HTTP API
Kuma ships with a RESTful HTTP interface that you can use to retrieve the state of your configuration and policies on every environment, and when running on Universal mode it will also allow to make changes to the state. On Kubernetes, you will use native CRDs to change the state in order to be consistent with Kubernetes best practices.
CI/CD: The HTTP API can be used for infrastructure automation to either retrieve data, or to make changes when running in Universal mode. The kumactl CLI is built on top of the HTTP API, which you can also access with any other HTTP client like curl.
By default the API Server is listening on port 5681 (HTTP) and on 5682 (HTTPS). The endpoints available are:
/config/versions/meshes/mesh-insights/mesh-insights/{name}/dataplanes/dataplanes+insights/health-checks/proxytemplates/traffic-logs/traffic-permissions/traffic-routes/fault-injections/service-insights/retries/secrets/global-secrets/global-secrets/{name}/meshes/{name}/meshes/{mesh}/dataplanes/meshes/{mesh}/dataplanes/{name}/meshes/{mesh}/dataplanes/{name}/policies/meshes/{mesh}/dataplanes/{name}/rules/meshes/{mesh}/dataplanes/{name}/xds/zoneingresses/{name}/xds/zoneegresses/{name}/xds/meshes/{mesh}/dataplanes+insights/meshes/{mesh}/dataplanes+insights/{name}/meshes/{mesh}/health-checks/meshes/{mesh}/health-checks/{name}/meshes/{mesh}/proxytemplates/meshes/{mesh}/proxytemplates/{name}/meshes/{mesh}/traffic-logs/meshes/{mesh}/traffic-logs/{name}/meshes/{mesh}/traffic-permissions/meshes/{mesh}/traffic-permissions/{name}/meshes/{mesh}/traffic-routes/meshes/{mesh}/traffic-routes/{name}/meshes/{mesh}/fault-injections/meshes/{mesh}/fault-injections/{name}/meshes/{mesh}/{policy-type}/{policy-name}/dataplanes/meshes/{mesh}/meshgateways/{gateway-name}/dataplanes/meshes/{mesh}/external-services/meshes/{mesh}/external-services/{name}/meshes/{mesh}/service-insights/meshes/{mesh}/service-insights/{name}/meshes/{mesh}/retries/meshes/{mesh}/retries/{name}/meshes/{mesh}/secrets/meshes/{mesh}/secrets/{name}/status/zones/tokens/dataplane/tokens/zone-ingress/zones/zones/{name}/zones+insights/zones+insights/{name}/zone-ingresses/zone-ingresses/{name}/zoneingresses+insights/zoneingresses+insights/{name}/zoneegresses/zoneegresses/{name}/zoneegressoverviews/zoneegressoverviews/{name}/global-insights/policies
You can use GET requests to retrieve the state of Kuma on both Universal and Kubernetes, and PUT and DELETE requests on Universal to change the state.
Every resource list in Kuma is paginated. To use pagination, you can use following query parameters:
size - size of the page (default - 100, maximum value - 1000).offset - offset from which the page will be listed. The offset is a string, it does not have to be a number (it depends on the environment).
A response with a pagination contains next field with URL to fetch the next page. Example:
If next field is null there is no more pages to fetch.
Control Plane configuration
Get effective configuration of the Control Plane
Request: GET /config
Response: 200 OK with the effective configuration of the Control Plane (notice that secrets, such as database passwords, will never appear in the response)
Example:
{
"adminServer": {
"apis": {
"dataplaneToken": {
"enabled": true
}
},
"local": {
"port": 5679
},
"public": {
"clientCertsDir": "/etc/kuma.io/kuma-cp/admin-api/tls/allowed-client-certs.d",
"enabled": true,
"interface": "0.0.0.0",
"port": 5684,
"tlsCertFile": "/etc/kuma.io/kuma-cp/admin-api/tls/server.cert",
"tlsKeyFile": "/etc/kuma.io/kuma-cp/admin-api/tls/server.key"
}
},
"apiServer": {
"corsAllowedDomains": [
".*"
],
"port": 5681,
"readOnly": false
},
"bootstrapServer": {
"params": {
"adminAccessLogPath": "/dev/null",
"adminAddress": "127.0.0.1",
"adminPort": 0,
"xdsConnectTimeout": "1s",
"xdsHost": "kuma-control-plane.internal",
"xdsPort": 5678
},
"port": 5682
},
"dataplaneTokenServer": {
"enabled": true,
"local": {
"port": 5679
},
"public": {
"clientCertsDir": "/etc/kuma.io/kuma-cp/admin-api/tls/allowed-client-certs.d",
"enabled": true,
