Protocol support in Kuma

    For http, grpc and kafka traffic Kuma provides deep insights down to application-level transactions, in the latter tcp case the observability is limited to connection-level statistics.

    So, as a user of Kuma, you’re highly encouraged to give it a hint whether your service supports http , grpc, kafka or not.

    By doing this,

    • you will get richer metrics with Traffic Metrics policy
    • you will get richer logs with policy

    E.g.,

    On Universal, to give Kuma a hint that your service supports the http protocol, you need to add a kuma.io/protocol tag to the inbound interface of your Dataplane.

    E.g.,

    1. type: Dataplane
    2. mesh: default
    3. name: web
    5.   inbound:
    6.   - port: 80
    7.     servicePort: 8080
    8.     tags:
    9.       kuma.io/protocol: http # let Kuma know that your service supports HTTP protocol

    TLS support

    Whenever a service already initiates a TLS request to another service - and is enabled - Kuma can enforce both TLS connections end-to-end as long as the service that is generating the TLS traffic is explicitly tagged with tcp protocol (ie: kuma.io/protocol: tcp).

    Effectively kuma-dp will send the raw original TLS request as-is to the final destination, while in the meanwhile it will be enforcing its own TLS connection (if is enabled). Hence, the traffic must be marked as being tcp, so kuma-dp won’t try to parse it.

    Note that in this case no advanced HTTP or GRPC statistics or logging are available. As a best practice - since Kuma will already secure the traffic across services via the mutual TLS policy - we suggest disabling TLS in the original services in order to get L7 metrics and capabilities.