🐻 The Universal Service Mesh. CNCF Sandbox Project.

Overview

CircleCI Go Report Card License Artifact HUB Slack Twitter

Kuma is a modern Envoy-based service mesh that can run on every cloud, in a single or multi-zone capacity, across both Kubernetes and VMs. Thanks to its broad universal workload support, combined with native support for Envoy as its data plane proxy technology (but with no Envoy expertise required), Kuma provides modern L4-L7 service connectivity, discovery, security, observability, routing and more across any service on any platform, databases included.

Easy to use, with built-in service mesh policies for security, traffic control, discovery, observability and more, Kuma ships with an advanced multi-zone and multi-mesh support that automatically enables cross-zone communication across different clusters and clouds, and automatically propagates service mesh policies across the infrastructure. Kuma is currently being adopted by enterprise organization around the world to support distributed service meshes across the application teams, on both Kubernetes and VMs.

Originally created and donated by Kong, Kuma is today CNCF (Cloud Native Computing Foundation) Sandbox project and therefore available with the same openness and neutrality as every other CNCF project. Kuma has been engineered to be both powerful yet simple to use, reducing the complexity of running a service mesh across every organization with very unique capabilities like multi-zone support, multi-mesh support, and a gradual and intuitive learning curve.

Users that require enterprise-level support for Kuma can explore the enterprise offerings available.

Built by Envoy contributors at Kong 🦍 .

Need help? In your journey with Kuma you can get in touch with the broader community via the official Slack chat.

Installation | Documentation | Community + Slack Chat | Blog

Summary

Why Kuma?

Built with enterprise use-cases in mind, Kuma is a universal service mesh that supports both Kubernetes and VMs deployments across single and multi-zone setups, with turnkey service mesh policies to get up and running easily while supporting multi-tenancy and multi-mesh on the same control plane. Kuma is a CNCF Sandbox project.

Unlike other service mesh solutions, Kuma innovates the service mesh ecosystem by providing ease of use, native support for both Kubernetes and VMs on both the control plane and the data plane, multi-mesh support that can cross every boundary including Kubernetes namespaces, out of the box multi-zone and multi-cluster support with automatic policy synchronization and connectivity, zero-trust, observability and compliance in one-click, support for custom workload attributes that can be leveraged to accelerate PCI and GDPR compliance, and much more.

Below an example of using Kuma's attributes to route all traffic generated by any PCI-compliant service in Switzerland, to only be routed within the Swiss region:

apiVersion: kuma.io/v1alpha1
kind: TrafficRoute
mesh: default
metadata:
  name: ch-pci-compliance
spec:
  sources:
    - match:
        kuma.io/service: '*'
        kuma.io/zone: 'CH'
        PCI: true
  destinations:
    - match:
        kuma.io/service: '*'
  conf:
    loadBalancer:
      roundRobin: {}
    split:
      - weight: 100
        destination:
          kuma.io/service: '*'
          kuma.io/zone: 'CH'

The above example can also be applied on virtual machines via the built-in kumactl CLI.

With Kuma, our application teams can stop building connectivity management code in every service and every application, and they can rely on modern service mesh infrastructure instead to improve their efficiency and the overall agility of the organization:

