By on December 13, 2019

Kuma 0.3.1 Released with Third-Party CA Support, Health Checks, and a GUI!

At KubeCon North America 2019, the community provided us with a ton of feedback and feature requests. We’re proud to release some of the most widely requested features in our latest version of Kuma: third-party CA (Certificate Authority) support, health checks, and a GUI! Kuma’s new health checks will help minimize the number of failed requests between your application. The third-party CA support will provide more flexibility when deciding how to secure your mesh. Lastly, the GUI will help you visualize the mesh and its policies in an intuitive format! Let’s take a look at how each of these work.

You can take a look at the full change log here.

Third-Party CA Support

Kuma has a built-in CA to issue certificates for data planes. Data plane certificates generated by Kuma are X.509 certificates that are SPIFFE compliant. However, sometimes you need to have the flexibility to use the CA that you’re already familiar with. Starting today, you have that choice when using Kuma with two quick changes. First is to use the new kumactl command to add a certificate with a key and cert file that you provide. This is full kumactl command would be:

Once you add a certificate via kumactl, all you have to do is change the mesh resource to use a provided CA instead of the builtin CA. The new mesh resource would look like this:

By changing the CA to provided, the control plane will use a CA certificate provided by a user to sign certificates of individual data planes.

Health Checks

The objective of the health checks functionality is to dynamically mark individual endpoints as healthy or unhealthy. This is desirable since at a given point, one source service may be able to connect to a destination service successfully while another service is failing to reach it – the first node will consider it healthy, while the second will mark it as unhealthy and start routing traffic to other data planes.

Kuma supports two kinds of health checks, which can be used separately or in conjunction:

  • Active Checks: Where the data plane periodically sends requests to a destination endpoint, and the health of the target is determined based on its response
  • Passive Checks (also known as outlier detection): Where the data planes analyze the ongoing traffic being proxied and determines the health of targets based on their behavior responding requests.

To configure active health checks, you would add the new HeathCheck policy as shown below:

This is how you would easily configure passive health checks:

GUI

Kuma now ships with a basic web-based GUI that will serve as a visual overview of your data planes, meshes and various traffic policies. The Global Overview will provide a summary of all of the meshes found and allows you to switch between them. You can then view each entity and see how many data planes and traffic permissions, routes, and logs are associated with that particular mesh.

If you want to view information regarding a specific mesh, you can go to Overview and select the desired mesh from the pulldown at the top of the sidebar. You can then click on any of the overviews in the sidebar to view the entities and policies associated with that mesh.

Let us know what else you would like to see in Kuma’s new GUI!

Announcements

We’ll be hosting our next online Meetup on January 14, and we hope to see you there. Until then, hope you enjoy the new features, and let us know what you think! If you have any other feature suggestions, please let us know so we can work together to build it. You can find us on the community Slack channel or through the GitHub repository.

Happy holidays!