• The API Platform for AI.

      Explore More
      Platform Runtimes
      Kong Gateway
      • Kong Cloud Gateways
      • Kong Ingress Controller
      • Kong Operator
      • Kong Gateway Plugins
      Kong AI Gateway
      Kong Mesh
      • Kong Mesh Policies
      Platform Core Services
      • Gateway Manager
      • Mesh Manager
      • Service Catalog
      Platform Applications
      • Developer Portal
      • API and AI Analytics
      • API Products
      Development Tools
      Kong Insomnia
      • API Design
      • API Testing and Debugging
      Self-Hosted API Management
      Kong Gateway Enterprise
      Kong Open Source Projects
      • Kong Gateway OSS
      • Kuma
      • Kong Insomnia OSS
      • Kong Community
      Get Started
      • Sign Up for Kong Konnect
      • Documentation
    • Featured
      Open Banking SolutionsMobile Application API DevelopmentBuild a Developer PlatformAPI SecurityAPI GovernanceKafka Event StreamingAI GovernanceAPI Productization
      Industry
      Financial ServicesHealthcareHigher EducationInsuranceManufacturingRetailSoftware & TechnologyTransportation
      Use Case
      API Gateway for IstioBuild on KubernetesDecentralized Load BalancingMonolith to MicroservicesObservabilityPower OpenAI ApplicationsService Mesh ConnectivityZero Trust SecuritySee all Solutions
      Demo

      Learn how to innovate faster while maintaining the highest security standards and customer trust

      Register Now
  • Customers
    • Documentation
      Kong KonnectKong GatewayKong MeshKong AI GatewayKong InsomniaPlugin Hub
      Explore
      BlogLearning CentereBooksReportsDemosCase StudiesVideos
      Events
      API SummitWebinarsUser CallsWorkshopsMeetupsSee All Events
      For Developers
      Get StartedCommunityCertificationTraining
    • Company
      About UsWhy Kong?CareersPress RoomInvestorsContact Us
      Partner
      Kong Partner Program
      Security
      Trust and Compliance
      Support
      Enterprise Support PortalProfessional ServicesDocumentation
      Press Release

      Kong Advances Konnect Capabilities to Propel Today’s API Infrastructures into the AI Era

      Read More
  • Pricing
  • Login
  • Get a Demo
  • Start for Free
Blog
  • Engineering
  • Enterprise
  • Learning Center
  • Kong News
  • Product Releases
    • API Gateway
    • Service Mesh
    • Insomnia
    • Kubernetes
    • API Security
    • AI Gateway
  • Home
  • Blog
  • Product Releases
  • Kong Mesh and Kuma 2.0 Released with eBPF Support, Next-Gen Policies
Product Releases
November 4, 2022
4 min read

Kong Mesh and Kuma 2.0 Released with eBPF Support, Next-Gen Policies

John Harris
Principal PM Kong Mesh & Kuma

Today we’re excited to announce the release of Kong Mesh and Kuma 2.0. With this new major release, we’re announcing the first availability of our next-generation policies, in addition to new eBPF capabilities.

2.0 is also significant as we have unified the version scheme between Kong Mesh and Kuma. Previously, Kuma versions had an n-1 version naming convention when compared with Kong Mesh. This was mainly for legacy reasons, so we're happy to unify the versions and eliminate a minor source of confusion for customers and the community.

In order to take advantage of the latest and greatest in service mesh, we strongly suggest upgrading to Kong Mesh 2.0. Upgrading is easy through kumactl or Helm and doesn't require any special steps (despite being a major release).

Notable features:

  • Added support for eBPF into both our CNI and init container configurations. Using eBPF can improve the performance of traffic flow latency by up to 12%.
  • Added the first 3 next-generation policy updates:
    • MeshTrafficPermission
    • MeshTrafficLog
    • MeshTrafficTrace
  • Workloads on AWS ECS can now use IAM service identity to obtain Mesh bootstrap tokens.
  • Multiple improvements to the UI as part of an ongoing effort to simplify and enrich the functionality of our admin dashboard. Specifically in 2.0 we're releasing:
    • New YAML / JSON search and syntax highlighting for policies and Envoy configuration dumps
    • Filtering and column customization capabilities for Data Plane Proxies
    • Simplified, more intuitive navigation structure
  • We have added the ability to configure auditing for all RBAC (Role-Based Access Control) and policy actions.
  • Improved our Datadog integration to record ingress and egress requests as separate services, allowing for easier debugging.
  • It is now possible to configure the specific TLS versions and ciphers that are supported by the control-plane / API server.
  • Users are now able to configure multiple UIDs to be ignored by traffic redirection (useful to workaround some issues with systemd-resolver).
  • Increased logging capabilities when using iptables for traffic redirection.

