We're very excited to announce Kong Mesh 2.12 to the world! Kong Mesh 2.12 delivers two very important features: SPIFFE / SPIRE support, which provides enterprise-class workload identity and trust models for your mesh, as well as a consistent Kuma Resource Identifier (KRI) naming convention for resources in the Mesh. Read on to learn more!
But first, what's Kong Mesh for the uninitiated?
Building on top of the open source Kuma service mesh, Kong Mesh is all about simplicity and bringing enterprise features to our customers. Kong Mesh is built for smooth operations with platform teams in mind, providing security, observability, and traffic control for modern, distributed applications. A single mesh can seamlessly span multiple zones: multiple cloud providers, Kubernetes clusters, and traditional server (VM / bare-metal) environments, while offering zero-trust security, multiple isolated mesh support, and global/remote control planes. Konnect Mesh Manager provides a global view across all your Mesh deployments. With Kong Mesh, organizations can deploy with confidence and efficiency, managing mission-critical services reliably at high performance.
MeshIdentity defines how workloads in a mesh obtain their cryptographic identity. It separates the responsibility of issuing identities from establishing trust, enabling Kong Mesh to adopt SPIFFE-compliant practices while remaining flexible and easy to use.
With MeshIdentity, you can:
Whilst this provides SPIFFE-compliant practices, we also worked on being able to integrate with a SPIRE agent running on your Kubernetes nodes to be able to obtain their SPIFFE Verifiable Identity Documents:
apiVersion: kuma.io/v1alpha1
kind: MeshIdentity
metadata:
name: identity-spire
namespace: kuma-system
labels:
kuma.io/mesh: default
spec:
selector:
dataplane:
matchLabels: {}
spiffeID:
trustDomain: default.us-east.mesh.local
path: "/ns/{{ .Namespace }}/sa/{{ .ServiceAccount }}"
provider:
type: Spire
spire: {}
If you're using SPIRE, it's classed as the Trust authority for the Mesh, and for customers that have not rolled out SPIRE in their organisations, we've also introduced the concept of MeshTrust.
This allows you to validate the workload identity back to the MeshTrust authority that you control. Currently, this is only supported on Kubernetes environments, and we're working on cross-zone identity in the next release of Kong Mesh.
To help with how you consume, aggregate, and draw value from service-to-service metrics, as well as how to define Services and their Identity, we took on the rather large effort of introducing a consistent naming convention for Mesh resources.
This has a number of benefits, including being able to inspect individual resources through the Inspect API, as well as browsing resources in Mesh Manager.
We'll continue to drive consistency across Kong Mesh resources to help with metrics and observability in the near future.
For a deeper dive into a complete list of features, updates, and changes, please refer to the CHANGELOG here.
Want to see Kong Mesh in action? Request a demo or start using Kong Mesh today.
Thank you for your continued support and trust in our product.
Kong Mesh 2.13 delivers full support for Mesh Identity for Kubernetes and Universal mode. Plus, it's been designated as a Long Term Support release, with support for a total of 2 years. But first, what's Kong Mesh for the uninitiated? Built on top
A year ago, Harry Bagdi wrote an amazingly helpful blog post on observability for microservices. And by comparing titles, it becomes obvious that my blog post draws inspiration from his work. To be honest, that statement on drawing inspiration fro
We’re at it again, bringing more incremental improvements to Kong Mesh! Built on top of Kuma, Kong Mesh brings much-needed simplicity and production-grade tooling. Kong Mesh is built for smooth operations with platform teams in mind, providing secu
We are happy to announce the latest release for both Kong Mesh and Kuma, which is packed with features and improvements. Kong Mesh 1.7 is focused on security and stability, as it allows to better integrate with AWS thanks to a native AWS ACM integra
With Kong Ingress Controller, when your Control Plane was hosted in Kong Konnect, and you were using Kubernetes Gateway API, your dataplane, routes, and services were in read-only mode. When using Kong Ingress Controller with Kubernetes Gateway API
As API ecosystems grow more complex, maintaining visibility and security shouldn't be a hurdle. Kong Gateway 3.13 simplifies these challenges with expanded OpenTelemetry support and more flexible orchestration. These new capabilities not only make y
