We are happy to announce the latest release for both Kong Mesh and Kuma, which is packed with features and improvements. Kong Mesh 1.7 is focused on security and stability, as it allows to better integrate with AWS thanks to a native AWS ACM integration to store CA certificates while implementing mTLS across our services, and to connect to HashiCorp Vault via AWS Auth. But there is a lot more!
We strongly suggest upgrading, in order to take advantage of the latest and greatest when it comes to service mesh.
Notable improvements in Kong Mesh 1.7.0
- 🚀 Everything in Kuma 1.6.0, including Kubernetes GatewayAPI support and the new improved transparent proxying setup.
- 🚀 Support for AWS ACM as an official certificate provider for zero-trust.
- 🚀 Support for AWS authentication when connecting to HashiCorp Vault
- 🚀 We have introduced support for the Inspect API in the OPA policies
- More minor updates, including configurable OPA timeouts.
The full Kong Mesh changelog is available here.
Notable improvements in Kuma 1.6.0
- 🚀 We provide a preview of Kubernetes Gateway API support for our builtin gateway. This makes it easier than to provide a gateway to lead traffic through our mesh.
- 🚀 Full support for the “inspect API” on builtin gateway resources. This enables users to see which policies impact which gateway routes.
- 🚀 ZoneEgress received many improvements like: support for Standalone, locality aware routing on external services and support for
RateLimitpolicies on external services.
- 🚀 A preview of the completely rewritten transparent proxy, this aims to make transparent proxy more stable and provide us with pathways for further innovation.
- Many improvements to the Helm charts like: exposing the CP with an ingress, providing resource limits to components, and customizing image tags and security context.
- A new metric to see how long configuration changes take to propagate to data plane proxies.
The full Kuma changelog is available here.
AWS ACM as a certificate provider
Kuma has 3 ways to provide CAs for your meshes:
- builtin: Kong Mesh will generate and store the CAs in the control plane.
- provided: We can setup your own custom CA by uploading the certificate and key to the control plane.
- vault: We can connect Kong Mesh with a 3rd party HashiCorp Vault cluster that will be in charge of storing the root CA.
In Kong Mesh 1.7.0 we introduced support for an additional mode: the popular AWS ACM service, which helps making our integration with AWS even stronger.
- acmpca: We can connect Kong Mesh to Amazon Certificate Manager Private CA, which will be in charge of storing the CA.
The native AWS support that Kong Mesh provides also includes a native ECS controller, that was shipped in the previous release.
Make sure to checkout the docs for ACM support to get started.
AWS Auth support for HashiCorp Vault
For users running HashiCorp Vault on AWS, using the AWS builtin authentication can greatly reduce the configuration complexity and the requirement needed for storing credentials. This has a dual advantage for both simplicity and reinforced security.
We can switch to this new authentication method by checking out the Vault CA documentation.