Kuma Star
← Back to Blog

Kuma 0.3.1 Released with Third-Party CA Support, Health Checks, and a GUI!

/ 5 min read

At KubeCon North America 2019, the community provided us with a ton of feedback and feature requests. We’re proud to release some of the most widely requested features in our latest version of Kuma: third-party CA (Certificate Authority) support, health checks, and a GUI! Kuma’s new health checks will help minimize the number of failed requests between your application. The third-party CA support will provide more flexibility when deciding how to secure your mesh. Lastly, the GUI will help you visualize the mesh and its policies in an intuitive format! Let’s take a look at how each of these work.

For a complete list of features and updates, take a look at the full changelog.

Third-Party CA Support

Kuma has a built-in CA to issue certificates for data planes. Data plane certificates generated by Kuma are X.509 certificates that are SPIFFE compliant. However, sometimes you need to have the flexibility to use the CA that you’re already familiar with. Starting today, you have that choice when using Kuma with two quick changes. First is to use the new kumactl command to add a certificate with a key and cert file that you provide. This is full kumactl command would be:

kumactl manage ca provided certificates add --mesh demo --key-file key.pem --cert-file cert.pem

Once you add a certificate via kumactl, all you have to do is change the mesh resource to use a provided CA instead of the builtin CA. The new mesh resource would look like this:

type: Mesh
name: default
mtls:
  enabled: true
  ca:
    provided: {}

By changing the CA to provided, the control plane will use a CA certificate provided by a user to sign certificates of individual data planes.

Health Checks

The objective of the health checks functionality is to dynamically mark individual endpoints as healthy or unhealthy. This is desirable since at a given point, one source service may be able to connect to a destination service successfully while another service is failing to reach it – the first node will consider it healthy, while the second will mark it as unhealthy and start routing traffic to other data planes.

Kuma supports two kinds of health checks, which can be used separately or in conjunction:

  • Active Checks: Where the data plane periodically sends requests to a destination endpoint, and the health of the target is determined based on its response
  • Passive Checks (also known as outlier detection): Where the data planes analyze the ongoing traffic being proxied and determines the health of targets based on their behavior responding requests.

To configure active health checks, you would add the new HeathCheck policy as shown below:

type: HealthCheck
name: web-to-backend
mesh: default
sources:
  - match:
      service: web
destinations:
  - match:
      service: backend
conf:
  activeChecks:
    interval: 5s
    timeout: 1s
    unhealthyThreshold: 1
    healthyThreshold: 1

This is how you would easily configure passive health checks:

type: HealthCheck
name: web-to-backend
mesh: default
sources:
  - match:
      service: web
destinations:
  - match:
      service: backend
conf:
  passiveChecks:
    unhealthyThreshold: 3
    penaltyInterval: 5s

GUI

Kuma now ships with a basic web-based GUI that will serve as a visual overview of your data planes, meshes and various traffic policies. The Global Overview will provide a summary of all of the meshes found and allows you to switch between them. You can then view each entity and see how many data planes and traffic permissions, routes, and logs are associated with that particular mesh.

If you want to view information regarding a specific mesh, you can go to Overview and select the desired mesh from the pulldown at the top of the sidebar. You can then click on any of the overviews in the sidebar to view the entities and policies associated with that mesh.

Let us know what else you would like to see in Kuma’s new GUI!

Community Calls + Slack

Join us on our community channels to learn more about Kuma, including our official Slack chat! The community channels are useful to get up and running with Kuma, as well as to learn how to contribute to and discuss the project roadmap.

Upgrading

Be sure to carefully read the Upgrade Guide before upgrading Kuma.

Get Community Updates

Sign up for our Kuma community newsletter to get the most recent updates and product announcements.