PickYourTechPickYourTech home
Kuma logo

Kuma

Universal Envoy-based service mesh for Kubernetes, VMs, and multi-zone

Service Mesh

Kuma delivers a turnkey, Envoy-powered service mesh that runs on Kubernetes, VMs, and bare metal, supporting single- and multi-zone deployments with built-in policies for security, traffic control, and observability.

Kuma banner

Overview

Overview

Kuma is an Envoy-powered service mesh designed for organizations that operate both modern containerized workloads and traditional services on VMs or bare metal. It delivers turnkey L4-L7 connectivity, automatic mTLS, traffic routing, fault injection, and full observability without requiring developers to embed mesh logic in their code. Built by the Envoy contributors at Kong, Kuma supports single-zone as well as multi-zone and multi-cluster topologies, enabling seamless communication across clouds, data centers, and hybrid environments.

Deployment

The universal control plane can be installed on Kubernetes clusters, virtual machines, or bare-metal servers, and it automatically injects Envoy sidecars where needed. Multi-mesh isolation and policy synchronization are handled out of the box, while the kumactl CLI and browser GUI simplify management. Kuma’s CRD-based configuration on Kubernetes and RESTful API for other runtimes allow integration with existing CI/CD pipelines, making it suitable for greenfield projects and legacy migrations alike.

Highlights

Universal control plane runs on Kubernetes, VMs, and bare metal
Automatic Envoy sidecar injection with no code changes
Built-in multi-mesh and multi-zone support with policy synchronization
Comprehensive traffic policies (mTLS, routing, fault injection, observability) out of the box

Pros

  • Easy to adopt with turnkey policies
  • Supports both container and traditional workloads
  • Scales across multiple zones and clouds
  • Rich observability integration (Prometheus, Grafana, tracing)

Considerations

  • Requires Envoy knowledge for deep customizations
  • Multi-mesh complexity may need careful planning
  • Enterprise features locked behind paid offering
  • CLI and GUI may add operational overhead

Managed products teams compare with

When teams consider Kuma, these hosted platforms usually appear on the same shortlist.

AWS App Mesh logo

AWS App Mesh

Managed service mesh that simplifies monitoring and controlling inter-service communication in microservices

Google Cloud Service Mesh logo

Google Cloud Service Mesh

Fully managed service mesh on Google Cloud for traffic management and observability

Tetrate Service Bridge logo

Tetrate Service Bridge

Enterprise service mesh management platform extending Istio across multi-cloud environments

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Enterprises needing a single mesh across Kubernetes and VMs
  • Teams wanting zero-trust mTLS without manual setup
  • Organizations with multi-region or multi-cloud deployments
  • Developers seeking built-in traffic routing and fault injection

Not ideal when

  • Small projects that only run on a single Kubernetes cluster
  • Teams that prefer a lightweight proxy without Envoy
  • Organizations without need for multi-mesh isolation
  • Users requiring only a service discovery tool without full mesh features

How teams use it

PCI-compliant regional routing

Ensures traffic from Swiss services stays within Switzerland, meeting compliance requirements.

Blue/green deployments

Dynamic load-balancing enables safe version rollouts and quick rollbacks.

Hybrid cloud connectivity

Links services across on-prem VMs and cloud Kubernetes clusters with seamless mesh communication.

Zero-trust security

Automatic mTLS encrypts all service-to-service communication, providing end-to-end security.

Tech snapshot

Go99%
Makefile1%
Shell1%
Mustache1%
JavaScript1%
HTML1%

Tags

controlplanekubernetescloud-nativeenvoyproxyservice-meshnetworkingcncfkumaapisconnectivitysidecar-proxymicroservicesenvoymeshgolangservicemeshcontrol-planekong

Frequently asked questions

What platforms does Kuma support?

Kuma runs on Kubernetes, virtual machines, bare metal and hybrid environments.

How does Kuma handle service discovery?

It provides built-in discovery and automatic Envoy bootstrapping for both container and VM workloads.

Is there a GUI?

Yes, Kuma includes a browser-based GUI for exploring meshes and policies.

What is the release cadence?

Kuma follows a 10-week minor release cycle.

Is enterprise support available?

Enterprise support and additional features are offered through Kuma’s commercial offerings.

Project at a glance

Active
Visit siteView repo
Stars
3,927
Watchers
3,927
Forks
354
LicenseApache-2.0
Repo age6 years old
Last commit6 hours ago
Primary languageGo

Last synced 4 hours ago