feat: add blogpost for 2.4.0

Signed-off-by: Charly Molter <charly.molter@konghq.com>
kumahq · Aug 28, 2023 · ebd5f6b · ebd5f6b
1 parent 707fb92
commit ebd5f6b
Show file tree

Hide file tree

Showing 2 changed files with 98 additions and 1 deletion.
diff --git a/app/_posts/2023-08-28-kuma-2-4-0.md b/app/_posts/2023-08-28-kuma-2-4-0.md
@@ -0,0 +1,97 @@
+---
+title: Kuma 2.4 release with sidecar lifecycle, metrics TLS and multi-zone improvements 
+description: Kuma 2.4 release with sidecar lifecycle, metrics TLS and multi-zone improvements
+date: 2023-08-28
+headerImage: /assets/images/blog/test-header.jpg
+tags:
+  - Release
+---
+
+We’re excited to announce the release of Kuma 2.4, a new minor release improves cross zone routing, adds a new alternative metrics TLS setup and improves observability further. 
+
+## Upgrading
+
+We strongly suggest upgrading to Kuma 2.4.0. Upgrading is easy through `kumactl` or Helm.
+Be sure to carefully read the [Upgrade Guide](https://github.com/kumahq/kuma/blob/master/UPGRADE.md) before upgrading Kuma.
+
+## Notable features:
+
+* 🚀 Support for user provided certificates to be used to scrape from prometheus securely. 
+* 🚀 Add multi-zone support for `VirtualOutbound`. 
+* 🚀 Wait for sidecar to be ready before starting the app. 
+* 🚀 Add `MeshGateway targetRef` support to: `MeshHealthCheck`, `MeshRetry` and `MeshTimeout`. 
+* 🚀 Many improvements to the GUI.
+* 🚀 Improved kubectl support with `targetRef` policies.
+* 🚀 Upgrade to Envoy 1.27.
+
+And a lot more! Check out the full [release notes](https://github.com/kumahq/kuma/releases/tag/2.4.0) to see everything in this release.
+
+## User provided metrics certificate.
+
+Up until now, there was only two ways to configure how stats were exposed:
+
+1. No security
+2. With the mesh mTLS
+
+The second option requires the prometheus instance to run inside the mesh,
+which can be difficult to put in place when the Prometheus instances are shared with applications outside the mesh.
+
+To address this, we are adding support for user provided certificates.
+This allows you to use your own certificates to secure the traffic between the Prometheus instance and the Kuma mesh.
+
+```yaml
+apiVersion: kuma.io/v1alpha1
+kind: Mesh
+metadata:
+  name: default
+spec:
+  metrics:
+    enabledBackend: prometheus-1
+    backends:
+    - name: prometheus-1
+      type: prometheus
+      conf:
+        tls:
+          mode: activeMTLSBackend
+        port: 5670
+        path: /metrics
+        tags: # tags that can be referred in Traffic Permission when metrics are secured by mTLS  
+          kuma.io/service: dataplane-metrics
+```
+
+You can then set the environment variables `KUMA_DATAPLANE_RUNTIME_METRICS_CERT_PATH` and `KUMA_DATAPLANE_RUNTIME_METRICS_KEY_PATH` when a dataplane starts and have them
+point to the certificate you want to use.
+
+In Kubernetes you'll [container-patches](/docs/latest/production/dp-config/dpp-on-kubernetes/#custom-container-configuration).
+
+Note that as part of this change we're deprecating `skipMTLS` in favour of `tls.mode`.
+While you can still use `skipMTLS` we'll remove this syntax in a future release of Kuma.
+
+## Cross-Zone routing improvements
+
+The powerfulness of cross zone routing in Kuma is one of the reason that it stands out as a service mesh.
+Unfortunately up until now [`VirtualOutbound`](/docs/latest/policies/virtual-outbound) were not supported cross-zone.
+
+Kuma 2.4.0 adds support for cross-zone routing for VirtualOutbounds. This means that you can now securely access services in remote zones, such as a Kafka cluster.
+
+## Wait for sidecar to be ready before starting the app
+
+TODO missing docs!
+
+In Kubernetes, the sidecar and the application containers start in parallel. This could lead to problems if the network was not available when the sidecar started.
+
+Kuma 2.4.0 allows you to configure the sidecar to wait until it is ready before starting the application container.
+This ensures that the application container has access to the network when it starts.
+
+To do so, use the control plane config `runtime.kubernetes.injector.sidecar.waitForDataplaneReady=true` for the application container
+to not start before the sidecar is ready.
+You can also restrict this to a pod by using the annotation: `kuma.io/wait-for-dataplane-ready`.
+
+## Join the community!
+
+Join us on our [community channels](https://kuma.io/community/), including official Slack chat, to learn more about Kuma.
+The community channels are useful for getting up and running with Kuma, as well as for learning how to contribute to and discuss the project roadmap.
+Kuma is a CNCF Sandbox project: neutral, open and inclusive.
+
+The community call is hosted [on the second Wednesday of every Month at 8:30am PDT](https://kuma.io/community/).
+And don't forget to follow Kuma [on Twitter](https://twitter.com/kumamesh) and star it [on GitHub](https://github.com/kumahq/kuma)!
diff --git a/app/index.md b/app/index.md
@@ -37,7 +37,7 @@ carousel:
 
 {% contentfor news %}
 
-**Kuma 2.3.0 has been released!** &mdash; MeshTCPRoute, GAMMA support, and much more [on the Kuma 2.3.0 release blog post](/blog/2023/kuma-2-3-0/)
+**Kuma 2.4.0 has been released!** &mdash; sidecar lifecycle, metrics TLS and multi-zone improvements, and much more [on the Kuma 2.4.0 release blog post](/blog/2023/kuma-2-4-0/).
 
 {% endcontentfor %}