The team behind service mesh Kuma has made it across the 1.0 finish line, declaring the CNCF sandbox project ready for production use.
Amongst the bigger features of the release is a new simplified multicluster flow. Instead of having to wait for a remote control plane to be deployed to get its Ingress address for applying a zone, teams can just deploy global and extract the public IP of global to consequently use it in the Deploy Remote command. Zone resources are created automatically when a remote initiates a stream to a global plane.
Other multi-zone enhancements include locality aware load-balancing to reduce multi-zone latency, and a new Ingress data plane type to automatically synchronise ingress data plane proxies to the global control plane.
However, as with most projects at the pre-major release stage, the Kuma team largely focused on bringing performance up to snuff and upping security to make the mesh more stable. As a result, Kuma 1.0 includes new capabilities to secure communication between data plane proxies and the control plane, and improve their connection in containerised environments not using Kubernetes.
Kuma 1.0 also learned to handle high loads on data plane proxies better, and promises boosted performance when running “tens of thousands of services”. Adjustments to the CLI and GUI are meant to help those interfaces keep up with higher demand when large amounts of resources are run. Users already familiar with Kuma will notice the reworked UI which includes a new sidebar that keeps items at a sub level visible to facilitate navigation.
A complete list of new features, including support for the protocol used in Apache Kafka and a new entity to track the number of mesh scoped resources for better insight, can be found in the project’s repository.
Kuma was originally developed at API gateway provider Kong, who introduced the service mesh in September 2019. The donation to the CNCF was announced in June 2020.
Besides helping to push Kuma to 1.0, Kong also released version 2.2 of Kong Enterprise, the company’s commercial version of its API gateway. As security is a growing concern among enterprise users, v2.2 contains an option to automatically load pre-installed certificates, and can now be run as a non-root user.
The gateway also now supports UDP-based protocols to cover communication between a wider range of applications, and it received some improvements to the OpenID Connect plugin, including a configuration parameter for passing along valid issuers, as well as additional adjustment measures to avoid cache collisions if several plugin instances are present.