"interface": "0.0.0.0",
"port": 5684,
"tlsCertFile": "/etc/kuma.io/kuma-cp/admin-api/tls/server.cert",
"tlsKeyFile": "/etc/kuma.io/kuma-cp/admin-api/tls/server.key"
}
},
"defaults": {
"mesh": "type: Mesh\nname: default"
},
"discovery": {
"universal": {
"pollingInterval": "1s"
}
},
"environment": "universal",
"general": {
"advertisedHostname": "kuma-control-plane.internal"
},
"guiServer": {
},
"monitoringAssignmentServer": {
"assignmentRefreshInterval": "1s",
"grpcPort": 5676
},
"reports": {
"enabled": true
},
"runtime": {
"kubernetes": {
"admissionServer": {
"address": "",
"certDir": "",
"port": 5443
}
}
},
"sdsServer": {
"grpcPort": 5677,
"tlsCertFile": "/tmp/117637813.crt",
"tlsKeyFile": "/tmp/240596112.key"
},
"store": {
"kubernetes": {
"systemNamespace": "kuma-system"
},
"postgres": {
"connectionTimeout": 5,
"dbName": "kuma",
"host": "127.0.0.1",
"password": "*****",
"port": 15432,
"user": "kuma"
},
"type": "memory"
},
"xdsServer": {
"dataplaneConfigurationRefreshInterval": "1s",
"dataplaneStatusFlushInterval": "1s",
"diagnosticsPort": 5680,
"grpcPort": 5678
}
}
Supported Envoy versions
List supported Envoy versions
Request: GET /versions
Response: 200 OK with versions of Envoy supported by Kuma DPs
Example:
Meshes
Get Mesh
Request: GET /meshes/{name}
Response: 200 OK with Mesh entity
Example:
Create/Update Mesh
Request: PUT /meshes/{name} with Mesh entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Meshes
Request: GET /meshes
Response: 200 OK with body of Mesh entities
Example:
Delete Mesh
Request: DELETE /meshes/{name}
Response: 200 OK
Example:
Mesh Insights
Get Mesh Insights
Request: GET /mesh-insights/{name}
Response: 200 OK with MeshInsight entity
Example:
{
"type": "MeshInsight",
"name": "default",
"creationTime": "2020-11-17T08:10:24.886346Z",
"modificationTime": "2020-11-17T19:21:39.912878Z",
"lastSync": "2020-11-17T12:21:39.912877Z",
"dataplanes": {
"total": 4,
"offline": 2,
"partiallyDegraded": 2
},
"dataplanesByType": {
"standard": {
"total": 2,
"offline": 1,
"partiallyDegraded": 1
},
"gateway": {
"total": 2,
"offline": 1,
"partiallyDegraded": 1
}
},
"policies": {
"Secret": {
"total": 1
},
"TrafficPermission": {
"total": 1
},
"TrafficRoute": {
"total": 1
}
},
"dpVersions": {
"kumaDp": {
"1.0.0-rc2-119-g50e35395": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
},
"1.0.4": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
},
"unknown": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
},
"envoy": {
"1.15.0": {
"total": 2,
"online": 2,
"partiallyDegraded": 1
},
"unknown": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
}
},
"mTLS": {
"issuedBackends": {
"ca-1": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
},
"supportedBackends": {
"ca-1": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
}
},
"services": {
"total": 3,
"internal": 2,
"external": 1
}
}
List Mesh Insights
Request: GET /mesh-insights
Response: 200 OK with body of Mesh Insight entities
Example:
{
"total": 2,
"items": [
{
"type": "MeshInsight",
"name": "default",
"creationTime": "0001-01-01T00:00:00Z",
"modificationTime": "0001-01-01T00:00:00Z",
"lastSync": "2020-11-17T12:24:11.905350Z",
"dataplanes": {
"total": 4,
"offline": 2,
"partiallyDegraded": 2
},
"dataplanesByType": {
"standard": {
"total": 2,
"offline": 1,
"partiallyDegraded": 1
},
"gateway": {
"total": 2,
"offline": 1,
"partiallyDegraded": 1
}
},
"policies": {
"Secret": {
"total": 1
},
"TrafficPermission": {
"total": 1
},
"TrafficRoute": {
"total": 1
}
},
"dpVersions": {
"kumaDp": {
"1.0.0-rc2-119-g50e35395": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
},
"1.0.4": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
},
"unknown": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
},
"envoy": {
"1.15.0": {
"total": 2,
"online": 2,
"partiallyDegraded": 1
},
"unknown": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
}
},
"mTLS": {
"issuedBackends": {
"ca-1": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
},
"supportedBackends": {
"ca-1": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