Features

  • Universal Control Plane: Easy to use, distributed, runs anywhere on both Kubernetes and VM/Bare Metal.
  • Lightweight Data Plane: Powered by Envoy to process any L4/L7 traffic, with automatic Envoy bootstrapping.
  • Automatic DP Injection: No code changes required in K8s. Easy YAML specification for VM and Bare Metal deployments.
  • Multi-Mesh: To setup multiple isolated Meshes in one cluster and one Control Plane, lowering OPs cost.
  • Single and Multi Zone: To deploy a service mesh that is cross-platform, cross-cloud and cross-cluster.
  • Automatic Discovery & Ingress: With built-in service discovery and connectivity across single and multi-zones.
  • Global & Remote CPs: For scalability across deployments with multiple zones, including hybrid VMs + K8s meshes.
  • mTLS: Automatic mTLS issuing, identity and encryption with optional support for third-party CA.
  • TLS Rotation: Automatic certificate rotation for all the data planes, with configurable settings.
  • Internal & External Services: Aggregation of internal services and support for services outside the mesh.
  • Traffic Permissions: To firewall traffic between the services of a Mesh.
  • Traffic Routing: With dynamic load-balancing for blue/green, canary, versioning and rollback deployments.
  • Fault Injection: To harden our systems by injecting controlled artificial faults and observe the behavior.
  • Traffic Logs: To log all the activity to a third-party service, like Splunk or ELK.
  • Traffic Tracing: To observe the full trace of the service traffic and determine bottlenecks.
  • Traffic Metrics: For every Envoy dataplane managed by Kuma with native Prometheus/Grafana support.
  • Retries: To improve application reliability by automatically retrying requests.
  • Proxy Configuration Templating: The easiest way to run and configure Envoy with low-level configuration.
  • Gateway Support: To support any API Gateway or Ingress, like Kong Gateway.
  • Healthchecks: Both active and passive.
  • GUI: Out of the box browser GUI to explore all the Service Meshes configured in the system.
  • Tagging Selectors: To apply sophisticated regional, cloud-specific and team-oriented policies.
  • Platform-Agnostic: Support for Kubernetes, VMs, and bare metal. Including hybrid deployments.
  • Transparent Proxying: Out of the box transparent proxying on Kubernetes, VMs and any other platform.
  • Network Overlay: Create a configurable Mesh overlay across different Kubernetes clusters and namespaces.

Distributions

Kuma is a platform-agnostic product that ships in different distributions. You can explore the available installation options at the official website.

You can use Kuma for modern greenfield applications built on containers as well as existing applications running on more traditional infrastructure. Kuma can be fully configured via CRDs (Custom Resource Definitions) on Kubernetes and via a RESTful HTTP API in other environments that can be easily integrated with CI/CD workflows.

Kuma also provides an easy to use kumactl CLI client for every environment, and an official GUI that can be accessed by the browser.

Development

Kuma is under active development and production-ready.

See Developer Guide for further details.

Enterprise Support

If you are implementing Kuma in a mission-critical environment and require enterprise support and features, please visit Enterprise to explore the available offerings.

License

Copyright 2021 the Kuma Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Releases(1.2.2)
  • 1.2.2(Jul 16, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release of Kuma! Kuma 1.2.2 ships with fast-follow fixes and improvements to the previous version. We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

    Improvements in 1.2.2:

    • 🚀 Datadog is now available as a traffic tracing option.
    • 🚀 Message limit for gRPC stream is increased to better support Kuma discovery service (KDS)
    • Improved leader election during unexpected failures.
    • Improved SDS and XDS on rapid DP restarts.
    • Fixed HDS on the dpserver when bootstrapping an ingress.

    And much more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.2.1(Jun 30, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new major release of Kuma! Kuma 1.2.1 ships with fast-follow fixes and improvements to the previous version. We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

    Improvements in 1.2.1:

    • 🚀 The data plane proxy now provides an advertised address to the control plane for communication in cases where the address is not directly reachable.
    • 🚀 SNI header now added when TLS is enabled, to permit communication with external services that require it.

    Plus important bug fixes and memory footprint improvements.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.2.0(Jun 17, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new major release of Kuma! Kuma 1.2 ships with 20 new features and countless improvements. We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

    Improvements in 1.2.0:

    • 🚀 New L7 Traffic Routing policy to route - and modify - HTTP traffic per path, method, header or any other combination, with support for regex. Traffic can be modified before reaching the final destination too.
    • 🚀 New Rate-Limit policy to protect our services from aggressive traffic, therefore protecting them from downtimes and improving the overall reliability of the applications.
    • 🚀 The "Remote" control planes have been renamed to "Zone" control planes, and by doing so we have renamed the "Ingress" resource into "ZoneIngress". This change was made after hearing the feedback of many users in the community that wanted more clarity in the naming of this resource.
    • 🚀 Traffic Permissions now work with External Services.
    • 🚀 Improved performance of our DNS resolution.
    • Countless improvements, including a fix for GCP/GKE's erratic IPv6 support.
    • Updated to Envoy 1.18.3.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.1.6(May 13, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release of Kuma - v1.1.6 -- that ships with new features and bug fixes. We highly suggest to upgrade to this new version.

