We’re excited to announce the upcoming release of Kong Mesh 2.9 in mid-September. This release comes with many improvements around security configurations, resiliency, and platform flexibility and we’re excited for everyone to get their hands on it.
While we’re putting the finishing touches on the release, we wanted to give an overview in this blog post of the new capabilities for everyone attending API Summit 2024 this week. (Make sure you also catch Charly Molter’s session on “Demystifying the Latest in Kong Mesh” on September 11th at 5:05pm EST!).
Kong Mesh has long had the ability to implement mTLS across all the services in a mesh. However, until now users have been limited to implementing either strict or permissive mode on a per-mesh basis.
In Kong Mesh 2.9, we’re releasing an oft-requested feature in the form of a new MeshTLS policy. This policy allows very granular configuration of the TLS behaviors within the mesh and enables users to specifically target exactly the services they want with TLS modes, allowed ciphers, TLS versions, and more.
Below is an example of a new (universal mode) MeshTLS policy that enforces default TLS versions and ciphers in permissive mode across all the applications in a mesh.
And below is an example of a new (Kubernetes mode) MeshTLS policy that restricts the TLS mode to strict for the billing service.
This new capability will be especially useful for those teams who are incrementally onboarding their applications into Kong Mesh and where each application team has different requirements around TLS configurations. The granular nature of the new MeshTLS policy will allow each application to be targeted independently with different configuration sets enabling a smooth transition from non-mesh to mesh operations.
Kubernetes supports probes to test the health and readiness of running applications. Because mesh technologies capture the inbound traffic to all applications, we developed "virtual probes" some time ago to expose listeners for these probes and ensure users retained a great out-of-the-box experience.
However, historically these probes (and our virtual proxy) only supported HTTP traffic. In Kong Mesh 2.9 we've completely revamped our virtual probe capabilities, replacing them with "Application Probes" that support HTTP, GRPC, and TCP (the full suite of currently supported Kubernetes probes) and allow users much greater support when implementing probes for non-HTTP application types.
An example of how this (universal mode) Dataplane object would look with the new probes is shown below.
Meshes use redirection to capture network traffic and act on it. Much of the time this redirection uses some type of iptables implementation in the underlying OS. As the breadth of platforms being used for mesh deployments increases, so does the number of iptables implementations/mechanisms.
Some platforms use iptables, some use iptables-legacy, some nftables (a new implementation), etc. In order to increase our support across all of these customer deployment targets, we’ve completely revamped our iptables detection and configuration capabilities.
As of 2.9 we have much more robust detection methods for the implementation of iptables on platform OSes. And in the event that they still aren’t able to auto-configure correctly, we've also introduced a configuration section allowing users to override the path when installing the transparent proxy from `kumactl` (as shown below).
This capability will reduce debugging time for platform teams deploying Kong Mesh into their environment and ensures that whatever platform they want to deploy to is well-supported.
Kong Mesh 2.9 adds some oft-requested and powerful additional features and configuration options for customers to deploy and integrate mesh into their environments while ensuring a smooth onboarding experience for their application teams and partners.
Take advantage of these innovations to take your organization to the next level. With Kong Mesh 2.9, you can achieve a service mesh environment that aligns perfectly with your unique requirements and objectives.
Want to see Kong Mesh in action? Request a demo or download Kong Mesh today.
What Is Terraform? Terraform is an infrastructure-as-code (IaC) tool developed by HashiCorp. It allows users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL
We’re at it again, bringing more incremental improvements to Kong Mesh! Built on top of Kuma, Kong Mesh brings much-needed simplicity and production-grade tooling. Kong Mesh is built for smooth operations with platform teams in mind, providing secu
Kong Mesh 2.7 is here! And with it come a slew of new features to make our simple and powerful enterprise service mesh even easier to use and more powerful for your particular needs. In this blog post, we'll cover the new features and show how Kong
The first release of Kong Mesh for 2024 (version 2.6) brings many new features that ease day 0 for new starters of service mesh reinforcing our goal of making a simple yet powerful product! In this blog, we'll break down these new features and provi
The latest release of Kong Mesh (version 2.5) brings many new features that push the envelope and make Kong Mesh the logical choice of a service mesh to meet your objectives. In this blog, we'll break down these new features and provide tailored us
In the ever-evolving landscape of digital business operations, staying ahead of the curve requires constant adaptation and innovation. Kong Mesh 2.4 contains several enhancements to help your organization's infrastructure be more efficient. In this
In today’s interconnected and dynamic world of microservices, ensuring optimal traffic management and protection against malicious attacks are critical. Rate limiting , a popular mechanism for controlling request flow, gets more effortless with the