}
},
"services": {
"total": 3,
"internal": 2,
"external": 1
}
},
{
"type": "MeshInsight",
"name": "mymesh1",
"creationTime": "0001-01-01T00:00:00Z",
"modificationTime": "0001-01-01T00:00:00Z",
"lastSync": "2020-11-17T12:24:11.941534Z",
"dataplanes": {
"total": 4,
"offline": 2,
"partiallyDegraded": 2
},
"dataplanesByType": {
"standard": {
"total": 2,
"offline": 1,
"partiallyDegraded": 1
},
"gateway": {
"total": 2,
"offline": 1,
"partiallyDegraded": 1
}
},
"policies": {
"Secret": {
"total": 1
},
"TrafficPermission": {
"total": 1
},
"TrafficRoute": {
"total": 1
}
},
"dpVersions": {
"kumaDp": {
"1.0.0-rc2-119-g50e35395": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
},
"1.0.4": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
},
"unknown": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
},
"envoy": {
"1.15.0": {
"total": 2,
"online": 2,
"partiallyDegraded": 1
},
"unknown": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
}
},
"mTLS": {
"issuedBackends": {
"ca-1": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
},
"supportedBackends": {
"ca-1": {
"total": 1,
"online": 1,
"partiallyDegraded": 1
}
}
},
"services": {
"total": 3,
"internal": 2,
"external": 1
}
}
],
"next": null
}
Dataplanes
Get Dataplane
Request: GET /meshes/{mesh}/dataplanes/{name}
Response: 200 OK with Mesh entity
Example:
Create/Update Dataplane
Request: PUT /meshes/{mesh}/dataplanes/{name} with Dataplane entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Dataplanes
Request: GET /meshes/{mesh}/dataplanes
Response: 200 OK with body of Dataplane entities
Example:
Delete Dataplane
Request: DELETE /meshes/{mesh}/dataplanes/{name}
Response: 200 OK
Example:
Dataplane Overviews
Get Dataplane Overview
Request: GET /meshes/{mesh}/dataplane+insights/{name}
Response: 200 OK with Dataplane entity including insight
Example:
List Dataplane Overviews
Request: GET /meshes/{mesh}/dataplane+insights/
Response: 200 OK with Dataplane entities including insight
Example:
Health Check
Get Health Check
Request: GET /meshes/{mesh}/health-checks/{name}
Response: 200 OK with Health Check entity
Example:
Create/Update Health Check
Request: PUT /meshes/{mesh}/health-checks/{name} with Health Check entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Health Checks
Request: GET /meshes/{mesh}/health-checks
Response: 200 OK with body of Health Check entities
Example:
Delete Health Check
Request: DELETE /meshes/{mesh}/health-checks/{name}
Response: 200 OK
Example:
Proxy Template
Get Proxy Template
Request: GET /meshes/{mesh}/proxytemplates/{name}
Response: 200 OK with Proxy Template entity
Example:
Create/Update Proxy Template
Request: PUT /meshes/{mesh}/proxytemplates/{name} with Proxy Template entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Proxy Templates
Request: GET /meshes/{mesh}/proxytemplates
Response: 200 OK with body of Proxy Template entities
Example:
Delete Proxy Template
Request: DELETE /meshes/{mesh}/proxytemplates/{name}
Response: 200 OK
Example:
Traffic Permission
Get Traffic Permission
Request: GET /meshes/{mesh}/traffic-permissions/{name}
Response: 200 OK with Traffic Permission entity
Example:
Create/Update Traffic Permission
Request: PUT /meshes/{mesh}/trafficpermissions/{name} with Traffic Permission entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Traffic Permissions
Request: GET /meshes/{mesh}/traffic-permissions
Response: 200 OK with body of Traffic Permission entities
Example:
Delete Traffic Permission
Request: DELETE /meshes/{mesh}/traffic-permissions/{name}
Response: 200 OK
Example:
Traffic Log
Get Traffic Log
Request: GET /meshes/{mesh}/traffic-logs/{name}
Response: 200 OK with Traffic Log entity
Example:
Create/Update Traffic Log
Request: PUT /meshes/{mesh}/traffic-logs/{name} with Traffic Log entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Traffic Logs
Request: GET /meshes/{mesh}/traffic-logs
Response: 200 OK with body of Traffic Log entities
Example:
Delete Traffic Log
Request: DELETE /meshes/{mesh}/traffic-logs/{name}
Response: 200 OK
Example:
Traffic Route
Get Traffic Route
Request: GET /meshes/{mesh}/traffic-routes/{name}
Response: 200 OK with Traffic Route entity
Example:
Create/Update Traffic Route
Request: PUT /meshes/{mesh}/traffic-routes/{name} with Traffic Route entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Traffic Routes
Request: GET /meshes/{mesh}/traffic-routes
Response: 200 OK with body of Traffic Route entities
Example:
Delete Traffic Route
Request: DELETE /meshes/{mesh}/traffic-routes/{name}
Response: 200 OK
Example:
Traffic Trace
Get Traffic Trace
Request: GET /meshes/{mesh}/traffic-traces/{name}
Response: 200 OK with Traffic Trace entity
Example:
Create/Update Traffic Trace
Request: PUT /meshes/{mesh}/traffic-traces/{name} with Traffic Trace entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Traffic Traces
Request: GET /meshes/{mesh}/traffic-traces
Response: 200 OK with body of Traffic Trace entities
Example:
Delete Traffic Trace
Request: DELETE /meshes/{mesh}/traffic-traces/{name}
Response: 200 OK
Example:
Fault Injection
Get Fault Injection
Request: GET /meshes/{mesh}/fault-injections/{name}
Response: 200 OK with Fault Injection entity
Example:
Create/Update Fault Injection
Request: PUT /meshes/{mesh}/fault-injections/{name} with Fault Injection entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Fault Injections
Request: GET /meshes/{mesh}/fault-injections
Response: 200 OK with body of Fault Injection entities
Example:
Delete Fault Injection
Request: DELETE /meshes/{mesh}/fault-injections/{name}
Response: 200 OK
Example:
The kumactl CLI under the hood makes HTTP requests to this API.
Retry
Get Retry
Request: GET /meshes/{mesh}/retries/{name}
Response: 200 OK with Retry entity
Example:
Create/Update Retry
Request: PUT /meshes/{mesh}/retries/{name} with Retry entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Retries
Request: GET /meshes/{mesh}/retries
Response: 200 OK with body of Retry entities
Example:
Delete Retry
Request: DELETE /meshes/{mesh}/retries/{name}
Response: 200 OK
Example:
The kumactl CLI under the hood makes HTTP requests to this API.
Timeout
Get Timeout
Request: GET /meshes/{mesh}/timeouts/{name}
Response: 200 OK with Timeout entity
Example:
Create/Update Timeout
Request: PUT /meshes/{mesh}/timeouts/{name} with Timeout entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Timeouts
Request: GET /meshes/{mesh}/retries
Response: 200 OK with body of Timeout entities
Example:
Delete Timeout
Request: DELETE /meshes/{mesh}/timeouts/{name}
Response: 200 OK
Example:
The kumactl CLI under the hood makes HTTP requests to this API.
Zones
Get Zone
Request: GET /zones/{name}
Response: 200 OK with Zone entity
Example:
Create/Update Zone
Request: PUT /zones/{name} with Zone entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Zones
Request: GET /zones
Response: 200 OK with body of Zone entities
Example:
Delete Zone
Request: DELETE /zones/{name}
Response: 200 OK
Example:
Zone Overview
Get Zone Overview
Request: GET /zones+insights/{name}
Response: 200 OK with Zone entity including insight
Example:
{
"type": "ZoneOverview",
"mesh": "default",
"name": "cluster-1",
"creationTime": "2020-07-28T23:08:22.317322+07:00",
"modificationTime": "2020-07-28T23:08:22.317322+07:00",
"zone": {
"enabled": true
},
"zoneInsight": {
"subscriptions": [
{
"config": "\"whole /config from zone\"",
"id": "466aa63b-70e8-4435-8bee-a7146e2cdf11",
"globalInstanceId": "66309679-ee95-4ea8-b17f-c715ca03bb38",
"connectTime": "2020-07-28T16:08:09.743141Z",
"disconnectTime": "2020-07-28T16:08:09.743194Z",
"status": {
"total": {}
},
"version": {
"kumaCp": {
"version": "1.2.0-rc2-211-g823fe8ce",
"gitTag": "1.0.0-rc2-211-g823fe8ce",
"gitCommit": "823fe8cef6430a8f75e72a7224eb5a8ab571ec42",
"buildDate": "2021-02-18T13:22:30Z"
}
}
},
{
"config": "\"whole /config from zone\"",
"id": "f586f89c-2c4e-4f93-9a56-f0ea2ff010b7",
"globalInstanceId": "66309679-ee95-4ea8-b17f-c715ca03bb38",
"connectTime": "2020-07-28T16:08:24.760801Z",
"status": {
"lastUpdateTime": "2020-07-28T16:08:25.770774Z",
"total": {
