Kuma, a service mesh technology, released version 2.1 with improved policies and an updated UI. The improved policies build upon the 2.0 release and move the remaining policies over to the new targetRef system. The targetRef system provides an improved matching system for defining policies.
Kuma is an open-source multi-zone service mesh for containers, Kubernetes, and VMs based on Envoy. It provides service mesh policies for security, traffic control, discovery, and observability. The recent 2.0 release changed how these policies are matched. This new model uses a targetRef system that is inspired by Kubernetes Gateway API. As described in the release blog post, "the new policy system in Mesh 2.1 the policies will be merged together in the correct precedence rules before calculating and pushing the configuration out to the Envoy dataplane."
Within this new policy matching system, a targetRef represents a logical group of dataplane proxies running in the mesh. There are four kinds of targetRef available each with a subsequently more specific selector: Mesh, MeshSubset, MeshService, and MeshServiceSubset. The targetRef can be used at the top level to specify the subset of proxies affected, or within From or To. The latter two are used to declare the subset of either incoming or outgoing traffic to apply the configuration against. Policies in Kuma now look like this:
type: ExamplePolicy
name: my-example
mesh: default
spec:
targetRef:
kind: Mesh
to:
- targetRef:
kind: Mesh
default: # Configuration that applies to outgoing traffic
key: value
from:
- targetRef:
kind: Mesh
default: # Configuration that applies to incoming traffic
key: value
This release sees the remaining next-generation policies that weren't updated in the previous release being updated to this new model. For example, the MeshRetry policy can be used to handle failures where the request could be retried. The following example retries on HTTP 500 error codes up to 10 times with a defined back-off:
apiVersion: kuma.io/v1alpha1
kind: MeshRetry
metadata:
name: web-to-backend-retry-http
namespace: kuma-system
labels:
kuma.io/mesh: default # optional, defaults to `default` if unset
spec:
targetRef:
kind: MeshService
name: web
to:
- targetRef:
kind: MeshService
name: backend
default:
http:
numRetries: 10
backOff:
baseInterval: 15s
maxInterval: 20m
retryOn:
- "5xx"
This release also introduces an improved user interface for Kuma. This includes both simplified navigation and a number of improvements to the general look and feel of the UI. It is now possible to filter in the UI using a number of metadata fields such as name or tag. These can also be combined to produce more advanced searches.
Other improvements to the interface include improvements to debugging. Full XDS configuration for each data plane proxy is now visible. This includes a regex-enabled search to inspect configuration dump information.
Kuma is open-source and available under the Apache-2.0 license. More details on the release can be found on the Kuma blog or within the release notes. There is also an upgrade guide available for the release.