Transparent sidecar proxies, automatic mutual TLS, intelligent traffic management, and deep observability for your microservices.
Everything you need to secure, observe, and control service-to-service communication.
Zero-config mutual TLS between all services. Built-in Certificate Authority with automatic rotation. SPIFFE identity for every workload.
Canary deployments, blue-green, A/B testing, traffic splitting, request mirroring. Route by headers, paths, and weights.
Distributed tracing with OpenTelemetry spans, per-service Prometheus metrics, structured access logs. Full request visibility.
Circuit breakers, retries with exponential backoff, timeouts, rate limiting. Prevent cascading failures automatically.
Fine-grained service-to-service authorization. Allow/deny rules by service, namespace, method, and path. Full audit logging.
Ingress gateway for external traffic with TLS termination. Egress gateway for outbound control. Host-based routing.
Inject delays, errors, and network partitions for chaos testing. Percentage-based activation with header matching.
Automatic service registration, health checking, and endpoint management. Watch-based change propagation.
Federate multiple clusters into a single mesh. Cross-cluster service discovery and traffic routing.
Control plane manages configuration. Data plane handles traffic.
┌─────────────────────────────────────┐
│ CONTROL PLANE │
│ ┌──────────┐ ┌──────────────────┐ │
│ │ Config │ │ Push Server │ │
│ │ Store │──│ (xDS Protocol) │ │
│ └──────────┘ └────────┬─────────┘ │
│ ┌──────────┐ │ │
│ │ Service │ ┌────────┴─────────┐ │
│ │ Registry │ │ Certificate Auth │ │
│ └──────────┘ └──────────────────┘ │
│ ┌──────────┐ ┌──────────────────┐ │
│ │ REST API │ │ Admin Dashboard │ │
│ │ :9298 │ │ :9299 │ │
│ └──────────┘ └──────────────────┘ │
└──────────┬──────────────────────────┘
│ Config Push
┌─────────────────────┼─────────────────────┐
▼ ▼ ▼
┌───────────────┐ ┌───────────────┐ ┌───────────────┐
│ Sidecar │ │ Sidecar │ │ Sidecar │
│ ┌───────────┐ │ │ ┌───────────┐ │ │ ┌───────────┐ │
│ │ Intercept │ │ │ │ Intercept │ │ │ │ Intercept │ │
│ │ mTLS │ │ │ │ mTLS │ │ │ │ mTLS │ │
│ │ Routing │ │ │ │ Routing │ │ │ │ Routing │ │
│ │ Metrics │ │ │ │ Metrics │ │ │ │ Metrics │ │
│ └───────────┘ │ │ └───────────┘ │ │ └───────────┘ │
│ ┌───────────┐ │ │ ┌───────────┐ │ │ ┌───────────┐ │
│ │ Service A │ │◄─►│ │ Service B │ │◄─►│ │ Service C │ │
│ └───────────┘ │ │ └───────────┘ │ │ └───────────┘ │
└───────────────┘ └───────────────┘ └───────────────┘
DATA PLANE DATA PLANE DATA PLANE
Manage your entire mesh from the command line with kmesh.
# Check mesh status $ kmesh status State: running Cluster: production Services: 12 Nodes: 24 # List services and their health $ kmesh services list NAME NAMESPACE INSTANCES HEALTHY PROTOCOL api-gateway default 3 3 HTTP user-service default 2 2 gRPC order-service default 3 2 HTTP payment-service default 2 0 HTTP # Create a canary deployment (10% to v2) $ kmesh traffic split create --service api --v1 90 --v2 10 Traffic split created: api (v1: 90%, v2: 10%) # Inject sidecar proxy into a service $ kmesh inject --service my-app --port 8080 Sidecar proxy configured mTLS certificates issued Service registered in mesh # View service topology graph $ kmesh graph
Install Koder Mesh in seconds.
curl -fsSL https://mesh.koder.dev/install.sh | sh
Or clone from source:
git clone https://flow.koder.dev/koder/koder-mesh.git