For more details, reference the Kong Mesh Changelog.

eBPF Support

eBPF is a technology gaining a lot of traction and popularity, especially in the cloud native world. We see many potential applications of eBPF for traffic flow, performance, and monitoring use cases. With this 2.0 release of Kong Mesh and Kuma, we’ve focused on some performance improvements and added the ability to replace iptables with eBPF for traffic redirection within the mesh.

We’re utilizing the Merbridge OSS project within our eBPF capabilities and are very excited that we’ve been able to contribute back to that library and become co-maintainers. We look forward to working more with the Merbridge team as we continue to explore different areas to include eBPF functionality in Kong Mesh and Kuma.

Figure 1: iptables vs eBPF latency comparison

Next Generation (2.0) Policies

In the last year or so, we’ve seen customer and user environments grow more complex, and teams leaning into self-service models with platform-defined sensible defaults.

To help with these use cases, we've begun re-designing the ‘next generation' of policies in Kong Mesh and Kuma. Some of these new policies will feature additional configuration options that don't exist today, and all of them will feature a new selector mechanism that makes it easy for multiple teams to apply policy at different levels of granularity with an application environment.

As shown in the sample below, the new selectors use a targetRef system (inspired by GatewayAPI) to select which meshes, services, data plane proxies, etc. are targeted by specific policies. Multiple rules can be specified in the same policy (as supported today) or many different policies can be created targeting different subsets. Our new policy system will merge these all together with the correct precedence rules before calculating and pushing the configuration out to the Envoy dataplane.

Figure 2 : Example of a next-gen MeshTrafficPermission policy

We’re going to be releasing new versions of all mesh policies over the coming few releases, and in 2.0 we’re pleased to announce that the following next-gen policies are implemented:

  • MeshTrafficPermission
  • MeshTrafficLog
  • MeshTrafficTrace

Head over to the docs to check out how to use the new policies and selectors.

RBAC Audit

We released the ability to configure Role Based Access Control (RBAC) several versions ago, and in 2.0 we're continuing to enhance that feature by adding the ability to audit log any actions (policy updates, RBAC changes, etc.) that happen in Kong Mesh.

RBAC audit logging can be configured to send logs to a different sink to your regular application logs, ensuring the ability to keep these more security-focused events separated from standard output logs. We also emit these logs in a structured JSON format, allowing for easy indexing and search in your logging backend of choice.

Figure 3: Sample RBAC audit log entry

UI Improvements

In 2.0, we’re releasing the first stage of our complete UI renovation project. In today's version, you’ll see that the UI navigation has been simplified and made more intuitive to explore.

We’ve also revamped the service and data plane proxy list views, adding field filtering and customization capabilities. Additionally, after clicking a data plane proxy, you'll now be able to view a fully formatted and searchable Envoy configuration for better troubleshooting and visibility.

Figure 4 : New UI DPP view with filtering and column customization

We're excited about how the UI is looking and many more UI improvements are coming in the next few releases so stay tuned!

Get in touch to learn more about Kong Mesh and how to build an enterprise service mesh. You can also download Kong Mesh and get started for free.

Topics:Service Mesh
|
Kuma
Powering the API world

Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

Sign up for Kong newsletter

Platform
Kong KonnectKong GatewayKong AI GatewayKong InsomniaDeveloper PortalGateway ManagerCloud GatewayGet a Demo
Explore More
Open Banking API SolutionsAPI Governance SolutionsIstio API Gateway IntegrationKubernetes API ManagementAPI Gateway: Build vs BuyKong vs PostmanKong vs MuleSoftKong vs Apigee
Documentation
Kong Konnect DocsKong Gateway DocsKong Mesh DocsKong Insomnia DocsKong Plugin Hub
Open Source
Kong GatewayKumaInsomniaKong Community
Company
About KongCustomersCareersPressEventsContactPricing
  • Terms•
  • Privacy•
  • Trust and Compliance
  • © Kong Inc. 2025