Service mesh Kong Mesh 1.2 is now available, putting a strong focus on security through the integration of the Open Policy Agent (OPA), authentication between global and remote control planes, and FIPS 140-2 compliance.
OPA is a newly graduated Cloud Native Computing Foundation project which implements a general purpose policy engine to provide fine-grained, policy-based control across a cloud native stack, and helps to separate policies and service code. The project is receiving lots of interest, though teams should be aware that OPA is currently on version 0.27 and can still go through major changes, which might make it unsuitable for production use.
Those who want to make use of it now can do so via Kong Mesh 1.2, which embeds the Agent into the data plane proxy sidecar, so that there’s no need to deploy additional sidecars first. Combined with Kong Gateway, which supports OPA as well, the new functionality could be useful for authentication and authorisation across a system spanning gateways, service meshes, Kubernetes clusters, and VMs.
Version 1.2 has also added an enterprise authentication mechanism between global and remote control planes to make multi-zone scenarios better controllable, and provides FIPS 140-2 compliance on every official distribution.
Kong Mesh is an enterprise-focussed product which is largely based on the company’s universal service mesh Kuma, which has just been released in version 1.1 and was welcomed into the CNCF sandbox last summer. The latest release features a new policy timeout, a default retry policy, and introduces the concept of the Global Scoped Secret.
Just last week Kong pushed out its latest release of API client and design platform Insomnia, which saw the Core and Designer aspects merged into a single product. Kong released Insomnia Designer as a standalone project in 2020 as it wasn’t sure the capabilities would be useful to developers. Since then, the team has seen many Core users switching to Designer, which is why its features have now been moved into the single product.
While Core users can simply update their system directly and get access to things like git sync support and unit tests for request collections, Designer users will have to migrate their data, plugins and settings to Insomnia if they want to stay up to date. Additional updates for the Designer application aren’t planned.