We’re excited to announce the release of Kuma 2.12.
In Kuma 2.12.x we’ve focused on 3 main areas:
Feel free to check our release notes for the full list of changes.
MeshIdentity defines how workloads in a mesh obtain their cryptographic identity. It separates the responsibility of issuing identities from establishing trust, enabling Kuma to adopt SPIFFE-compliant practices while remaining flexible and easy to use.
With MeshIdentity, you can:
Whilst this provides SPIFFE-compliant practices, we also worked on being able to integrate with a SPIRE agent running on your Kubernetes nodes to be able to obtain their SPIFFE Verifiable Identity Documents:
apiVersion: kuma.io/v1alpha1
kind: MeshIdentity
metadata:
name: identity-spire
namespace: kuma-system
labels:
kuma.io/mesh: default
spec:
selector:
dataplane:
matchLabels: {}
spiffeID:
trustDomain: default.us-east.mesh.local
path: "/ns//sa/"
provider:
type: Spire
spire: {}
If you’re using SPIRE, it’s classed as the Trust authority for the mesh, and for customers that have not rolled out SPIRE in their organisations, we’ve also introduced the concept of MeshTrust.
This allows you to validate the workload identity back to the MeshTrust authority that you control. Currently, this is only supported on Kubernetes environments, and we’re working on cross-zone identity in the next release of Kuma.
Find out more information about MeshIdentity and MeshTrust here.
To help with how you consume, aggregate, and draw value from service-to-service metrics, as well as how to define Services and their Identity, we took on the rather large effort of introducing a consistent naming convention for Mesh resources.
This has a number of benefits, including being able to inspect individual resources through the Inspect API, as well as browsing resources in Mesh Manager.
We strongly suggest upgrading to Kuma 2.12.0. Upgrading is easy through kumactl
or Helm.
Be sure to carefully read the upgrade guide and the version specific upgrade notes before upgrading Kuma.
Join us on our community channels, including official Slack chat, to learn more about Kuma. The community channels are useful for getting up and running with Kuma, as well as for learning how to contribute to and discuss the project roadmap. Kuma is a CNCF Sandbox project: neutral, open and inclusive.
The community call is hosted on the second Wednesday of every Month at 8:30 AM PDT. And don’t forget to follow Kuma on Twitter and star it on GitHub!
Sign up for our Kuma community newsletter to get the most recent updates and product announcements.
Thank you!
You're now signed up for the Kuma newsletter.
Whoops!
Something went wrong! Please try again later.