"responsesSent": "11",
"responsesAcknowledged": "11"
},
"stat": {
"CircuitBreaker": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"Dataplane": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"FaultInjection": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"HealthCheck": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"Mesh": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"ProxyTemplate": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"Secret": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficLog": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficPermission": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficRoute": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficTrace": {
"responsesSent": "1",
"responsesAcknowledged": "1"
}
}
}
}
]
}
}
List Zone Overview
Request: GET /zones+insights
Response: 200 OK with Zone entities including insight
Example:
{
"total": 1,
"items": [
{
"type": "ZoneOverview",
"mesh": "default",
"name": "cluster-1",
"creationTime": "2020-07-28T23:08:22.317322+07:00",
"modificationTime": "2020-07-28T23:08:22.317322+07:00",
"zone": {
"enabled": true
},
"zoneInsight": {
"subscriptions": [
{
"config": "\"whole /config from zone\"",
"id": "466aa63b-70e8-4435-8bee-a7146e2cdf11",
"globalInstanceId": "66309679-ee95-4ea8-b17f-c715ca03bb38",
"connectTime": "2020-07-28T16:08:09.743141Z",
"disconnectTime": "2020-07-28T16:08:09.743194Z",
"status": {
"total": {}
},
"version": {
"kumaCp": {
"version": "1.2.0-rc2-211-g823fe8ce",
"gitTag": "1.0.0-rc2-211-g823fe8ce",
"gitCommit": "823fe8cef6430a8f75e72a7224eb5a8ab571ec42",
"buildDate": "2021-02-18T13:22:30Z"
}
}
},
{
"config": "\"whole /config from zone\"",
"id": "f586f89c-2c4e-4f93-9a56-f0ea2ff010b7",
"globalInstanceId": "66309679-ee95-4ea8-b17f-c715ca03bb38",
"connectTime": "2020-07-28T16:08:24.760801Z",
"status": {
"lastUpdateTime": "2020-07-28T16:08:25.770774Z",
"total": {
"responsesSent": "11",
"responsesAcknowledged": "11"
},
"stat": {
"CircuitBreaker": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"Dataplane": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"FaultInjection": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"HealthCheck": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"Mesh": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"ProxyTemplate": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"Secret": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficLog": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficPermission": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficRoute": {
"responsesSent": "1",
"responsesAcknowledged": "1"
},
"TrafficTrace": {
"responsesSent": "1",
"responsesAcknowledged": "1"
}
}
},
"version": {
"kumaCp": {
"version": "1.2.0-rc2-211-g823fe8ce",
"gitTag": "1.0.0-rc2-211-g823fe8ce",
"gitCommit": "823fe8cef6430a8f75e72a7224eb5a8ab571ec42",
"buildDate": "2021-02-18T13:22:30Z"
}
}
}
]
}
}
],
"next": null
}
Zone Ingresses
List Zone Ingresses
Request: GET /zone-ingresses
Response: 200 OK with ZoneIngresses entities
Example:
{
"total": 2,
"items": [
{
"type": "ZoneIngress",
"name": "zi-1",
"creationTime": "2022-04-01T18:33:41Z",
"modificationTime": "2022-04-01T18:33:41Z",
"zone": "kuma-4",
"networking": {
"address": "192.168.64.9",
"advertisedAddress": "192.168.64.9",
"port": 30685,
"advertisedPort": 30685
},
"availableServices": [
{
"tags": {
"kuma.io/service": "zone4-demo-client",
"kuma.io/zone": "kuma-4",
"team": "client-owners"
},
"instances": 1,
"mesh": "default"
},
{
"tags": {
"kuma.io/protocol": "http",
"kuma.io/service": "external-service-in-zone4",
"kuma.io/zone": "kuma-4",
"mesh": "default"
},
"instances": 1,
"mesh": "default",
"externalService": true
}
]
},
{
"type": "ZoneIngress",
"name": "zi-2",
"creationTime": "2022-04-01T18:33:15Z",
"modificationTime": "2022-04-01T18:33:15Z",
"networking": {
"address": "10.42.0.6",
"advertisedAddress": "192.168.64.4",
"port": 10001,
"advertisedPort": 31882
},
"availableServices": [
{
"tags": {
"app": "demo-client",
"k8s.kuma.io/namespace": "kuma-test",