    Improvements in 1.1.6:

    • 🚀 You can now specify any and all tags in a TrafficPermission policy.
    • 🚀 You can now specify TCP and HTTP health checks at the same time in the same policy. The health check policy also now includes a reuse_connection option.
    • 🚀 The --gateway flag is now available in the CLI.
    • 🚀 We have added support for ingress controller installation from kumactl. The first ingress controller supported is Kong Gateway.
    • You can now install the Kuma demo application with the CLI.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.1.5(May 5, 2021)

  • 1.1.4(Apr 19, 2021)

  • 1.1.3(Apr 16, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release of Kuma - v1.1.3 -- that ships with a major new feature and bug fixes. We highly suggest to upgrade to this new version.

    Improvements in 1.1.3

    • 🚀 Built-in DNS provides support for specifying external services by original hostname and port
    • 🚀 Ingress annotations are now supported for Helm charts
    • V3-specific configuration in ProxyTemplate now passes validation

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.1.2(Apr 13, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release of Kuma - v1.1.2 -- that ships with new features and some important bug fixes. We highly suggest to upgrade to this new version.

    Improvements in 1.1.2

    • 🚀 Added 19 new observability charts and "golden metrics".
    • 🚀 IPv6 support across the service mesh.
    • 🚀 New threshold configuration in the Circuit Breaker policy.
    • Performance improvements, especially when using External Services.
    • Stability improvements to kuma-cp and DNS resolving.
    • And much more.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.1.1(Mar 11, 2021)

    This patch release adds features and fixes issues in the previous release, 1.1.0:

    Features

    • zipkin config now includes a shared span context option #1660 :+1: contributed by @ericmustin
    • changed check was removed #1663

    Fixes

    • All types are now enumerated in kumactl #1673
    • Annnotations are appropriately applied to all services with ingress (fixes an issue with ingress services without annotations) #1671
    • Error message improved for the case where $HOME is not defined #1664

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.1.0(Mar 10, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release of Kuma - v1.1.0 - that ships with more than 10 new features, a new timeout policy, and new health-checking and load-balancing modes!! We highly suggest to upgrade to this new version.

    Improvements in 1.1.0

    • 🚀 New timeout policy configurable per service and traffic path
    • 🚀 More features in both the health check and load balancing policies
    • 🚀 New default retry policy that's created when the mesh is provisioned
    • auto_host_rewrite is enabled by default in external services
    • Requirement removed for ingress.kubernetes.io/service-upstream for Kong Gateway
    • Improvements to transparent proxying on VMs
    • Support for UPD listeners
    • Built on the new version of Envoy, v1.17.1
    • And more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Source code(tar.gz)
    Source code(zip)
  • 1.0.8(Feb 19, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release of Kuma - v1.0.8 - that ships with new health checking features and several improvements! We highly suggest to upgrade to this new version.

    Notable Features:

    • 🚀 Support for jitter and custom strings in health checks.
    • Fixed charts in the GUI in multi-zone.
    • CNI and VM improvements.
    • And much more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.7(Feb 10, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release of Kuma - v1.0.7 - that ships with new features, performance improvements and fixes! We highly suggest to upgrade to this new version.

    Notable Features:

    • 🚀 Support for Service-less pods.
    • 🚀 Support for Kubernetes jobs.
    • 🚀 New charts in the embedded GUI.
    • Performance improvements in multi-zone.
    • Performance improvements in DNS resolutions.
    • And much more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.6(Jan 23, 2021)

    👉 Read the full announcement on the Kuma blog

    We are happy to announce a new release that ships with some major new features and improvements, Kuma 1.0.6! We suggest to upgrade to this new version to start using the greatest and latest.

