Kong Mesh

Modernized service mesh for API developers and Platform Operators

All Mesh Documentation

With Kong Mesh, you can run and manage a distributed service mesh across Kubernetes and VMs in any environment.

Benefits of Kong Mesh:

Built-in mTLS, service discovery, and traffic management.
Support for multi-zone and multi-tenant topologies.
Runs on both Kubernetes and Universal (VM / Bare metal) environments.
Enterprise features like access control and advanced observability.

You can manage your mesh environments using the Konnect Mesh GUI.

Learn

Why use a service mesh?

Overview of service mesh concepts and how Kong Mesh simplifies secure and reliable service-to-service communication using sidecar proxies and a Control Plane.

Learn more →

Kong Mesh concepts

Understand the core concepts of Kong Mesh, including the Control Plane, Data Plane proxies, inbounds and outbounds, and resources like policies.

Learn more →

Kong Mesh architecture

Understand the architecture of a Kong Mesh mesh, including Control and Data Plane components, Kubernetes and Universal modes, and how Services integrate into the mesh.

Learn more →

Get started

Recommended

Managed Global Control Plane

Use Konnect to host and manage you Mesh Global Control Plane. Your Data Plane can be deployed on Kubernetes, Virtual Machines or Bare Metal.

See the quickstart →

Self hosted Control Plane

Deploy and manage the Control plane and Data plane on your Kubernetes, Virtual Machines or Bare Metal infrastructure.

See the quickstart →

Next steps

Deployment types

You can deploy Kong Mesh in a single zone or across multiple zones, such as data centers, Kubernetes clusters, or cloud regions - giving you unified control over all your services.

Single Zone → Multi Zone →

Control service traffic

Enforce service-to-service communication with fine-grained policies for access control, mutual TLS, traffic permissions, and L4/L7 routing. Ensuring secure and compliant traffic flows across your mesh.

Mesh Traffic Permission → Mesh HTTP Route → Mesh TCP Route →

Service reliability

Improve service reliability with built-in policies for health checks, circuit breakers, timeouts, and outlier detection. Automatically prevent unhealthy or overloaded services from impacting the rest of your mesh.

Mesh Health Check → Mesh Retry → Mesh Circuit Breaker →

Observability

Monitor service to service communication using Prometheus and/or OpenTelemetry.

Introduction → OpenTelemetry configuration →

Multi tenant Mesh

Creating multiple isolated service meshes within the same Kong Mesh cluster.

Learn more →

Configure ingress traffic

Configure ingress (north / south traffic into your Mesh) using built-in or Kong gateway.

Learn more →

Security and access

Configure Mutual TLS

Enables automatic encrypted mTLS traffic for all the services in a Mesh, as well as assigning an identity to every data plane proxy.

View the reference →

Kong Mesh audit logs

Track all user and system actions in Kong Mesh using the AccessAudit resource and configurable backends.

View the reference →

Kong Mesh RBAC

Use AccessRole and AccessRoleBinding resources in Kong Mesh to implement fine-grained, role-based access to policies and actions.

View the reference →

Secure access between Mesh components

Learn how secure access is provided across a Kong Mesh deployment.

View the reference →

Key references

Policy Hub

Kong Mesh policies are bundled features for your service traffic and network configuration.

Learn about policies → See all policies →

Kong Mesh requirements and performance

See the different requirements to deploy Kong Mesh as well as managing performance and resource requirements

View the requirements → Kubernetes sidecar resources → Performance tuning →

Use Kong Mesh CLI and API

Access Kong Mesh via GUI, HTTP API, kubectl, or kumactl in Kubernetes or Universal environments. Understand available permissions and Control Plane ports.

Learn more → Kuma Control Plane CLI options →