We are happy to announce a new major release of Kuma, and a new major release of Kong Mesh built on Kuma! Kuma 1.3 ships with 10+ new features and countless improvements. Kong Mesh ships we enterprise capabilities for large scale service mesh deployments.

We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

Improvements in Kuma 1.3 and Mesh 1.4

• 🚀 Kong Mesh ships with a new fully automated CA rotation when mTLS is enabled that – in addition to the pre-existing mTLS data plane proxy certificate rotation – fully automates the entire lifecycle of managing TLS and zero-trust in a service mesh. With the new CA rotation, Kong Mesh will automatically replace CAs in a “Mesh” resource without downtime and it will automatically re-provision the data plane proxy certificates with the new CA. Read more.
• 🚀 We are finally shipping a service map topology view that will visualize all of our service traffic dependencies in a visual way, with information such as number of requests and error rates. This new feature ships as a new official Grafana dashboard and can be automatically installed by running kumactl install metrics:

• 🚀 Kuma finally supports mTLS in “permissive” mode, in addition to the traditional “strict” mode. This new mode allows for an easier migration of existing applications into the service mesh, by allowing more flexibility into how the data plane proxy certificates are being validated on incoming requests. Below an example on Kubernetes:

apiVersion: kuma.io/v1alpha1
kind: Mesh
metadata:
  name: default
spec:
  mtls:
    enabledBackend: ca-1
    backends:
      - name: ca-1
        type: builtin
        mode: PERMISSIVE # or STRICT

• 🚀 A new “Virtual Outbound” policy to customize hostnames and ports when communicating with data plane proxies.
• We have improved support for intermediate CAs when using mTLS.
• Improved SNI support for ExternalServices.

For a complete list of features and updates, take a look at the full changelog.

Upgrading