    Notable Features:

    • 🚀 Deep status checks on data planes proxies, their services and Kuma's services!
    • 🚀 Five new load balancers in addition to round robin: least request, ring hash, consistent hash, random & maglev!
    • ⚠️ Deprecating Envoy xDS V2. Introduced support for Envoy xDS V3.
    • Fixed a bug affecting the outbound reconciler in Universal mode.
    • Performance improvements in Universal mode when storing data in Postgres.
    • And more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.5(Jan 7, 2021)

    We are happy to announce the first release of 2021, Kuma 1.0.5! Shipping with performance improvements and fixes, we highly suggest to upgrade to this new version.

    Notable Features:

    • Performance improvements regarding Secret resources in Kubernetes.
    • Fixes to the TCP traffic logging policy.
    • Fault injection support for HTTP/2 and gRPC.
    • And much more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.4(Dec 23, 2020)

    Make no mistake! This is a minor release in name only: we are happy to announce the release of Kuma 1.0.4 with many improvements and new non-breaking features, and we suggest to upgrade to start using the greatest and latest.

    Notable Features:

    • 🚀 One-click transparent proxying mode for VMs in universal mode.
    • 🚀 A new “Retry” policy to improve the resiliency of our traffic.
    • Improvements when deleting a zone in a multi-zone deployment.
    • Collecting both “kuma-dp” and “envoy” versions in both the CLI and the GUI.
    • Improvements to resource validations, ingress data plane proxies,
    • Groundwork for Envoy v3 XDS support.
    • And much more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.3(Dec 3, 2020)

    We are happy to announce the release of Kuma 1.0.3 with one improvement only when it comes to timeouts. In the next release we will introduce a formal policy for managing request timeouts in a more fine grained way.

    Therefore - although we always recommend upgrading to the latest and greatest - you can postpone upgrading to this version if you have not experienced any problem with request timeouts.

    Notable Features:

    • Disabling timeouts on the route level.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.2(Dec 2, 2020)

    We are happy to announce the release of Kuma 1.0.2 with a few improvements and fixes, and we suggest to upgrade to start using the greatest and latest.

    Notable Features:

    • Added the Services view (Internal and External) to the GUI.
    • Updated Envoy to 1.16.1
    • Improvements to the DNS resolver in multi-zone deployments.
    • Fixes to the virtual probes.
    • And more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.1(Nov 23, 2020)

    We are happy to announce the release of Kuma 1.0.1 with a few improvements and fixes, and we suggest to upgrade to start using the greatest and latest.

    Notable Features:

    • Improvements on virtual probes with multiple sidecars.
    • Improvements on the auto-generated TrafficRoute introduced in 1.0.
    • Updates and fixes in the GUI, in the Ingress section and elsewhere.
    • And more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0(Nov 23, 2020)

    Today is a big day for Kuma! Kuma 1.0 is now generally available with over 70 features and improvements ready to use and deploy in production to create modern distributed service meshes for every application running on multiple clusters, clouds, including Kubernetes and VM-based workloads.

    Please read the official blog post for more information.

    Notable Features:

    This new version comes with significant new capabilities and improvements around the following areas:

    Multi-Zone 🌎

    • Simplified multi-zone deployment with auto generation of “Zone” resources.
    • Locality aware load-balancing to reduce multi-zone latency and reduce egress costs.
    • Automatic synchronization of ingress data plane proxies to global CP via the new “Ingress” DP type.

    Services & Policies 🚀

    • Added support for explicit external services.
    • Added support for a new “Service” resource that groups multiple data plane proxies per “kuma.io/service”.
    • Added support for the Kafka protocol.
    • Configurable pass-through control capabilities in a “Mesh” resource.

    Performance 📊

    • Battle tested in production in mission critical SLA-enforced enterprise environments.
    • Significant overall performance improvements (~5x) when running tens of thousands of services in Kuma.
    • Improvements in internal caching of resources to better support high data plane proxy loads.
    • Improved overall scalability of the CLI and the GUI when running with a large amount of resources.

    Security 🔒

    • A new flow for securing data plane proxies with the control plane and locking down the communication between them.
    • A new flow for starting data plane proxies and connecting them to the control plane that works better in non-K8s containerized environments.
    • Added support for Kubernetes probes.
    • Improved readiness checks for sidecar proxy in Kubernetes.

