-
Notifications
You must be signed in to change notification settings - Fork 90
Commit
Signed-off-by: Charly Molter <charly.molter@konghq.com>
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
--- | ||
title: Kuma 2.4 release with sidecar lifecycle, metrics TLS and multi-zone improvements | ||
description: Kuma 2.4 release with sidecar lifecycle, metrics TLS and multi-zone improvements | ||
date: 2023-08-28 | ||
headerImage: /assets/images/blog/test-header.jpg | ||
tags: | ||
- Release | ||
--- | ||
|
||
We’re excited to announce the release of Kuma 2.4, a new minor release improves cross zone routing, adds a new alternative metrics TLS setup and improves observability further. | ||
Check warning on line 10 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
## Upgrading | ||
|
||
We strongly suggest upgrading to Kuma 2.4.0. Upgrading is easy through `kumactl` or Helm. | ||
Check warning on line 14 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
Be sure to carefully read the [Upgrade Guide](https://github.com/kumahq/kuma/blob/master/UPGRADE.md) before upgrading Kuma. | ||
|
||
## Notable features: | ||
|
||
* 🚀 Support for user provided certificates to be used to scrape from prometheus securely. | ||
Check warning on line 19 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
Check failure on line 19 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
* 🚀 Add multi-zone support for `VirtualOutbound`. | ||
* 🚀 Wait for sidecar to be ready before starting the app. | ||
* 🚀 Add `MeshGateway targetRef` support to: `MeshHealthCheck`, `MeshRetry` and `MeshTimeout`. | ||
* 🚀 Many improvements to the GUI. | ||
* 🚀 Improved kubectl support with `targetRef` policies. | ||
* 🚀 Upgrade to Envoy 1.27. | ||
|
||
And a lot more! Check out the full [release notes](https://github.com/kumahq/kuma/releases/tag/2.4.0) to see everything in this release. | ||
Check failure on line 27 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
## User provided metrics certificate. | ||
Check warning on line 29 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
Up until now, there was only two ways to configure how stats were exposed: | ||
Check warning on line 31 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
1. No security | ||
2. With the mesh mTLS | ||
|
||
The second option requires the prometheus instance to run inside the mesh, | ||
Check failure on line 36 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
which can be difficult to put in place when the Prometheus instances are shared with applications outside the mesh. | ||
Check warning on line 37 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
To address this, we are adding support for user provided certificates. | ||
Check warning on line 39 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
Check warning on line 39 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
This allows you to use your own certificates to secure the traffic between the Prometheus instance and the Kuma mesh. | ||
|
||
```yaml | ||
apiVersion: kuma.io/v1alpha1 | ||
kind: Mesh | ||
metadata: | ||
name: default | ||
spec: | ||
metrics: | ||
enabledBackend: prometheus-1 | ||
backends: | ||
- name: prometheus-1 | ||
type: prometheus | ||
conf: | ||
tls: | ||
mode: activeMTLSBackend | ||
port: 5670 | ||
path: /metrics | ||
tags: # tags that can be referred in Traffic Permission when metrics are secured by mTLS | ||
kuma.io/service: dataplane-metrics | ||
``` | ||
You can then set the environment variables `KUMA_DATAPLANE_RUNTIME_METRICS_CERT_PATH` and `KUMA_DATAPLANE_RUNTIME_METRICS_KEY_PATH` when a dataplane starts and have them | ||
point to the certificate you want to use. | ||
|
||
In Kubernetes you'll [container-patches](/docs/latest/production/dp-config/dpp-on-kubernetes/#custom-container-configuration). | ||
|
||
Note that as part of this change we're deprecating `skipMTLS` in favour of `tls.mode`. | ||
Check warning on line 67 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
While you can still use `skipMTLS` we'll remove this syntax in a future release of Kuma. | ||
Check warning on line 68 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
## Cross-Zone routing improvements | ||
|
||
The powerfulness of cross zone routing in Kuma is one of the reason that it stands out as a service mesh. | ||
Unfortunately up until now [`VirtualOutbound`](/docs/latest/policies/virtual-outbound) were not supported cross-zone. | ||
|
||
Kuma 2.4.0 adds support for cross-zone routing for VirtualOutbounds. This means that you can now securely access services in remote zones, such as a Kafka cluster. | ||
|
||
## Wait for sidecar to be ready before starting the app | ||
|
||
TODO missing docs! | ||
Check failure on line 79 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
In Kubernetes, the sidecar and the application containers start in parallel. This could lead to problems if the network was not available when the sidecar started. | ||
|
||
Kuma 2.4.0 allows you to configure the sidecar to wait until it is ready before starting the application container. | ||
This ensures that the application container has access to the network when it starts. | ||
|
||
To do so, use the control plane config `runtime.kubernetes.injector.sidecar.waitForDataplaneReady=true` for the application container | ||
to not start before the sidecar is ready. | ||
You can also restrict this to a pod by using the annotation: `kuma.io/wait-for-dataplane-ready`. | ||
|
||
## Join the community! | ||
Check failure on line 90 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
|
||
Join us on our [community channels](https://kuma.io/community/), including official Slack chat, to learn more about Kuma. | ||
The community channels are useful for getting up and running with Kuma, as well as for learning how to contribute to and discuss the project roadmap. | ||
Kuma is a CNCF Sandbox project: neutral, open and inclusive. | ||
|
||
The community call is hosted [on the second Wednesday of every Month at 8:30am PDT](https://kuma.io/community/). | ||
Check failure on line 96 in app/_posts/2023-08-28-kuma-2-4-0.md GitHub Actions / Lint docs
|
||
And don't forget to follow Kuma [on Twitter](https://twitter.com/kumamesh) and star it [on GitHub](https://github.com/kumahq/kuma)! |