We’re at it again, bringing more incremental improvements to Kong Mesh!
Built on top of Kuma, Kong Mesh brings much-needed simplicity and production-grade tooling. Kong Mesh is built for smooth operations with platform teams in mind, providing security, observability, and traffic control for modern, distributed applications. A single mesh can seamlessly span multiple zones: multiple cloud providers, Kubernetes clusters, and traditional server (VM / bare-metal) environments while offering zero-trust security, multiple isolated mesh support, and global/remote control planes. Konnect Mesh Manager provides a global view across all your Mesh deployments. With Kong Mesh, organizations can deploy with confidence and efficiency, managing mission-critical services reliably at high performance.
Kong Mesh 2.11 delivers several enhancements, including Amazon ECS support with automated Route 53 configuration, the ability to reduce the need for cluster roles when setting up Mesh, Embedded DNS, and experimental support for incremental configuration propagation, and an expansion of the supported policies for MeshHTTPRoute.
Read on to learn more!
While we have supported ECS with Kuma Mesh for a while, customers still have to manually configure the outbounds. This was cumbersome and time-consuming. With Mesh 2.11, you can now [configure the control plane](https://docs.konghq.com/mesh/latest/installation/ecs/#outbounds)configure the control plane to create Route53 domains that will resolve to local addresses for service communication.
By default, Kong Mesh observes resources across an entire Kubernetes cluster. In production or shared clusters, this may not be desired as not all namespaces need to be monitored, or your teams do not have the cluster-wide scope to do this. When [deploying Mesh using Helm](https://docs.konghq.com/mesh/latest/guides/restrict-permissions-to-selected-namespaces-on-kubernetes/)deploying Mesh using Helm, you can now specify the namespaces that Mesh is allowed to watch:
helm upgrade \
--install \
--create-namespace \
--namespace kuma-system \
--set "namespaceAllowList={my-namespace}" \
kuma kuma/kumaThis is achieved by taking the kuma-control-plane ClusterRole and binding it to only the allowed namespace via a RoleBinding, greatly reducing the RBAC permissions to allowed namespaces.
Historically, we've used CoreDNS for service mapping to VIPs, which was used on all dataplanes. As we look to greatly reduce dataplane resource consumption, we've moved to an Embedded DNS specifically designed for Kuma Mesh. Beyond the reduction in resources needed, this opens up some interesting things we can do in the future to map out service-to-service communication and analytics for your workloads. Stay tuned for where we go with this!
By default, Kong Mesh will send the full configuration to the dataplane whenever updates are made in the Mesh. With [Incremental configuration](https://kuma.io/docs/2.11.x/production/upgrades-tuning/fine-tuning/#incremental-xds)Incremental configuration, only the differences (delta) of the configuration that has changed are sent to the dataplanes. This reduces CPU and memory utilization and is especially useful as the number of workloads increases.
This is an experimental feature, but can be enabled per dataplane with a Kubernetes annotation, or with an environment variable if using Universal:
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: demo-app
namespace: kuma-demo
spec:
...
template:
metadata:
...
annotations:
kuma.io/xds-transport-protocol-variant: DELTA_GRPC
```MeshHTTPRoute is a routing policy in Kong Mesh that allows you to match and redirect HTTP traffic within the Mesh. This update gives you a much greater level of control over the HTTP protocol, the path, headers, and query parameters.
We're releasing [further policy support](https://docs.konghq.com/mesh/latest/guides/targeting-meshhttproutes-in-supported-policies/)further policy support for MeshHTTPRoute in the following Mesh policies:
For a deeper dive into a complete list of features, updates, and changes, please refer to the CHANGELOG [here](https://docs.konghq.com/mesh/changelog/)here.
Want to see Kong Mesh in action? [Request a demo](https://konghq.com/products/kong-mesh/request-demo)Request a demo or [start using Kong Mesh](https://docs.konghq.com/mesh/2.11.x/introduction/install/)start using Kong Mesh today.
Thank you for your continued support and trust in our product.
Kong Mesh 2.13 delivers full support for Mesh Identity for Kubernetes and Universal mode. Plus, it's been designated as a Long Term Support release, with support for a total of 2 years. But first, what's Kong Mesh for the uninitiated? Built on top
[](https://konghq.com/blog/product-releases/kong-mesh-2-13)
Deploying Kong Mesh on ECS The focus of this blog is to provide step-by-step instructions for deploying and configuring Kong Mesh with Kong Konnect on an AWS ECS instance so that anyone will be able to get pre-production installation of Kong Mesh st
[](https://konghq.com/blog/engineering/kong-mesh-with-konnect-on-aws-ecs)
We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma R
[](https://konghq.com/blog/product-releases/kong-mesh-2-12-spiffespire-support-and-consistent-xds-resource-names)
What Is Terraform? Terraform is an infrastructure-as-code (IaC) tool developed by HashiCorp. It allows users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL
[](https://konghq.com/blog/product-releases/mesh-manager-support-in-konnect-terraform-provider)
We are happy to announce the latest release for both Kong Mesh and Kuma, which is packed with features and improvements. Kong Mesh 1.7 is focused on security and stability, as it allows to better integrate with AWS thanks to a native AWS ACM integra
[](https://konghq.com/blog/product-releases/kuma-1-6-0-and-kong-mesh-1-7-0-released-with-kubernetes-gateway-api-support-aws-acm-integration-and-more)
Managed Redis cache is a turnkey "Shared State" add-on for Kong Dedicated Cloud Gateways. It is designed to combine the performance of an in-memory data store with the simplicity of a SaaS product. When you spin up a Dedicated Cloud Gateway in Kong
[](https://konghq.com/blog/product-releases/multicloud-cloud-gateways-managed-redis-cache)
With Kong Ingress Controller, when your Control Plane was hosted in Kong Konnect, and you were using Kubernetes Gateway API, your dataplane, routes, and services were in read-only mode. When using Kong Ingress Controller with Kubernetes Gateway API
[](https://konghq.com/blog/product-releases/kong-operator-2-1)