Set up the Kong Mesh control plane
Run the control plane as a Docker container, retrieve the admin token, configure kumactl to connect to it, and enable MeshService resources in Exclusive mode.
Prerequisites
Series Prerequisites
This page is part of the Get started with Kong Mesh on Universal series.
Complete the previous page, Install Kong Mesh before completing this page.
Start the control plane
Run the Kong Mesh control plane using the kuma-cp Docker image:
docker run \
--detach \
--name kong-mesh-demo-control-plane \
--hostname control-plane \
--network kong-mesh-demo \
--ip 172.18.78.1 \
--publish 25681:5681 \
--volume "$KONG_MESH_DEMO_TMP:/demo" \
kong/kuma-cp:2.13.5 run
You can now access the Kong Mesh user interface at http://127.0.0.1:25681/gui.
Configure kumactl
To manage the deployment with kumactl, connect it to the control plane you started in the previous section.
-
Run the following command to get the admin token from the control plane:
export KONG_MESH_DEMO_ADMIN_TOKEN="$( docker exec --tty --interactive kong-mesh-demo-control-plane \ wget --quiet --output-document - \ http://127.0.0.1:5681/global-secrets/admin-user-token \ | jq --raw-output .data \ | base64 --decode )"Copied! -
Use the retrieved token to link kumactl to the control plane:
kumactl config control-planes add \ --name kong-mesh-demo \ --address http://127.0.0.1:25681 \ --auth-type tokens \ --auth-conf "token=$KONG_MESH_DEMO_ADMIN_TOKEN" \ --skip-verifyCopied! -
Run the following command to verify the connection:
kumactl get meshesCopied!You should see one mesh listed:
default.
Configure the default mesh
Configure the default mesh to use MeshService resources in Exclusive mode:
echo 'type: Mesh
name: default
meshServices:
mode: Exclusive' | kumactl apply -f -
MeshService resources are explicit representations of traffic destinations. They define which data plane proxies serve the traffic and the available ports, IPs, and hostnames.