The Dataplane resource configures a data plane proxy (also called a sidecar). The proxy runs alongside each workload and handles all inbound and outbound traffic for that workload.
On Kubernetes, Kong Mesh generates Dataplane resources automatically when the sidecar is injected into a Pod. On Universal, you must create Dataplane resources manually to register workloads with the mesh.
Each Dataplane belongs to exactly one mesh.
The following examples show common Dataplane configurations for Universal deployments. On Kubernetes, Kong Mesh generates these resources automatically.
Register a workload that exposes a single HTTP port:
type: Dataplane
mesh: default
name: web-01
networking:
address: 192.168.0.1
inbound:
- port: 8080
servicePort: 8080
tags:
kuma.io/service: web
kuma.io/protocol: http
version: v1
Configure a Dataplane for a workload that exposes more than one port:
type: Dataplane
mesh: default
name: backend-01
networking:
address: 192.168.0.2
inbound:
- port: 8080
servicePort: 8080
tags:
kuma.io/service: backend-http
kuma.io/protocol: http
- port: 9090
servicePort: 9090
tags:
kuma.io/service: backend-grpc
kuma.io/protocol: grpc
Declare each upstream service the workload calls as an explicit outbound listener:
type: Dataplane
mesh: default
name: web-01
networking:
address: 192.168.0.1
inbound:
- port: 8080
servicePort: 8080
tags:
kuma.io/service: web
kuma.io/protocol: http
outbound:
- port: 10001
tags:
kuma.io/service: backend
- port: 10002
tags:
kuma.io/service: database
Use transparent proxying so the workload reaches mesh services by their service name without declaring outbounds:
type: Dataplane
mesh: default
name: web-01
networking:
address: 192.168.0.1
inbound:
- port: 8080
servicePort: 8080
tags:
kuma.io/service: web
kuma.io/protocol: http
transparentProxying:
redirectPortInbound: 15006
redirectPortOutbound: 15001
reachableServices:
- backend
- database
Configure health probes so Kong Mesh can detect when the workload becomes unhealthy and stop routing traffic to it:
type: Dataplane
mesh: default
name: web-01
networking:
address: 192.168.0.1
inbound:
- port: 8080
servicePort: 8080
tags:
kuma.io/service: web
kuma.io/protocol: http
serviceProbe:
interval: 10s
timeout: 2s
unhealthyThreshold: 3
healthyThreshold: 1
tcp: {}
Set an advertised address when the proxy runs in a private network, such as a Docker container:
type: Dataplane
mesh: default
name: web-01
networking:
address: 172.17.0.2
advertisedAddress: 10.0.0.1
inbound:
- port: 8080
servicePort: 8080
tags:
kuma.io/service: web
kuma.io/protocol: http
Register an existing API gateway (such as Kong Gateway) as a delegated gateway that fronts the mesh:
type: Dataplane
mesh: default
name: kong-gateway
networking:
address: 192.168.0.10
gateway:
type: DELEGATED
tags:
kuma.io/service: kong-gateway
Run a built-in gateway for ingress traffic, configured through MeshGateway resources:
type: Dataplane
mesh: default
name: edge-gateway
networking:
address: 192.168.0.10
gateway:
type: BUILTIN
tags:
kuma.io/service: edge-gateway