Home / Kong Mesh
Edit
Report

Set up the Kong Mesh key/value store

Uses: Kong Mesh
Incompatible with
konnect
Related Documentation
Mesh Documentation
In This Series
  1. Install Kong Mesh
  2. Set up the Kong Mesh control plane
  3. Set up the Kong Mesh key/value store
  4. Set up a Kong Mesh demo application
  5. Introduce zero-trust security with Kong Mesh
Tags
#get-started #universal-mode #docker
Minimum Version
Kong Mesh - 2.10
TL;DR

Deploy the kv container, install the Kong Mesh binaries and data plane proxy inside it, and configure the transparent proxy to intercept all traffic automatically.

Prerequisites

Series Prerequisites

This page is part of the Get started with Kong Mesh on Universal series.

Complete the previous page, Set up the Kong Mesh control plane before completing this page.

Generate a data plane token

Create a token for the kv data plane proxy to authenticate with the control plane:

kumactl generate dataplane-token \
  --tag kuma.io/service=kv \
  --valid-for 720h \
  > "$KONG_MESH_DEMO_TMP/token-kv"

Start the container

  1. Run the container:

    docker run \
  --detach \
  --name kong-mesh-demo-kv \
  --hostname kv \
  --network kong-mesh-demo \
  --ip 172.18.78.2 \
  --volume "$KONG_MESH_DEMO_TMP:/demo" \
  ghcr.io/kumahq/kuma-counter-demo:debian-slim

  2. Check the container logs to confirm it started:

    docker logs kong-mesh-demo-kv

    You should see something like this:

    time=2025-03-14T12:17:34.630Z level=INFO ... msg="server running" addr=:5050

Configure the container

Enter the container for the remaining steps. Inside it, you’ll configure the zone name in the key-value store, start the data plane proxy, and install the transparent proxy.

docker exec --tty --interactive --privileged kong-mesh-demo-kv bash

The following steps must be executed inside the container.

Install tools and create data plane proxy user

  1. Install the required tools:

    • curl: Downloads the Kong Mesh binaries.
    • iptables: Configures the transparent proxy.
    apt-get update && \
  apt-get install --yes curl iptables
  2. Download and install Kong Mesh: 
    curl --location https://developer.konghq.com/mesh/installer.sh | sh -
  3. Move Kong Mesh binaries to /usr/local/bin/ for global availability: 
    mv kong-mesh-*/bin/* /usr/local/bin/
  4. Create a dedicated user for the data plane proxy 
    useradd --uid 5678 --user-group kong-mesh-data-plane-proxy

Set the zone name

Give the kv instance a name. The demo application will use this name to identify which kv instance is accessed:

curl localhost:5050/api/key-value/zone \
  --header 'Content-Type: application/json' \
  --data '{"value":"local-demo-zone"}'

You should see the following output:

{"value":"local-demo-zone"}

Start the data plane proxy

  1. Start the proxy:

    runuser --user kong-mesh-data-plane-proxy -- \
  /usr/local/bin/kuma-dp run \
    --cp-address https://control-plane:5678 \
    --dataplane-token-file /demo/token-kv \
    --dataplane-file /demo/dataplane.yaml \
    --dataplane-var name=kv \
    --dataplane-var address=172.57.78.2 \
    --dataplane-var port=5050 \
    > /demo/logs-data-plane-proxy-kv.log 2>&1 &

  2. After a few seconds, check the logs to verify the proxy is running:

    tail /demo/logs-data-plane-proxy-kv.log

    You should see entries like these:

    [2025-03-14 12:24:54.779][3088][info][config] [source/common/listener_manager/listener_manager_impl.cc:944] all dependencies initialized. starting workers
[2025-03-14 12:24:59.595][3088][info][upstream] [source/common/upstream/cds_api_helper.cc:32] cds: add 8 cluster(s), remove 2 cluster(s)
[2025-03-14 12:24:59.623][3088][info][upstream] [source/common/upstream/cds_api_helper.cc:71] cds: added/updated 1 cluster(s), skipped 7 unmodified cluster(s)
[2025-03-14 12:24:59.628][3088][info][upstream] [source/common/listener_manager/lds_api.cc:106] lds: add/update listener 'kuma:dns'
[2025-03-14 12:24:59.649][3088][info][upstream] [source/common/listener_manager/lds_api.cc:106] lds: add/update listener 'outbound:241.0.0.0:5050'

Install the transparent proxy

Make sure this command is executed inside the container. It changes iptables rules to redirect all traffic to the data plane proxy. Running it on your computer or a virtual machine without the data plane proxy can disrupt network connectivity. On a virtual machine, this might lock you out until you restart it.

  1. Install the transparent proxy:

    kumactl install transparent-proxy \
  --config-file /demo/config-transparent-proxy.yaml \
  > /demo/logs-transparent-proxy-install-kv.log 2>&1

  2. Confirm the installation succeeded by checking the last line of the log:

    tail -n1 /demo/logs-transparent-proxy-install-kv.log

    You should see the following output:

    # transparent proxy setup completed successfully

Exit the container

The key/value store is set up. Exit the container:

exit

Check if service is running

To confirm the service is set up correctly and running, use kumactl to inspect the MeshService resources:

kumactl get meshservices

The output should show a single service, kv.

You can also open the Kong Mesh UI at http://127.0.0.1:25681/gui/meshes/default/services/mesh-services. Look for the kv service, and verify that its state is Available.

← Previous 2. Set up the Kong Mesh control plane Next → 4. Set up a Kong Mesh demo application
Something wrong?
Report an Issue | Edit this Page
View all Kong documentation

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help?

Ask in our Slack Community
Contact Support