We’re excited to announce the release of Kuma 2.8, featuring new and exciting capabilities such as MeshExternalService
, MeshPassthrough
policy, along with numerous improvements and groundwork for future developments.
In Kuma 2.8.x external services were fully redesigned with 2 distinct policies:
MeshExternalService
which is easier and more flexible than the previous ExternalService
.MeshPassthrough
which provides a way to dynamically escape the mesh. This is especially useful, for allowing wildcard domains or when using SaaS providers which already provide their own security.We believe this level of flexibility will make integrations between what lives inside and outside the mesh very straightforward.
Feel free to check our release notes for the full list of changes.
Since 2.7.x we’ve started a strong redesign of how services are defined in Kuma.
We started by introducing MeshService
which brings and easier way to define and track a service.
In 2.8.x MeshExternalService
provides a way to define a service which doesn’t run with sidecars.
It’s very clearly defined and HostnameGenerator
enables you to define how to reach the service.
The following example shows how to expose httpbin as a service inside the mesh accessible through the address mes-http.svc.meshext.local:80
.
apiVersion: kuma.io/v1alpha1
kind: HostnameGenerator
metadata:
name: example
namespace: kuma-system
labels:
kuma.io/mesh: default
spec:
selector:
meshExternalService:
matchLabels:
kuma.io/origin: zone
template: "{{ .DisplayName }}.svc.meshext.local"
---
apiVersion: kuma.io/v1alpha1
kind: MeshExternalService
metadata:
name: mes-http
namespace: kuma-system
labels:
kuma.io/mesh: default
spec:
match:
type: HostnameGenerator
port: 80
protocol: http
endpoints:
- address: httpbin.org
port: 80
In the coming releases of Kuma we’ll be providing a default HostnameGenerator
and potential extensions for integrating with complex infrastructure like AWS lambda.
MeshPassthrough
enables users to allow traffic to exit the mesh directly at the sidecar.
This feature has existed in Kuma for a long time. However, as we were discussing with users it was becoming clear that it wasn’t granular enough.
With the advent of advanced policy matching we realised that it was easy to build a policy that would enable users to specify powerful passthrough rules.
In 2.8 we’re excited to finally ship a new policy: MeshPassthrough
.
Use cases for using passthrough mode are:
Policies can be composed together :
apiVersion: kuma.io/v1alpha1
kind: MeshPassthrough
metadata:
name: passthrough-mongo
labels:
kuma.io/mesh: default
spec:
targetRef:
kind: MeshSubset
tags:
mongo-allowed: "true"
default:
passthroughMode: Matched
appendMatch:
- type: Domain
value: "*.h80seek.mongodb.net"
port: 27017
protocol: tls
apiVersion: kuma.io/v1alpha1
kind: MeshPassthrough
metadata:
name: passthrough-confluent
labels:
kuma.io/mesh: default
spec:
targetRef:
kind: MeshSubset
tags:
kafka-allowed: "true"
default:
passthroughMode: Matched
appendMatch:
- type: Domain
value: "*.europe-west1.gcp.confluent.cloud"
port: 9092
protocol: tls
Here depending on the labels on your data plane proxy you may be able to access directly mongo, confluent cloud or both.
With these two new features we’re hoping that migrating existing services to the mesh will become easier. This is a workflow we’re focusing on and we’d love to hear from your experience.
We strongly suggest upgrading to Kuma 2.8.0. Upgrading is easy through kumactl
or Helm.
Be sure to carefully read the upgrade Guide and the version specific upgrade notes before upgrading Kuma.
Join us on our community channels, including official Slack chat, to learn more about Kuma. The community channels are useful for getting up and running with Kuma, as well as for learning how to contribute to and discuss the project roadmap. Kuma is a CNCF Sandbox project: neutral, open and inclusive.
The community call is hosted on the second Wednesday of every Month at 8:30 AM PDT. And don’t forget to follow Kuma on Twitter and star it on GitHub!
Sign up for our Kuma community newsletter to get the most recent updates and product announcements.
Thank you!
You're now signed up for the Kuma newsletter.
Whoops!
Something went wrong! Please try again later.