Home / Kong Mesh
Edit
Report

Ingress traffic with Kong Mesh

Uses: Kong Mesh
Related Documentation
Mesh Documentation
Minimum Version
Kong Mesh - 2.6
Related Resources
Built-in gateways
Delegated gateways
Data plane proxy
Multi-zone deployment

Kong Mesh provides two methods to manage ingress traffic, also known as north/south traffic. Both use a gateway proxy that sits between external clients and your services in the mesh.

Gateways exist within a mesh. If you have multiple meshes, each mesh requires its own gateway. You can connect your meshes together using cross-mesh gateways.

The following diagrams show the difference between built-in and delegated gateway deployments. Solid lines represent traffic not managed by Kong Mesh; dashed lines represent mesh-managed traffic between data plane proxies.

Built-in gateway

Kong Gateway at the edge routes to built-in gateways running as Envoy proxies inside each service mesh.

 
flowchart LR
    CLIENT([Client])
    KGW[Kong Gateway]
    CLIENT --> KGW

    subgraph M1[Team 1 service mesh]
        BG1[Built-in gateway]
        subgraph sg1a[ ]
            direction LR
            S1[Service] --- D1[KUMA-DP]
            D1 <-.-> D2[KUMA-DP]
            D2 --- S2[Service]
        end
        subgraph sg1b[ ]
            direction LR
            S3[Service] --- D3[KUMA-DP]
            D3 <-.-> D4[KUMA-DP]
            D4 --- S4[Service]
        end
        BG1 -.-> D1 & D3
    end

    subgraph M2[Team 2 service mesh]
        BG2[Built-in gateway]
        subgraph sg2a[ ]
            direction LR
            S5[Service] --- D5[KUMA-DP]
            D5 <-.-> D6[KUMA-DP]
            D6 --- S6[Service]
        end
        subgraph sg2b[ ]
            direction LR
            S7[Service] --- D7[KUMA-DP]
            D7 <-.-> D8[KUMA-DP]
            D8 --- S8[Service]
        end
        BG2 -.-> D5 & D7
    end

    KGW --> BG1 & BG2
    BG1 <-.-> BG2
    
    linkStyle 0,1,3,4,6,9,11,12,14,17,18 stroke-width:2px!important,stroke:#86e2cc!important
    linkStyle 2,5,7,8,10,13,15,16,19 stroke-width:3px!important

Delegated gateway

Kong Gateway routes directly to delegated gateways that operate as data plane proxies inside each service mesh.

 
flowchart LR
    CLIENT([Client])
    KGW[Kong Gateway]
    CLIENT --> KGW

    subgraph M1[Team 1 service mesh]
        DG1[Delegated gateway]
        subgraph sg1a[ ]
            direction LR
            S1[Service] --- D1[KUMA-DP]
            D1 <-.-> D2[KUMA-DP]
            D2 --- S2[Service]
        end
        subgraph sg1b[ ]
            direction LR
            S3[Service] --- D3[KUMA-DP]
            D3 <-.-> D4[KUMA-DP]
            D4 --- S4[Service]
        end
        DG1 -.-> D1 & D3
    end

    subgraph M2[Team 2 service mesh]
        DG2[Delegated gateway]
        subgraph sg2a[ ]
            direction LR
            S5[Service] --- D5[KUMA-DP]
            D5 <-.-> D6[KUMA-DP]
            D6 --- S6[Service]
        end
        subgraph sg2b[ ]
            direction LR
            S7[Service] --- D7[KUMA-DP]
            D7 <-.-> D8[KUMA-DP]
            D8 --- S8[Service]
        end
        DG2 -.-> D5 & D7
    end

    KGW --> DG1 & DG2
    DG1 <--> DG2

    linkStyle 0,1,3,4,6,9,11,12,14,17,18,19 stroke-width:2px!important,stroke:#86e2cc!important
    linkStyle 2,5,7,8,10,13,15,16 stroke-width:3px!important
Something wrong?
Report an Issue | Edit this Page
View all Kong documentation

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help?

Ask in our Slack Community
Contact Support