Kong is proud to announce the release of the latest version of Kong Mesh 2.3. In this release, Kong Mesh continues to build upon the enterprise-grade service mesh in the critical areas of, security, flexibility, and resiliency. As organizations continue to leverage APIs to deliver digital experiences they rely more heavily on the underlying infrastructure that a mesh provides.

Security

The best applications with the best infrastructure aren't safe without a robust security pattern. To ensure Kong Mesh is up to the highest levels of security, version 2.3 uses the latest Envoy proxy version 1.26.

• Upgrade to the latest Envoy

As a further enhancement to the zero-trust framework Kong Mesh deploys, it now also employs least-privilege security defaults in Kubernetes by removing all unnecessary privileges and configuration options in the container.

• Better (least-privilege) security defaults when running in Kubernetes environments

Whether starting application development from Kubernetes and extending to legacy infrastructure or starting the other way around, ensuring that a secure communication channel exists between the various services is paramount to a robust application.

As Andrey Dubnik, architect at Maersk, mentioned when submitting this feature request on GitHub, "TLS (for Gateway Listeners) enable[s] … [us] to publish the certificate on a mesh gateway without having to configure the TLS on the gateway explicitly."

• TLS for Gateway listeners

Flexibility

Workloads can live anywhere globally, sometimes with plenty of bandwidth and other times in constrained or high latency edge deployments.

Kong Mesh 2.3 implements delta configuration changes between the zones sending only what has changed in the configuration updates to the global control plane, thereby reducing the bandwidth overhead. This feature is currently experimental in Kong Mesh 2.3 — and can be enabled by adding the following to the zone plane configuration and restarting the mesh.

KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED=true

• TCP Route

Kong Mesh 2.3 further enhances the flexibility of the platform by allowing more fine-grained control of how the mesh is installed. This feature maintains the defaults for installations. However, we added the ability to disable options for power users that require more flexibility, such as in a GitOps workflow. Please view the documentation for usage.

• Ability to customize / disable default policy creation for enhanced gitops workflows

Resiliency

Kong Mesh 2.3 brings experimental support for GAMMA (Gateway API for Mesh Management and Administration) resources. Kong Mesh has long supported Gateway API with a built-in gateway for ingress traffic. With GAMMA support users can specify how to route and modify in-mesh traffic using the well-known HTTPRoute resource thereby maintaining compatibility and portability across meshes.

• Gamma Support – Upstream (Mesh admin)

For Kubernetes environments, Kong Mesh introduced a host of performance fixes that enable organizations to build and scale at a faster pace. These enhancements are critical for organizations with large Kubernetes clusters that are deploying hundreds and hundreds of services from within the clusters.

• Performance fixes around QPS in high-volume

As applications in microservices grow, their dependencies become more complex. After all, that's why a service mesh is critical when building microservices at scale. However, those dependencies need to be managed to start and stop at the proper times. Kong Mesh 2.3 introduces better container ordering to ensure predictable behavior in different scenarios.

• Support init container ordering for predictable sidecar behavior in different scenarios

Kong Mesh 2.3 is a robust release, and this announcement only covers the highlights. You can read more about all the changes at https://docs.konghq.com/mesh/changelog/. And stay tuned for an upcoming video from Vik Gamov and a blog from Marcin Skalski on implementing the global rate-limiting improvements.