    Other ➕

    • Kuma 1.0 ships with a new GUI!
    • Added over 30+ new charts available out of the box in Grafana to capture the behavior of the CP at scale. Kuma now provides over 65+ charts out of the box.
    • Added support for AWS ECS and Fargate deployments.
    • Upgraded to latest Envoy 1.16.0.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.7.3(Oct 22, 2020)

    We are happy to announce the release of Kuma 0.7.3 with many improvements and fixes, and we highly suggest to upgrade.

    Notable Features:

    • Improvements in how routes are being generated.
    • Improvements on both Helm charts and CNI deployments.
    • The kumactl CLI can now apply multiple resources.
    • And more!

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.7.2(Oct 6, 2020)

    We are happy to announce the release of Kuma 0.7.2 with many improvements and fixes, and we highly suggest to upgrade.

    Notable Features:

    • CNI improvements when running on OpenShift.
    • Being able to exclude inbound and outbound ports to be intercepted by a Kuma data plane proxy.
    • Generate inbound and outbound for HTTP/2.
    • More validation when deploying Kuma in a multi-zone mode.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.7.1(Aug 12, 2020)

    We are happy to announce the release of Kuma 0.7.1 with minor improvements and fixes, and a new official distribution: Helm Charts!

    Notable Features:

    • Official Helm Charts now available for Kuma.
    • Fixed a regression introduced in 0.7.0 in the GUI, which can now be put behind an Ingress Controller again.
    • New grpc support in kuma.io/protocol.
    • Introduced http2 and grpc support on outbound requests.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.7.0(Jul 30, 2020)

    We are happy to announce the general availability of Kuma 0.7! This is very big release that includes countless improvements and updates, specifically when it comes to multi-zone deployments configuration and Kubernetes deployments. We strongly suggest to upgrade to this new version while paying attention to a few breaking changes that 0.7 introduces.

    Notable Features:

    • A new Zone resource to add remote CPs without restarting the global CP
    • An upgraded ProxyTemplate policy to enable better fine-tuning of the underlying Envoy filters
    • Support for StatefulSets to run a service mesh across every service like RabbitMQ and Cassandra
    • Upgraded kuma-dp to Envoy v1.15 (which also unlocks dynamic tracing configuration)
    • A new kuma.io/* prefix for Kuma tags like kuma.io/service, kuma.io.protocol and kuma.io/zone Numerous bug fixes and improvements

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.6.0(Jul 2, 2020)

    We are happy to announce the much-anticipated Kuma 0.6 release! This new release ships with major improvements, especially when it comes to supporting service meshes that can span across multiple clouds, multiple Kubernetes clusters and hybrid platforms (Kubernetes + VMs) in enterprise environments.

    Kuma has also been donated to the CNCF as a Sandbox project: the first Envoy-based service mesh to ever be donated to the foundation. Let’s unwrap these announcements.

    Notable Improvements:

    • New Hybrid Universal mode to build distributed service meshes
    • Introducing Global/Remote control planes
    • Introducing a new DNS resolver for Service Discovery
    • Introducing a new Kuma Ingress for cross-zone communication
    • Introducing the new resources in the GUI

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.5.1(Jun 3, 2020)

    We are happy to announce the release of Kuma 0.5.1! This is a minor release that ships with improvements and bug fixes.

    Notable Improvements:

    • Circuit Breaking has been decoupled from Health Checks and it is now in its own policy.
    • Several improvements in the GUI.
    • Prometheus metrics can now be retrieved over mTLS.
    • Several bug fixes and improvements.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.5.0(May 13, 2020)

    We are happy to announce the release of Kuma 0.5! We are particularly proud for this release since it introduces about 30 new features and many improvements and - as usual - every Kuma improvement is always available on both Kubernetes and Universal (VMs) modes.

    This version of Kuma also ships with a new logo for the project!

    Notable Features:

    • Support for multiple mTLS backends with automatic certificate rotation.
    • A new FaultInjection policy.
    • Significant improvements in the GUI including more scalable tables and wizards.
    • Updated support to latest Kubernetes (v1.18) and Envoy (v1.14.1) versions.
    • Official OpenShift 3.x and 4.x (via CNI) and Amazon Linux distributions.

