The latest version of Kong Mesh brings an improved provisioning experience and streamlined management of policies — plus user interface enhancements to elevate your experience deploying and managing Kong Mesh.
Built on top of Kuma, Kong Mesh is a service mesh designed to provide security, observability, and traffic control across modern, distributed applications. It enables seamless service-to-service communication across multi-cloud, hybrid, and Kubernetes environments while offering zero-trust security, multi-mesh support, and global/remote control planes. With Kong Mesh, organizations can efficiently manage and scale their microservices with high reliability and performance.
Kong Mesh 2.10 delivers several enhancements, including Terraform support for Konnect Mesh Manager, simplified and streamlined management of policies, and user interface improvements. Read on to learn more!
Terraform is a commonly used tool that allows you to leverage the Infrastructure as Code (IaC) model to declaratively configure and manage your infrastructure with accessible configuration files. We’ve already introduced Terraform provider for Konnect, a plugin that extends Terraform capabilities to allow you to declaratively manage your Konnect entities. Since then, we’ve been working hard to keep our provider updated by continuously adding support to manage more Kong entities.
Today, we're excited to announce support for Kong Mesh in the Terraform Provider for Konnect. If you're using Konnect to manage your Mesh control planes, you can now create a Konnect Global Control Plane and bring up zones much more easily. The Terraform support for Mesh in Konnect allows you to provision your mesh infrastructure in a reusable and consistent fashion while also being able to track changes across versions easily. In short, this improves automation, reduces the room for error, and saves time.
Terraform support for Mesh in Konnect is enabled by the OpenAPI specification for Mesh. This release introduces improvements to the spec and our APIs in general, including publishing the Konnect Mesh Manager OpenAPI spec.
If you would like to learn more about how you can get started with the Terraform Provider for your Konnect-managed Kong Mesh, please refer to our guide here.
Top-level targetRef enables you to identify and select a specific set of proxies whose configurations will be impacted. It’s a great way to slowly and progressively roll out (or roll back) a policy without breaking anything.
As a refresher, we introduced MeshService in the previous release, which is a new resource that represents a service that allows you to define a subset of services and apply policies to it much more easily. It allowed users to define their services explicitly instead of relying on Kubernetes services. This capability helped remove some scalability bottlenecks and made the user experience of managing Mesh easier.
In this release, we're announcing a targetRef kind for data planes as part of an ongoing effort to tie policies to resources present in your Mesh to help streamline and simplify your experience managing your Mesh policies. Now, you can set the data plane as a top-level targetRef, enabling you to define policies that target a specific data plane. You can even specify which inbound of a data plane you’d like the policy to target.
In our ongoing effort to make policies easier and better to use, we're introducing rules to support inbound policies. If you recall, in the previous release, we introduced outbound policies and producer/consumer policies that enable you to create a policy and apply it to all clients of a service.
This release extends that effort by introducing rules support for inbound policies, enabling you to match the traffic coming into your dataplanes with a port. Before this update, if you had multiple listeners on a data plane, it would be very challenging to apply policies to individual listeners as the matching process was more complicated.
Introducing rules makes it much easier to identify and match policies to an individual or a specific group of listeners. When you use it in combination with dataplanes, you can identify up to a single dataplane, port, or a group of dataplanes with specific labels, etc.
Also, if you have multiple policies that merge at different levels — say, one at the Service level and another at the namespace level, the policy that handles the merging becomes much more straightforward.
The snippet below shows how you can use the rules support for inbound policies with the Dataplane kind to define a MeshTimeout policy in the kuma-demo namepsace:
Please refer to this guide for more information.
Hostname Generator templates enable scoped customization of services hostnames using the properties of other Mesh entities. This release introduces Kong Mesh UI support for HostName Generators for improved service discovery and easier debuggability.
You can find a sneak peek into these new views below.
To explore these new views yourself, you can go to your Mesh homepage (the Control Plane overview) and click on ‘Actions’ and then the ‘Hostname Generators’ button.
We’ve added new statistics views on ZoneIngress and ZoneEgress to improve observability of Mesh Zone proxy utilization and performance.
Additionally, we're introducing UI configurability improvements across the Kuma Mesh UI and the Mesh Manager UI in Konnect. Some of the highlights include the addition of an XDS (Envoy Discovery Services) Config Tab to inbound and outbound proxies. We’ve also made it easier to see YAML config directly in the Kong Mesh UI.
Last but not least, we've introduced a "debug dump" button to the data plane views for easier troubleshooting and support tickets.
For a deeper dive into a complete list of features, updates, and changes, please refer to the CHANGELOG here.
Want to see Kong Mesh in action? Request a demo or download Kong Mesh today.
Thank you for your continued support and trust in our product.
Join us at KubeCon Europe in London from April 1–4, 2025. Come see us at booth S231, where you can win exclusive prizes, get special swag, and speak with our experts about Kuma, Kubernetes Gateway API, Kong Mesh, or Kong in general.
Reach out to events@konghq.com to set up a formal meeting with our team.
We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma R
What Is Terraform? Terraform is an infrastructure-as-code (IaC) tool developed by HashiCorp. It allows users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL
When speaking with our customers, and particularly with platform teams, we repeatedly hear about how difficult it is to discover and govern all the services and APIs that actively run on their infrastructure. In ever-expanding and changing environm
We’re at it again, bringing more incremental improvements to Kong Mesh! Built on top of Kuma, Kong Mesh brings much-needed simplicity and production-grade tooling. Kong Mesh is built for smooth operations with platform teams in mind, providing secu
As API ecosystems grow more complex, maintaining visibility and security shouldn't be a hurdle. Kong Gateway 3.13 simplifies these challenges with expanded OpenTelemetry support and more flexible orchestration. These new capabilities not only make y
The AI boom has a dirty secret: for most enterprises, it's bleeding money. Every LLM call, every agent invocation, every API request that powers your AI products — they all cost something. And right now, most organizations have no idea what they're
MCP ACLs, Claude Code Support, and New Guardrails New providers, smarter routing, stronger guardrails — because AI infrastructure should be as robust as APIs We know that successful AI connectivity programs often start with an intense focus on how