"kuma.io/instance": "demo-client-6794456845-fr4gf",
"kuma.io/protocol": "tcp",
"kuma.io/service": "demo-client_kuma-test_svc",
"kuma.io/zone": "kuma-1-zone",
"pod-template-hash": "6794456845"
},
"instances": 1,
"mesh": "default"
},
{
"tags": {
"kuma.io/protocol": "http",
"kuma.io/service": "external-service-in-zone1",
"kuma.io/zone": "kuma-1-zone",
"mesh": "default"
},
"instances": 1,
"mesh": "default",
"externalService": true
}
]
}
],
"next": null
}
Get Zone Ingress
Request: GET /zone-ingress/{name}
Response: 200 OK with ZoneIngress entity
Example:
Zone Ingress Overviews
List Zone Ingress Overviews
Request: GET /zoneingresses+insights
Response: 200 OK with ZoneIngressOverview entities (which are combination of
ZoneIngress and ZoneIngressInsight entities)
Example:
{
"total": 2,
"items": [
{
"type": "ZoneIngressOverview",
"name": "zi-1",
"creationTime": "2022-04-01T19:45:11Z",
"modificationTime": "2022-04-01T19:45:11Z",
"zoneIngress": {
"zone": "kuma-4",
"networking": {
"address": "192.168.64.9",
"advertisedAddress": "192.168.64.9",
"port": 30685,
"advertisedPort": 30685
},
"availableServices": [
{
"tags": {
"kuma.io/service": "zone4-demo-client",
"kuma.io/zone": "kuma-4",
"team": "client-owners"
},
"instances": 1,
"mesh": "default"
},
{
"tags": {
"kuma.io/protocol": "http",
"kuma.io/service": "external-service-in-zone4",
"kuma.io/zone": "kuma-4",
"mesh": "default"
},
"instances": 1,
"mesh": "default",
"externalService": true
}
]
}
},
{
"type": "ZoneIngressOverview",
"name": "zi-2",
"creationTime": "2022-04-01T19:44:46Z",
"modificationTime": "2022-04-01T19:44:46Z",
"zoneIngress": {
"networking": {
"address": "10.42.0.6",
"advertisedAddress": "192.168.64.2",
"port": 10001,
"advertisedPort": 30103
},
"availableServices": [
{
"tags": {
"app": "demo-client",
"k8s.kuma.io/namespace": "kuma-test",
"kuma.io/instance": "demo-client-59ff94f647-8wqw7",
"kuma.io/protocol": "tcp",
"kuma.io/service": "demo-client_kuma-test_svc",
"kuma.io/zone": "kuma-1-zone",
"pod-template-hash": "59ff94f647"
},
"instances": 1,
"mesh": "default"
},
{
"tags": {
"kuma.io/protocol": "http",
"kuma.io/service": "external-service-in-zone1",
"kuma.io/zone": "kuma-1-zone",
"mesh": "default"
},
"instances": 1,
"mesh": "default",
"externalService": true
}
]
},
"zoneIngressInsight": {
"subscriptions": [
{
"id": "e92113b3-f01c-43cf-a21e-2b7064eb5bf8",
"controlPlaneInstanceId": "kuma-control-plane-7cc9ffd8f9-s79r8-5b83",
"connectTime": "2022-04-01T19:44:52.306011636Z",
"status": {
"lastUpdateTime": "2022-04-01T19:45:14.389007660Z",
"total": {
"responsesSent": "8",
"responsesAcknowledged": "9"
},
"cds": {
"responsesSent": "3",
"responsesAcknowledged": "3"
},
"eds": {
"responsesSent": "2",
"responsesAcknowledged": "3"
},
"lds": {
"responsesSent": "3",
"responsesAcknowledged": "3"
},
"rds": {}
},
"version": {
"kumaDp": {
"version": "dev-d66126389",
"gitTag": "1.5.0-rc1-156-gd66126389",
"gitCommit": "d66126389d1842fb459b4db399e2db82781527bf",
"buildDate": "2022-04-01T19:43:19Z"
},
"envoy": {
"version": "1.21.1",
"build": "af50070ee60866874b0a9383daf9364e884ded22/1.21.1/Clean/RELEASE/BoringSSL",
"kumaDpCompatible": true
}
},
"generation": 18
}
]
}
}
],
"next": null
}
Get Zone Ingress Overview
Request: GET /zoneingresses+insights/{name}
Response: 200 OK with ZoneIngressOverview entity (which is a combination of
ZoneIngress and ZoneIngressInsight entities)
Example:
Zone Egresses
List Zone Egresses
Request: GET /zoneegresses
Response: 200 OK with ZoneEgress entities
Example:
Get Zone Egress
Request: GET /zoneegresses/{name}
Response: 200 OK with ZoneEgress entity
Example:
Zone Egress Overviews
List Zone Egress Overviews
Request: GET /zoneegressoverviews
Response: 200 OK with ZoneEgressOverview entities (which are combination of
ZoneEgress and ZoneEgressInsight entities)
Example:
{
"total": 2,
"items": [
{
"type": "ZoneEgressOverview",
"name": "kuma-1-zone.kuma-egress-6f7c8bbcc9-rzxnw.kuma-system",
"creationTime": "2022-02-18T13:39:39Z",
"modificationTime": "2022-02-18T13:39:39Z",
"zoneEgress": {
"zone": "kuma-1-zone",
