The latest version of Kong Mesh brings an improved provisioning experience and streamlined management of policies — plus user interface enhancements to elevate your experience deploying and managing Kong Mesh.
Built on top of Kuma, Kong Mesh is a service mesh designed to provide security, observability, and traffic control across modern, distributed applications. It enables seamless service-to-service communication across multi-cloud, hybrid, and Kubernetes environments while offering zero-trust security, multi-mesh support, and global/remote control planes. With Kong Mesh, organizations can efficiently manage and scale their microservices with high reliability and performance.
Kong Mesh 2.10 delivers several enhancements, including Terraform support for Konnect Mesh Manager, simplified and streamlined management of policies, and user interface improvements. Read on to learn more!
Terraform is a commonly used tool that allows you to leverage the Infrastructure as Code (IaC) model to declaratively configure and manage your infrastructure with accessible configuration files. We’ve already introduced Terraform provider for Konnect, a plugin that extends Terraform capabilities to allow you to declaratively manage your Konnect entities. Since then, we’ve been working hard to keep our provider updated by continuously adding support to manage more Kong entities.
Today, we're excited to announce support for Kong Mesh in the Terraform Provider for Konnect. If you're using Konnect to manage your Mesh control planes, you can now create a Konnect Global Control Plane and bring up zones much more easily. The Terraform support for Mesh in Konnect allows you to provision your mesh infrastructure in a reusable and consistent fashion while also being able to track changes across versions easily. In short, this improves automation, reduces the room for error, and saves time.
Terraform support for Mesh in Konnect is enabled by the OpenAPI specification for Mesh. This release introduces improvements to the spec and our APIs in general, including publishing the Konnect Mesh Manager OpenAPI spec.
If you would like to learn more about how you can get started with the Terraform Provider for your Konnect-managed Kong Mesh, please refer to our guide here.
Top-level targetRef enables you to identify and select a specific set of proxies whose configurations will be impacted. It’s a great way to slowly and progressively roll out (or roll back) a policy without breaking anything.
As a refresher, we introduced MeshService in the previous release, which is a new resource that represents a service that allows you to define a subset of services and apply policies to it much more easily. It allowed users to define their services explicitly instead of relying on Kubernetes services. This capability helped remove some scalability bottlenecks and made the user experience of managing Mesh easier.
In this release, we're announcing a targetRef kind for data planes as part of an ongoing effort to tie policies to resources present in your Mesh to help streamline and simplify your experience managing your Mesh policies. Now, you can set the data plane as a top-level targetRef, enabling you to define policies that target a specific data plane. You can even specify which inbound of a data plane you’d like the policy to target.
In our ongoing effort to make policies easier and better to use, we're introducing rules to support inbound policies. If you recall, in the previous release, we introduced outbound policies and producer/consumer policies that enable you to create a policy and apply it to all clients of a service.
This release extends that effort by introducing rules support for inbound policies, enabling you to match the traffic coming into your dataplanes with a port. Before this update, if you had multiple listeners on a data plane, it would be very challenging to apply policies to individual listeners as the matching process was more complicated.
Introducing rules makes it much easier to identify and match policies to an individual or a specific group of listeners. When you use it in combination with dataplanes, you can identify up to a single dataplane, port, or a group of dataplanes with specific labels, etc.
Also, if you have multiple policies that merge at different levels — say, one at the Service level and another at the namespace level, the policy that handles the merging becomes much more straightforward.
The snippet below shows how you can use the rules support for inbound policies with the Dataplane kind to define a MeshTimeout policy in the kuma-demo namepsace:
Please refer to this guide for more information.
Hostname Generator templates enable scoped customization of services hostnames using the properties of other Mesh entities. This release introduces Kong Mesh UI support for HostName Generators for improved service discovery and easier debuggability.
You can find a sneak peek into these new views below.
To explore these new views yourself, you can go to your Mesh homepage (the Control Plane overview) and click on ‘Actions’ and then the ‘Hostname Generators’ button.
We’ve added new statistics views on ZoneIngress and ZoneEgress to improve observability of Mesh Zone proxy utilization and performance.
Additionally, we're introducing UI configurability improvements across the Kuma Mesh UI and the Mesh Manager UI in Konnect. Some of the highlights include the addition of an XDS (Envoy Discovery Services) Config Tab to inbound and outbound proxies. We’ve also made it easier to see YAML config directly in the Kong Mesh UI.
Last but not least, we've introduced a "debug dump" button to the data plane views for easier troubleshooting and support tickets.
For a deeper dive into a complete list of features, updates, and changes, please refer to the CHANGELOG here.
Want to see Kong Mesh in action? Request a demo or download Kong Mesh today.
Thank you for your continued support and trust in our product.
Join us at KubeCon Europe in London from April 1–4, 2025. Come see us at booth S231, where you can win exclusive prizes, get special swag, and speak with our experts about Kuma, Kubernetes Gateway API, Kong Mesh, or Kong in general.
Reach out to events@konghq.com to set up a formal meeting with our team.
As of September 2025, Kong Gateway Enterprise 3.8 will enter its End Of Life (EOL) phase and will no longer be fully supported by Kong. Following this, Kong Gateway Enterprise 3.8 will enter a 12-month sunset support period, focused on helping cus
We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma R
It’s been almost a year since we released our Konnect Terraform provider . In that time we’ve seen over 300,000 installs, have 1.7 times as many resources available, and have expanded the provider to include data sources to enable federated managem
We're happy to announce the 3.5 release of Kong Ingress Controller (KIC). This release includes the graduation of combined services to General Availability, support for connection draining, as well as the start of deprecating support for some Ingre
Update Includes Data Orchestration, CyberArk Support, Solace Integration, and Kafka Schema Validation We’re excited to bring you Kong Gateway Enterprise 3.11 with compelling new features to make your APIs and event streams even more powerful, includ
When we released the beta version of Service Catalog last September, it was in service of a greater API discovery vision we had for Kong Konnect as an API platform. In March of this year, we moved closer to fulfilling that vision when we announced
The new Kong Konnect Dev Portal is now generally available for all users! In March, we announced the public beta version of our reimagined Dev Portal. We set out to fully address the needs of the modern API consumer as well as the needs of the moder