We are excited to announce the release of Kuma 2.0! This new major release is super exciting as we announce the first availability of our next generation policies, in addition to new eBPF capabilities!
In order to take advantage of the latest and greatest in service mesh, we strongly suggest upgrading to Kuma 2.0. Upgrading is easy through
kumactl or Helm and doesn’t require any special steps (despite being a major release).
And a lot more! Checkout the full release notes to see everything in this release.
eBPF is a technology that is gaining a lot of traction and popularity, especially in the cloud native world. We see many potential applications of eBPF for traffic flow, performance, and monitoring use cases. With this 2.0 release of Kuma we have focused on some performance improvements and added the ability to replace iptables with eBPF for traffic redirection within the mesh.
We are utilizing the Merbridge OSS project within our eBPF capabilities and are very excited that we have been able to contribute back to that library and become co-maintainers. We look forward to working more with the Merbridge team as we continue to explore different areas to include eBPF functionality in Kuma.
In the last year or so, we have seen customer & user environments grow more complex, and teams leaning into self-service models with platform-defined sensible defaults. To help with these use cases we’ve begun re-designing the ‘next generation’ of policies in Kuma. Some of these new policies will feature additional configuration options that don’t exist today, and all of them will feature a new selector mechanism that makes it easy for multiple teams to apply policy at different levels of granularity with an application environment.
As shown in the sample below, the new selectors use a
targetRef system (inspired by GatewayAPI) to select which meshes, services, data plane proxies, etc… are targeted by specific policies. Multiple rules can be specified in the same policy (as supported today) or many different policies can be created targeting different subsets. Our new policy system will merge these all together with the correct precedence rules before calculating and pushing the configuration out to the Envoy dataplane.
type: MeshTrafficPermission mesh: mesh-1 name: permissions spec: targetRef: kind: MeshService name: backend from: - targetRef: kind: Mesh name: mesh-1 default: action: DENY - targetRef: kind: MeshServiceSubset name: backend tags: version: v2 default: action: ALLOW
We are going to be releasing new versions of all mesh policies over the coming few releases, and in 2.0 we are pleased to announce that the following next gen policies are implemented:
Head over to the docs to check out how to use the new policies..
In 2.0 we are releasing the first stage of our complete UI renovation project. In today’s version you will see that the UI navigation has been simplified and made more intuitive to explore.
We have also revamped the service and data plane proxy list views, adding field filtering and customization capabilities. Additionally, after clicking a data plane proxy, you’ll now be able to view a fully formatted and searchable Envoy configuration for better troubleshooting and visibility.
We’re excited about how the UI is looking and many more UI improvements are coming in the next few releases so stay tuned!
Be sure to carefully read the Upgrade Guide before upgrading Kuma.
Join us on our community channels, including our official Slack chat, to learn more about Kuma. The community channels are useful for getting up and running with Kuma, as well as for learning how to contribute to and discuss the project roadmap. Kuma is a CNCF Sandbox project: neutral, open and inclusive.
The community call is hosted on the second Wednesday of every Month at 8:30am PDT. And don’t forget to follow Kuma on Twitter and star it on GitHub!
Sign up for our Kuma community newsletter to get the most recent updates and product announcements.
You're now signed up for the Kuma newsletter.
Something went wrong! Please try again later.