The latest version of Kong Mesh brings an improved provisioning experience and streamlined management of policies — plus user interface enhancements to elevate your experience deploying and managing Kong Mesh.
Built on top of Kuma, Kong Mesh is a service mesh designed to provide security, observability, and traffic control across modern, distributed applications. It enables seamless service-to-service communication across multi-cloud, hybrid, and Kubernetes environments while offering zero-trust security, multi-mesh support, and global/remote control planes. With Kong Mesh, organizations can efficiently manage and scale their microservices with high reliability and performance.
Kong Mesh 2.10 delivers several enhancements, including Terraform support for Konnect Mesh Manager, simplified and streamlined management of policies, and user interface improvements. Read on to learn more!
Terraform is a commonly used tool that allows you to leverage the Infrastructure as Code (IaC) model to declaratively configure and manage your infrastructure with accessible configuration files. We’ve already introduced Terraform provider for Konnect, a plugin that extends Terraform capabilities to allow you to declaratively manage your Konnect entities. Since then, we’ve been working hard to keep our provider updated by continuously adding support to manage more Kong entities.
Today, we're excited to announce support for Kong Mesh in the Terraform Provider for Konnect. If you're using Konnect to manage your Mesh control planes, you can now create a Konnect Global Control Plane and bring up zones much more easily. The Terraform support for Mesh in Konnect allows you to provision your mesh infrastructure in a reusable and consistent fashion while also being able to track changes across versions easily. In short, this improves automation, reduces the room for error, and saves time.
Terraform support for Mesh in Konnect is enabled by the OpenAPI specification for Mesh. This release introduces improvements to the spec and our APIs in general, including publishing the Konnect Mesh Manager OpenAPI spec.
If you would like to learn more about how you can get started with the Terraform Provider for your Konnect-managed Kong Mesh, please refer to our guide here.
Top-level targetRef enables you to identify and select a specific set of proxies whose configurations will be impacted. It’s a great way to slowly and progressively roll out (or roll back) a policy without breaking anything.
As a refresher, we introduced MeshService in the previous release, which is a new resource that represents a service that allows you to define a subset of services and apply policies to it much more easily. It allowed users to define their services explicitly instead of relying on Kubernetes services. This capability helped remove some scalability bottlenecks and made the user experience of managing Mesh easier.
In this release, we're announcing a targetRef kind for data planes as part of an ongoing effort to tie policies to resources present in your Mesh to help streamline and simplify your experience managing your Mesh policies. Now, you can set the data plane as a top-level targetRef, enabling you to define policies that target a specific data plane. You can even specify which inbound of a data plane you’d like the policy to target.
targetRef:
kind: Dataplane
name: demo-app
namespace: kuma-demo
sectionName: http-portIn our ongoing effort to make policies easier and better to use, we're introducing rules to support inbound policies. If you recall, in the previous release, we introduced outbound policies and producer/consumer policies that enable you to create a policy and apply it to all clients of a service.
This release extends that effort by introducing rules support for inbound policies, enabling you to match the traffic coming into your dataplanes with a port. Before this update, if you had multiple listeners on a data plane, it would be very challenging to apply policies to individual listeners as the matching process was more complicated.
Introducing rules makes it much easier to identify and match policies to an individual or a specific group of listeners. When you use it in combination with dataplanes, you can identify up to a single dataplane, port, or a group of dataplanes with specific labels, etc.
Also, if you have multiple policies that merge at different levels — say, one at the Service level and another at the namespace level, the policy that handles the merging becomes much more straightforward.
The snippet below shows how you can use the rules support for inbound policies with the Dataplane kind to define a MeshTimeout policy in the kuma-demo namepsace:
apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
name: mtimeout
namespace: kuma-demo
labels:
kuma.io/mesh: default
kuma.io/origin: zone
spec:
targetRef:
kind: Dataplane
labels:
app: demo-app
rules:
- default:
http:
requestTimeout: 1sPlease refer to this guide for more information.
Hostname Generator templates enable scoped customization of services hostnames using the properties of other Mesh entities. This release introduces Kong Mesh UI support for HostName Generators for improved service discovery and easier debuggability.
You can find a sneak peek into these new views below.
To explore these new views yourself, you can go to your Mesh homepage (the Control Plane overview) and click on ‘Actions’ and then the ‘Hostname Generators’ button.
We’ve added new statistics views on ZoneIngress and ZoneEgress to improve observability of Mesh Zone proxy utilization and performance.
Additionally, we're introducing UI configurability improvements across the Kuma Mesh UI and the Mesh Manager UI in Konnect. Some of the highlights include the addition of an XDS (Envoy Discovery Services) Config Tab to inbound and outbound proxies. We’ve also made it easier to see YAML config directly in the Kong Mesh UI.
Last but not least, we've introduced a "debug dump" button to the data plane views for easier troubleshooting and support tickets.
For a deeper dive into a complete list of features, updates, and changes, please refer to the CHANGELOG here.
Want to see Kong Mesh in action? Request a demo or download Kong Mesh today.
Thank you for your continued support and trust in our product.
Join us at KubeCon Europe in London from April 1–4, 2025. Come see us at booth S231, where you can win exclusive prizes, get special swag, and speak with our experts about Kuma, Kubernetes Gateway API, Kong Mesh, or Kong in general.
Reach out to events@konghq.com to set up a formal meeting with our team.
Kong Mesh 2.13 delivers full support for Mesh Identity for Kubernetes and Universal mode. Plus, it's been designated as a Long Term Support release, with support for a total of 2 years. But first, what's Kong Mesh for the uninitiated? Built on top
We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma R
What Is Terraform? Terraform is an infrastructure-as-code (IaC) tool developed by HashiCorp. It allows users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL
When speaking with our customers, and particularly with platform teams, we repeatedly hear about how difficult it is to discover and govern all the services and APIs that actively run on their infrastructure. In ever-expanding and changing environm
We’re at it again, bringing more incremental improvements to Kong Mesh! Built on top of Kuma, Kong Mesh brings much-needed simplicity and production-grade tooling. Kong Mesh is built for smooth operations with platform teams in mind, providing secu
The widespread adoption of Kafka and event streaming platforms is evident across several enterprises, where they serve as the backbone of critical operations, ranging from financial transactions to AI inference pipelines. However, in the domains of
Managed Redis cache is a turnkey "Shared State" add-on for Kong Dedicated Cloud Gateways. It is designed to combine the performance of an in-memory data store with the simplicity of a SaaS product. When you spin up a Dedicated Cloud Gateway in Kong