Kuma Star
← Back to Blog

Kuma 2.0 Released with eBPF support, Next Gen Policies and New UI Improvements

/ 5 min read
Featured image for a blog article titled Kuma 2.0 Released with eBPF support, Next Gen Policies and New UI Improvements.

We are excited to announce the release of Kuma 2.0! This new major release is super exciting as we announce the first availability of our next generation policies, in addition to new eBPF capabilities!

In order to take advantage of the latest and greatest in service mesh, we strongly suggest upgrading to Kuma 2.0. Upgrading is easy through kumactl or Helm and doesn’t require any special steps (despite being a major release).

Notable features:

  • 🚀 We have added support for eBPF into both our CNI and init container configurations. Using eBPF can improve the performance of traffic flow latency by up to 12%.
  • 🚀 Added the first 3 next generation policy updates:
    • MeshTrafficPermission
    • MeshTrafficLog
    • MeshTrafficTrace
  • 🚀 We have made multiple improvements to the UI as part of an ongoing effort to simplify and enrich the functionality of our admin dashboard. Specifically in 2.0 we’re releasing:
    • New YAML / JSON search and syntax highlighting for policies and Envoy configuration dumps
    • Filtering and column customization capabilities for Data Plane Proxies
    • Simplified, more intuitive navigation structure
  • 🚀 Improved our Datadog integration to record ingress and egress requests as separate services, allowing for easier debugging.
  • 🚀 It is now possible to configure the specific TLS versions and ciphers that are supported by the control-plane / API server.
  • 🚀 Users are now able to configure multiple UIDs to be ignored by traffic redirection (useful to workaround some issues with systemd-resolver).
  • 🚀 Increased logging capabilities when using iptables for traffic redirection.

And a lot more! Checkout the full release notes to see everything in this release.

eBPF support

eBPF is a technology that is gaining a lot of traction and popularity, especially in the cloud native world. We see many potential applications of eBPF for traffic flow, performance, and monitoring use cases. With this 2.0 release of Kuma we have focused on some performance improvements and added the ability to replace iptables with eBPF for traffic redirection within the mesh.

Kuma Mesh eBPF Performance Improvements

We are utilizing the Merbridge OSS project within our eBPF capabilities and are very excited that we have been able to contribute back to that library and become co-maintainers. We look forward to working more with the Merbridge team as we continue to explore different areas to include eBPF functionality in Kuma.

Next Generation (TargetRef) Policies

In the last year or so, we have seen customer & user environments grow more complex, and teams leaning into self-service models with platform-defined sensible defaults. To help with these use cases we’ve begun re-designing the ‘next generation’ of policies in Kuma. Some of these new policies will feature additional configuration options that don’t exist today, and all of them will feature a new selector mechanism that makes it easy for multiple teams to apply policy at different levels of granularity with an application environment.

As shown in the sample below, the new selectors use a targetRef system (inspired by GatewayAPI) to select which meshes, services, data plane proxies, etc… are targeted by specific policies. Multiple rules can be specified in the same policy (as supported today) or many different policies can be created targeting different subsets. Our new policy system will merge these all together with the correct precedence rules before calculating and pushing the configuration out to the Envoy dataplane.

type: MeshTrafficPermission
mesh: mesh-1
name: permissions
spec:
 targetRef:
   kind: MeshService
   name: backend
 from:
   - targetRef:
       kind: Mesh
       name: mesh-1
     default:
       action: DENY
   - targetRef:
       kind: MeshServiceSubset
       name: backend
       tags:
         version: v2
     default:
       action: ALLOW

We are going to be releasing new versions of all mesh policies over the coming few releases, and in 2.0 we are pleased to announce that the following next gen policies are implemented:

  • MeshTrafficPermission
  • MeshTrafficLog
  • MeshTrafficTrace

Head over to the docs to check out how to use the new policies..

UI Improvements

In 2.0 we are releasing the first stage of our complete UI renovation project. In today’s version you will see that the UI navigation has been simplified and made more intuitive to explore.

We have also revamped the service and data plane proxy list views, adding field filtering and customization capabilities. Additionally, after clicking a data plane proxy, you’ll now be able to view a fully formatted and searchable Envoy configuration for better troubleshooting and visibility.

Kuma Mesh User Interface Improvements

We’re excited about how the UI is looking and many more UI improvements are coming in the next few releases so stay tuned!

Upgrading

Be sure to carefully read the Upgrade Guide before upgrading Kuma.

Join the community!

Join us on our community channels, including our official Slack chat, to learn more about Kuma. The community channels are useful for getting up and running with Kuma, as well as for learning how to contribute to and discuss the project roadmap. Kuma is a CNCF Sandbox project: neutral, open and inclusive.

The community call is hosted on the second Wednesday of every Month at 8:30am PDT. And don’t forget to follow Kuma on Twitter and star it on GitHub!

Get Community Updates

Sign up for our Kuma community newsletter to get the most recent updates and product announcements.