MeshGatewayInstance

MeshGatewayInstance is a Kubernetes-only resource for deploying Kuma’s builtin gateway.

MeshGateway and MeshGatewayRoute allow specifying builtin gateway listener and route configuration but don’t handle deploying kuma-dp instances that listen and serve traffic.

Kuma offers MeshGatewayInstance to manage a Kubernetes Deployment and Service that together provide service capacity for the MeshGateway with the matching kuma.io/service tag.

Consider the following example:

  1. apiVersion: kuma.io/v1alpha1
  2. kind: MeshGatewayInstance
  3. metadata:
  4.   name: edge-gateway
  5.   namespace: default
  6. spec:
  7.   replicas: 2
  8.   serviceType: LoadBalancer
  9.   tags:
  10.     kuma.io/service: edge-gateway

Once a MeshGateway exists with kuma.io/service: edge-gateway, the control plane creates a new Deployment in the default namespace. This Deployment deploys 2 replicas of kuma-dp and corresponding builtin gateway Dataplane running with kuma.io/service: edge-gateway. The control plane also creates a new Service to send network traffic to the builtin Dataplane pods. The Service is of type LoadBalancer, and its ports are automatically adjusted to match the listeners on the corresponding MeshGateway.

If you’re not using the default Mesh, you’ll need to label the MeshGatewayInstance using kuma.io/mesh.

Customization

Additional customization of the generated Service or Pods is possible via spec.serviceTemplate and spec.podTemplate. For example, you can add annotations and/or labels to the generated objects:

  1. spec:
  2.   replicas: 1
  3.   serviceType: LoadBalancer
  4.   tags:
  5.     kuma.io/service: edge-gateway
  6.   resources:
  7.     limits: ...
  8.     requests: ...
  9.   serviceTemplate:
  10.     metadata:
  11.       annotations:
  12.         service.beta.kubernetes.io/aws-load-balancer-internal: "true"
  13.     spec:
  14.       loadBalancerIP: ...
  15.   podTemplate:
  16.     metadata:
  17.       labels:
  18.         app-name: my-app
  19.         ...

You can also modify several security-related parameters for the generated Pods or specify a loadBalancerIP for the Service:

  1. spec:
  2.   replicas: 1
  3.   serviceType: LoadBalancer
  4.   tags:
  5.     kuma.io/service: edge-gateway
  6.   resources:
  7.     limits: ...
  8.     requests: ...
  9.   serviceTemplate:
  10.     metadata:
  11.       labels:
  12.         svc-id: "19-001"
  13.     spec:
  14.       loadBalancerIP: ...
  15.   podTemplate:
  16.     metadata:
  17.       annotations:
  18.         app-monitor: "false"
  19.     spec:
  20.       serviceAccountName: my-sa
  21.       securityContext:
  22.         fsGroup: ...
  23.       container:
  24.         securityContext:
  25.           readOnlyRootFilesystem: true

Schema