"networking": {
"address": "10.42.0.6",
"port": 10002
}
},
"zoneEgressInsight": {
"subscriptions": [
{
"id": "bb56359c-5b1c-4a9e-af3f-0982e1f37b74",
"controlPlaneInstanceId": "kuma-control-plane-b799fb878-w2d9l-97fb",
"connectTime": "2022-02-18T13:39:48.312313103Z",
"status": {
"lastUpdateTime": "2022-02-18T13:40:41.338203595Z",
"total": {
"responsesSent": "11",
"responsesAcknowledged": "13"
},
"cds": {
"responsesSent": "4",
"responsesAcknowledged": "4"
},
"eds": {
"responsesSent": "3",
"responsesAcknowledged": "5"
},
"lds": {
"responsesSent": "4",
"responsesAcknowledged": "4"
},
"rds": {}
},
"version": {
"kumaDp": {
"version": "dev-60984ad8d",
"gitTag": "1.5.0-rc1-18-g60984ad8d",
"gitCommit": "60984ad8d66a59b269b3493172a6a22edc310515",
"buildDate": "2022-02-18T13:38:45Z"
},
"envoy": {
"version": "1.21.0",
"build": "a9d72603c68da3a10a1c0d021d01c7877e6f2a30/1.21.0/Clean/RELEASE/BoringSSL"
}
}
}
]
}
},
{
"type": "ZoneEgressOverview",
"name": "kuma-3.egress",
"creationTime": "2022-02-18T13:40:30.086380212Z",
"modificationTime": "2022-02-18T13:40:30.086380212Z",
"zoneEgress": {
"zone": "kuma-3",
"networking": {
"address": "172.21.0.11",
"port": 30685
}
},
"zoneEgressInsight": {
"subscriptions": [
{
"id": "9f3766b3-f560-422f-b2ab-d8276f67d6d0",
"controlPlaneInstanceId": "69150c6bc245-f8ba",
"connectTime": "2022-02-18T13:40:30.084188804Z",
"status": {
"lastUpdateTime": "2022-02-18T13:40:39.129293439Z",
"total": {
"responsesSent": "6",
"responsesAcknowledged": "7"
},
"cds": {
"responsesSent": "2",
"responsesAcknowledged": "2"
},
"eds": {
"responsesSent": "2",
"responsesAcknowledged": "3"
},
"lds": {
"responsesSent": "2",
"responsesAcknowledged": "2"
},
"rds": {}
},
"version": {
"kumaDp": {
"version": "dev-60984ad8d",
"gitTag": "1.5.0-rc1-18-g60984ad8d",
"gitCommit": "60984ad8d66a59b269b3493172a6a22edc310515",
"buildDate": "2022-02-18T13:38:45Z"
},
"envoy": {
"version": "1.21.0",
"build": "a9d72603c68da3a10a1c0d021d01c7877e6f2a30/1.21.0/Clean/RELEASE/BoringSSL"
}
}
}
]
}
}
],
"next": null
}
Get Zone Egress Overview
Request: GET /zoneegressoverviews/{name}
Response: 200 OK with ZoneEgressOverview entity (which is a combination of
ZoneEgress and ZoneEgressInsight entities)
Example:
External Services
Get External Service
Request: GET /meshes/{mesh}/external-services/{name}
Response: 200 OK with External Service entity
Example:
Create/Update External Service
Request: PUT /meshes/{mesh}/external-services/{name} with External Service entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List External Services
Request: GET /external-services
Response: 200 OK with body of Zone entities
Example:
Delete External Services
Request: DELETE /meshes/{mesh}/external-services/{name}
Response: 200 OK
Example:
Service Insights
Get Service Insight
Request: GET /meshes/{mesh}/service-insights/{name}
Response: 200 OK with Service Insight entity
Example:
List Service Insights
Request: GET /service-insights
Response: 200 OK with body of Service Insights entities
Example:
Secrets
Get Secret
Request: GET /meshes/{mesh}/secrets/{name}
Response: 200 OK with Secret entity
Example:
Create/Update Secret
Request: PUT /meshes/{mesh}/secrets/{name} with Secret entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Secrets
Request: GET /meshes/{mesh}/secrets
Response: 200 OK with body of Secret entities
Example:
Delete Secret
Request: DELETE /meshes/{mesh}/secrets/{name}
Response: 200 OK
Example:
Global Secrets
Get Global Secret
Request: GET /global-secrets/{name}
Response: 200 OK with Global Secret entity
Example:
Create/Update Global Secret
Request: PUT /global-secrets/{name} with Global Secret entity in body
Response: 201 Created when the resource is created and 200 OK when it is updated
Example:
List Global Secrets
Request: GET /global-secrets
Response: 200 OK with body of Global Secret entities
Example:
Delete Global Secret
Request: DELETE /global-secrets/{name}
Response: 200 OK
Example:
Multi-zone
These APIs are available on the Global control plane, when running in a distributed multi-zone mode.
