Featured image for a blog article titled Kuma 2.1 released with full suite of next-gen policies.

title: Kuma 2.1 released with full suite of next-gen policies description: Next gen policy, cross control-plane API and UI improvements. date: 2023-02-01 headerImage: /assets/images/blog/kuma_2_1_blog_banner.jpg canonicalUrl: https://konghq.com/blog/kong-mesh-kuma-2-1 tags:

  • Release

We are excited to announce the release of Kuma 2.1! In this release, we’re shipping the full suite of new and improved policies announced (and started) in 2.0. Additionally, we’re launching some more great UX improvements in the UI and a host of smaller fixes.

In order to take advantage of the latest and greatest in service mesh, we strongly suggest upgrading to Kuma 2.1. Upgrading is easy through kumactl or Helm and doesn’t require any special steps.

Notable features:

  • 🚀 Completed implementation of all next-generation policies, adding:
    • MeshHTTPRoute
    • MeshCircuitBreaker
    • MeshFaultInjection
    • MeshHealthCheck
    • MeshProxyPatch
    • MeshRateLimit
    • MeshRetry
    • MeshTimeout
  • 🚀 Added support for header absence matching in traffic routes
  • 🚀 Ability to filter admin API output
  • 🚀 Added gateway view to the UI
  • 🚀 Ability to filter by tags and types in the UI
  • 🚀 Cross control-plane API to be able to use inspect API on global when there are multiple instances of the CP
  • Various other bug fixes and quality-of-life improvements across the product

And a lot more! Checkout the full release notes to see everything in this release.

Full Next Generation (TargetRef) Policy Suite

In our last major release (2.0) we released the first few policies featuring our new, more flexible, more powerful matching system. Matching is how users define which entities their policies apply to, and can get quite complex.

As a refresher, the new selectors use a targetRef system (inspired by GatewayAPI) to select which meshes, services, data plane proxies, etc. are targeted by specific policies. Multiple rules can be specified in the same policy (as supported today) or many different policies can be created targeting different subsets. With the new policy system in Mesh 2.1 the policies will be merged together in the correct precedence rules before calculating and pushing the configuration out to the Envoy dataplane. If you want to read more about the reasoning behind switching and the design of this new policy matching system, check out the blog post Flexible Policy Match in Kuma 2.0 by the Mesh Engineering Manager at Kong and core Kuma contributor Charly.

Below is an example of a new MeshHTTPRoute using targetRef selectors:

apiVersion: kuma.io/v1alpha1
kind: MeshHTTPRoute
metadata:
 name: http-route-1
 namespace: kuma-system
 labels:
   kuma.io/mesh: default
spec:
 targetRef:
   kind: MeshService
   name: frontend_kuma-demo_svc_8080
 to:
   - targetRef:
       kind: MeshService
       name: backend_kuma-demo_svc_3001
     rules:
       - matches:
           - path:
               type: Prefix
               value: /
         default:
           backendRefs:
             - kind: MeshServiceSubset
               name: backend_kuma-demo_svc_3001
               tags:
                 version: "v0"
               weight: 90
             - kind: MeshServiceSubset
               name: backend_kuma-demo_svc_3001
               tags:
                 version: "v1"
               weight: 10

In this example, we can see that we’re applying the policy to our frontend service, and specifying that all the traffic flowing to our backend service at the /api path should be balanced between version 1.0 and 2.0 according to the weighting configuration in the policy.

While slightly more verbose than the previous TrafficRoute policy, this new selector scheme allows more flexible and granular control. Additionally, we’ll now take care of merging (according to the documented precedence rules) policies that target the same data plane proxies, rather than only choosing the most specific policy (as was the case pre v2.0).

In 2.0 we implemented 3 policies using this new matching system:

  • MeshTrafficPermission
  • MeshAccessLog
  • MeshTrafficTrace

In 2.1 we’re pleased to announce that we have completed transitioning all of the additional policies to the new system:

  • MeshHTTPRoute (partially replaces TrafficRoute)
  • MeshCircuitBreaker
  • MeshFaultInjection
  • MeshHealthCheck
  • MeshProxyPatch (replaces ProxyTemplate)
  • MeshRateLimit
  • MeshRetry
  • MeshTimeout

Head over to the docs to check out how to use the new policies and selectors.

Continued UI & UX Improvements

In 2.1 we’re continuing our work streamlining the UX in our dashboard by simplifying the navigation options and adding various other look and feel tweaks.

New, cleaner navigation menu in Kuma GUI Figure 1 - New, cleaner navigation menu

Having quick access to the visualization of the policies is critical for managing complex applications. In order to simplify that all of the Kong Mesh policies have been collapsed into a single Policies screen and are now accessible via a dropdown when navigating through them, as shown in Figure 2.

Policies are now listed in a dropdown in Kuma GUI Figure 2 - Policies are now listed in a dropdown

Furthering the simplification of management, we’ve also added the ability to filter in the UI via a number of metadata fields (e.g., name, tag). These can be combined to provide very specific views of your data planes and services:

New metadata filtering available in the UI and API Figure 3 - New metadata filtering available in the UI and API

Debugging Envoy configuration is essential when operating a mesh, so we’ve made it easy to see full XDS configuration for each data plane proxy in the UI, including a regex-enabled search capability to inspect config dump information without having to manually interact with the cluster.

Live search and debugging capabilities for Envoy data plane configuration Figure 4 - Live search and debugging capabilities for Envoy data plane configuration

We’re excited about how the UI is looking and many more UI improvements are coming in the next few releases, so stay tuned!

Upgrading

Be sure to carefully read the Upgrade Guide before upgrading Kuma.

Join the community!

Join us on our community channels, including our official Slack chat, to learn more about Kuma. The community channels are useful for getting up and running with Kuma, as well as for learning how to contribute to and discuss the project roadmap. Kuma is a CNCF Sandbox project: neutral, open and inclusive.

The community call is hosted on the second Wednesday of every Month at 8:30am PDT. And don’t forget to follow Kuma on Twitter and star it on GitHub!

Get Community Updates

Sign up for our Kuma community newsletter to get the most recent updates and product announcements.