Kong Mesh 2.10: Simplified Provisioning and Policy Management

The latest version of Kong Mesh brings an improved provisioning experience and streamlined management of policies — plus user interface enhancements to elevate your experience deploying and managing Kong Mesh. 

Built on top of Kuma, Kong Mesh is a service mesh designed to provide security, observability, and traffic control across modern, distributed applications. It enables seamless service-to-service communication across multi-cloud, hybrid, and Kubernetes environments while offering zero-trust security, multi-mesh support, and global/remote control planes. With Kong Mesh, organizations can efficiently manage and scale their microservices with high reliability and performance.

Kong Mesh 2.10 delivers several enhancements, including Terraform support for Konnect Mesh Manager, simplified and streamlined management of policies, and user interface improvements. Read on to learn more!

Introducing Terraform support for Mesh in Konnect

Terraform is a commonly used tool that allows you to leverage the Infrastructure as Code (IaC) model to declaratively configure and manage your infrastructure with accessible configuration files. We’ve already introduced Terraform provider for Konnect, a plugin that extends Terraform capabilities to allow you to declaratively manage your Konnect entities. Since then, we’ve been working hard to keep our provider updated by continuously adding support to manage more Kong entities.

Today, we're excited to announce support for Kong Mesh in the Terraform Provider for Konnect. If you're using Konnect to manage your Mesh control planes, you can now create a Konnect Global Control Plane and bring up zones much more easily. The Terraform support for Mesh in Konnect allows you to provision your mesh infrastructure in a reusable and consistent fashion while also being able to track changes across versions easily. In short, this improves automation, reduces the room for error, and saves time.

Terraform support for Mesh in Konnect is enabled by the OpenAPI specification for Mesh. This release introduces improvements to the spec and our APIs in general, including publishing the Konnect Mesh Manager OpenAPI spec.

If you would like to learn more about how you can get started with the Terraform Provider for your Konnect-managed Kong Mesh, please refer to our guide here.

Simplified and streamlined management of policies

Dataplane kind as a top-level targetRef

Top-level targetRef enables you to identify and select a specific set of proxies whose configurations will be impacted. It’s a great way to slowly and progressively roll out (or roll back) a policy without breaking anything. 

As a refresher, we introduced MeshService in the previous release, which is a new resource that represents a service that allows you to define a subset of services and apply policies to it much more easily. It allowed users to define their services explicitly instead of relying on Kubernetes services. This capability helped remove some scalability bottlenecks and made the user experience of managing Mesh easier.

In this release, we're announcing a targetRef kind for data planes as part of an ongoing effort to tie policies to resources present in your Mesh to help streamline and simplify your experience managing your Mesh policies. Now, you can set the data plane as a top-level targetRef, enabling you to define policies that target a specific data plane. You can even specify which inbound of a data plane you’d like the policy to target.

targetRef:
  kind: Dataplane
  name: demo-app
  namespace: kuma-demo
  sectionName: http-port

Rules support for inbound policies 

In our ongoing effort to make policies easier and better to use, we're introducing rules to support inbound policies. If you recall, in the previous release, we introduced outbound policies and producer/consumer policies that enable you to create a policy and apply it to all clients of a service. 

This release extends that effort by introducing rules support for inbound policies, enabling you to match the traffic coming into your dataplanes with a port. Before this update, if you had multiple listeners on a data plane, it would be very challenging to apply policies to individual listeners as the matching process was more complicated. 

Introducing rules makes it much easier to identify and match policies to an individual or a specific group of listeners. When you use it in combination with dataplanes, you can identify up to a single dataplane, port, or a group of dataplanes with specific labels, etc. 

Also, if you have multiple policies that merge at different levels — say, one at the Service level and another at the namespace level, the policy that handles the merging becomes much more straightforward. 

The snippet below shows how you can use the rules support for inbound policies with the Dataplane kind to define a MeshTimeout policy in the kuma-demo namepsace:

apiVersion: kuma.io/v1alpha1
kind: MeshTimeout
metadata:
  name: mtimeout
  namespace: kuma-demo
  labels:
    kuma.io/mesh: default
    kuma.io/origin: zone
spec:
  targetRef:
    kind: Dataplane
    labels: 
      app: demo-app
  rules:
    - default:
        http:
          requestTimeout: 1s

Please refer to this guide for more information.

User interface improvements

Improved service discovery with HostName Generators support in Kong Mesh UI

Hostname Generator templates enable scoped customization of services hostnames using the properties of other Mesh entities. This release introduces Kong Mesh UI support for HostName Generators for improved service discovery and easier debuggability. 

You can find a sneak peek into these new views below.

To explore these new views yourself, you can go to your Mesh homepage (the Control Plane overview) and click on ‘Actions’ and then the ‘Hostname Generators’ button. 

Improved observability of Zone proxies

We’ve added new statistics views on ZoneIngress and ZoneEgress to improve observability of Mesh Zone proxy utilization and performance. 

Other improvements

Additionally, we're introducing UI configurability improvements across the Kuma Mesh UI and the Mesh Manager UI in Konnect. Some of the highlights include the addition of an XDS (Envoy Discovery Services) Config Tab to inbound and outbound proxies. We’ve also made it easier to see YAML config directly in the Kong Mesh UI. 

Last but not least, we've introduced a "debug dump" button to the data plane views for easier troubleshooting and support tickets.

Next steps

For a deeper dive into a complete list of features, updates, and changes, please refer to the CHANGELOG here.

Want to see Kong Mesh in action? Request a demo or download Kong Mesh today.

Thank you for your continued support and trust in our product.

Talk to us in person at KubeCon!

Join us at KubeCon Europe in London from April 1–4, 2025. Come see us at booth S231, where you can win exclusive prizes, get special swag, and speak with our experts about Kuma, Kubernetes Gateway API, Kong Mesh, or Kong in general.

Reach out to events@konghq.com to set up a formal meeting with our team.