Including hybrid deployments.
  • Transparent Proxying: Out of the box transparent proxying on Kubernetes, VMs and any other platform.
  • Network Overlay: Create a configurable Mesh overlay across different Kubernetes clusters and namespaces.

Distributions

Kuma is a platform-agnostic product that ships in different distributions. You can explore the available installation options at the official website.

You can use Kuma for modern greenfield applications built on containers as well as existing applications running on more traditional infrastructure. Kuma can be fully configured via CRDs (Custom Resource Definitions) on Kubernetes and via a RESTful HTTP API in other environments that can be easily integrated with CI/CD workflows.

Kuma also provides an easy to use kumactl CLI client for every environment, and an official GUI that can be accessed by the browser.

Roadmap

Kuma releases a minor version on a 10-week release cycle. The roadmap is tracked using milestones: https://github.com/kumahq/kuma/milestones

Development

Kuma is under active development and production-ready.

See Developer Guide for further details.

Enterprise Support

If you are implementing Kuma in a mission-critical environment and require enterprise support and features, please visit Enterprise to explore the available offerings.

Package Hosting

Package repository hosting is graciously provided by Cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.