Zones status
Request: GET /status/zones
Response: 200 OK
Example:
Dataplane Proxy Tokens
Generate the data plane proxy tokens required for data plane proxy authentication.
For details, see data plane proxy authentication.
Generate dataplane proxy token
Request: PUT /tokens/dataplane with the following body:
Response: 200 OK
Example:
Zone Ingress Tokens
Generate token which zone ingress can use to authenticate itself.
For details, see zone ingress authentication.
Generate Zone Ingress Token
Example:
Global Insights
Get Global Insights
Request: GET /global-insights
Response: 200 OK with Global Insights entity
Example:
Inspect API
Get policies matched for the data plane proxy
Request: GET /meshes/{mesh}/dataplanes/{dataplane}/policies
Example:
MeshGateway-configured Dataplane example:
Get data plane proxies affected by policy
Request: GET /meshes/{mesh}/{policy-type}/{policy}/dataplanes
Example:
Request: GET /meshes/{mesh}/meshgateways/{meshgateway}/dataplanes
Example:
Get rule based view of policies matching dataplane proxy
Request: GET /meshes/{mesh}/dataplanes/{dataplane}/rules
Example:
Get envoy config dump for data plane proxy
Request: GET /meshes/{mesh}/dataplanes/{dataplane}/xds
Example:
Get envoy config dump for ZoneIngress
Request: GET /zoneingresses/{name}/xds
Example:
Get envoy config dump for ZoneEgress
Request: GET /zoneegresses/{name}/xds
Example:
Policies
Show all policies that are usable on the control plane
Request: GET /policies
Example:
{
"policies": [
{
"name": "CircuitBreaker",
"readOnly": false,
"path": "circuit-breakers",
"displayName": "Circuit Breakers"
},
{
"name": "ExternalService",
"readOnly": false,
"path": "external-services",
"displayName": "External Services"
},
{
"name": "FaultInjection",
"readOnly": false,
"path": "fault-injections",
"displayName": "Fault Injections"
},
{
"name": "HealthCheck",
"readOnly": false,
"path": "health-checks",
"displayName": "Health Checks"
},
{
"name": "MeshGateway",
"readOnly": false,
"path": "meshgateways",
"displayName": "Mesh Gateways"
},
{
"name": "MeshGatewayRoute",
"readOnly": false,
"path": "meshgatewayroutes",
"displayName": "Mesh Gateway Routes"
},
{
"name": "ProxyTemplate",
"readOnly": false,
"path": "proxytemplates",
"displayName": "Proxy Templates"
},
{
"name": "RateLimit",
"readOnly": false,
"path": "rate-limits",
"displayName": "Rate Limits"
},
{
"name": "Retry",
"readOnly": false,
"path": "retries",
"displayName": "Retries"
},
{
"name": "Timeout",
"readOnly": false,
"path": "timeouts",
"displayName": "Timeouts"
},
{
"name": "TrafficLog",
"readOnly": false,
"path": "traffic-logs",
"displayName": "Traffic Logs"
},
{
"name": "TrafficPermission",
"readOnly": false,
"path": "traffic-permissions",
"displayName": "Traffic Permissions"
},
{
"name": "TrafficRoute",
"readOnly": false,
"path": "traffic-routes",
"displayName": "Traffic Routes"
},
{
"name": "TrafficTrace",
"readOnly": false,
"path": "traffic-traces",
"displayName": "Traffic Traces"
},
{
"name": "VirtualOutbound",
"readOnly": false,
"path": "virtual-outbounds",
"displayName": "Virtual Outbounds"
}
]
}
