See what makes Kong the fastest, most-adopted API gateway
Check out the latest Kong feature releases and updates
Single platform for SaaS end-to-end connectivity
Enterprise service mesh based on Kuma and Envoy
Collaborative API design platform
How to Scale High-Performance APIs and Microservices
Call for speakers & sponsors, Kong API Summit 2023!
4 MIN READ
We are truly excited to release Kong Mesh 1.2 today and introduce three new security capabilities that make it the most secure enterprise service mesh available today.
Kong Mesh is built on open source Kuma which Kong created in 2019 and has since donated it to the CNCF. Kuma is a universal control plane for service mesh that is based on Envoy. Its breakthrough architecture was developed to solve real-world customer issues, enabling it to run across multiple clusters, in every cloud and every application runtime.
We think of Kuma as an extensible and flexible service connectivity overlay that discovers and connects services automatically, including over hybrid Kubernetes and VM services.
By leveraging this unique design, Kong Mesh 1.2 brings the following unprecedented out-of-the-box security to our customers’ services:
Kong Mesh 1.2 is the first and only service mesh that is natively integrated with Open Policy Agent (OPA) as a first-class citizen, now a graduated CNCF project. This makes Kong Mesh the easiest product in the entire industry to deploy OPA across every application in our organization. For developers, this is like service mesh security nirvana!
“Open Policy Agent solves authorization problems across the cloud native stack, including microservice API protection, Kubernetes admission control, CICD pipelines, public cloud configuration and database query access controls,” said Tim Hinrichs, CTO of Styra and co-creator of OPA. “OPA is especially well-suited for microservice API authorization because it provides extremely fast, context-aware authorization decisions using policies that are decoupled from the microservice itself — so security, compliance, operations and dev teams can collaborate to implement, review and update policies without changing underlying services or application code.”
Historically, Kong Mesh has leveraged Kuma’s multi-zone support to enable distributed service mesh use cases. These distributed service meshes are typically clusters that exist between on-premises data center environments, cloud providers, VPCs or even separation based on workload runtime (like Kubernetes or VM).
With Kong Mesh 1.2, we’re enhancing that multi-zone functionality by providing an enterprise authentication mechanism between the global and remote control planes. This functionality extends the KDS (Kuma Discovery Service, the xDS-based API that connects the global and the remote control planes together) to support additional authentication capabilities within the architecture and enables enterprise teams to support global use cases while improving the security footprint within the service mesh control plane.
As the service mesh design pattern grows in adoption within workload environments, there’s a growing focus on compliance for the underlying service mesh platform. For Envoy-based service meshes, this compliance with the Federal Information Processing Standard (FIPS) has been challenging to achieve. Today, we are happy to announce that Kong Mesh ships with FIPS 140-2 compliance out of the box on every official distribution, including Kubernetes and VMs.
The inclusion of FIPS 140-2 compliance out of the box, as well as automated third-party Certificate Authority support (through HashiCorp Vault), Traffic Permission policies and native Open Policy Agent support establish a foundation of zero-trust within an organization’s service connectivity platform.
These capabilities make Kong Mesh the easiest way to accelerate day-0 security compliance across the entire organization – preventing breaches and data loss, as well as increasing the security posture of the organization as a whole.
“Honestly, I am not sure how we ran our day to day without Kong Mesh before,” said Aaron Weikle, CEO and founder of MS3. “We used to use MuleSoft to drive MS3’s day-to-day business, but we were constantly battling issues with observability when customers would send in dirty data as well as understanding where issues arise or where delays would occur. In addition, the concept of zero-trust wasn’t possible with MuleSoft, and Crypto Miners at one point were able to gain access to our API platform. With Kong and Kong Mesh, we have established a tight-knit zero-trust platform with certificate rotation that makes it nearly impossible to penetrate and keeps our business and services running smoothly, saving a ton of operation dollars chasing issues that before we just couldn’t pinpoint.”
Technology teams know that a security breach is only one-click away and can happen to anyone, instantly wrecking an organization’s reputation and putting customers, partners and staff at risk. The new release of Kong Mesh fundamentally changes the way service mesh is secured and eliminates the drudgery typically associated with advanced security and zero-trust models.
To learn more about Kong Mesh 1.2 and our Kong Konnect platform, schedule a demo today! Request a Demo
Share Post