Kong Mesh 1.9 and Kuma 1.8 Released with Gateway GA, New CNI

We are happy to announce the release of Kong Mesh 1.9 and Kuma 1.8! This release is packed with features and improvements such as observability for builtin Gateway, a complete rewrite of the CNI and projected service account tokens support.

In order to take advantage of the latest and greatest in service mesh, we strongly suggest upgrading to Kong Mesh 1.9.

Notable features:

• Cross-Mesh gateway now also works with multi-zone. If your gateway only runs in some zones, Kuma will route traffic from other zones to zones where gateways are present.
• We've fully rewritten the CNI to leverage our new and improved transparent-proxy.
• Mesh Gateway (aka builtin Gateway) now has all the observability features you would expect: tracing, metrics, access logs, service map and even a Grafana dashboard.
• Built-in gateway now supports TCP traffic, path rewrite and header addition/removal.
• The retry policy now offers even more flexibility when it comes to retriable status configuration.
• The demo now offers the option to install a Mesh gateway, improving the Kuma getting-started experience.
• It is now possible to filter metrics scraped from the proxy, which can greatly improve the performance impact of scraping metrics.
• Our TCP TrafficLog implementation was fully rewritten to be simpler and support everything Envoy supports out of the box.
• We now support Projected Service Account Tokens forstronger security in Kubernetes.

For more details, reference the Kong Mesh Changelog.

Cross-Mesh Gateway is also Cross-Zone

It is possible for a Mesh to only run workloads in a subset of all the existing zones. When this happens until now, you’d need to run a gateway to this mesh in all zones that wanted to communicate with this mesh. Now Kuma will find where cross-mesh gateways are running and route traffic accordingly. This will help further simplify multi-tenant and multi-zone use cases.

Figure 1: Kuma Mesh Gateway working cross Zone

MeshGateway improvements

We released the MeshGateway back in Kuma 1.6 and the reception has been great. Kuma's lightweight gateway is a great complement to fully fledged gateways and is also used to facilitate inter-mesh communication.

• We're now expanding on that functionality and offering full observability with a dedicated Grafana dashboard for MeshGateway.
• We're also adding a lot of features to make the Gateway more feature-rich, like supporting path rewrite and header modifications.
• Extra attention has been paid to production readiness of the gateway with features like connection limits, overload management and others.

Figure 2: Kuma Mesh Gateway Grafana metrics dashboard

CNI rewrite

The v2 version of the CNI is completely rewritten in go and has the following improvements over the previous version:

• It has support for a taint controller which guards against a possible race condition between the CNI plugin and other workloads when adding new nodes in an existing cluster.
• All logs are easily accessible via kubectl logs command which greatly simplifies observability
• It uses new transparent engine implemented in kuma-net

Get in touch with Kong to learn more about Kong Mesh and how to build an enterprise service mesh. You can also download Kong Mesh and get started for free.