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(Mar 2, 2020)

    We are happy to announce the release of Kuma 0.4! This is a major release focused on significantly better observability capabilities that also includes many new features and improvements across the board.

    Notable Features:

    • A new TrafficTrace policy that allows users to configure tracing on L7 HTTP traffic
    • Three official Grafana dashboards to visualize traffic metrics collected by Prometheus
    • For Kubernetes, a new selective sidecar injection capability
    • For Universal deployments, a new data plane format to better support gateway use cases
    • A new protocol tag to support different L7 protocols

    For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

    Download and Run:

    Source code(tar.gz)
    Source code(zip)
  • 0.3.2(Jan 10, 2020)

    A new Kuma release that brings in many highly-requested features:

    • support for ingress traffic into the service mesh - it is now possible to re-use existing, feature-rich API Gateway solutions at the front doors of your service mesh. E.g., check out our instructions how to leverage Kuma and Kong together. Or, if you're a hands-on kind of person, play with our demos for kubernetes and universal.
    • access to Prometheus metrics collected by individual dataplanes (Envoys) - as a user, you only need to enable Prometheus metrics as part of your Mesh policy, and that's it - every dataplane (Envoy) will automatically make its metrics available for scraping. Read more about it in the docs.
    • native integration with Prometheus auto-discovery - be it kubernetes or universal (😮), Prometheus will automatically find all dataplanes in your mesh and scrape metrics out of them. Sounds interesting? See our docs and play with our demos for kubernetes and universal.
    • brand new Kuma GUI - following the very first preview release, Kuma GUI have been significantly overhauled to include more features, like support for every Kuma policy. Read more about it in the docs, see it live as part of our demos for kubernetes and universal.

    Download Kuma 0.3.2 and run it now:

    • https://kuma.io/install/0.3.2/

    CHANGELOG:

    Changes:

    • feature: enable proxying of Kuma REST API via Kuma GUI #542
    • feature: add a brand new version of Kuma GUI #538
    • feature: add support for MonitoringAssignments with arbitrary Target labels (rather than only __address__) to kuma-prometheus-sd #540
    • feature: on kuma-prometheus-sd start-up, check write permissions on the output dir #539
    • feature: implement MADS xDS client and integrate kuma-prometheus-sd with Prometheus via file_sd discovery #537
    • feature: add configuration options to kuma-prometheus-sd run #536
    • feature: add kuma-prometheus-sd binary #535
    • feature: advertise MonitoringAssignment server via API Catalog #534
    • feature: generate MonitoringAssignment for each Dataplane in a Mesh #532
    • feature: add a Monitoring Assignment Discovery Service (MADS) server #531
    • feature: add a generic watchdog for xDS streams #530
    • feature: add a generic versioner for xDS Snapshots #529
    • feature: add a custom version of SnapshotCache that supports arbitrary xDS resources #528
    • feature: add proto definition for Monitoring Assignment Discovery Service (MADS) #525
    • feature: enable Envoy Admin API by default with an option to opt out #523
    • feature: add integration with Prometheus on K8S #524
    • feature: redirect requests to /api path on GUI server to API Server #520
    • feature: generate Envoy configuration that exposes Prometheus metrics #510
    • feature: make port of Envoy Admin API available to Envoy config generators #508
    • feature: add option to run dataplane as a gateway without inbounds #503
    • feature: add METRICS column to the table output of kumactl get meshes to make it visible whether Prometheus settings have been configured #502
    • feature: automatically set default values for Prometheus settings in the Mesh resource #501
    • feature: add proto definitions for metrics that should be collected and exposed by dataplanes #500
    • chore: encapsulate proxy init into kuma-init container #495
    • feature: display CA type in kumactl get meshes #494
    • chore: update Envoy to v1.12.2 #493

    Breaking changes:

    • ⚠️ An --dataplane-init-version argument was removed. Init container was changed to kuma-init which version is in sync with the rest of the Kuma containers.
    Source code(tar.gz)
    Source code(zip)
  • 0.3.1(Dec 13, 2019)

    Download Kuma 0.3.1 and run it now:

    • https://kuma.io/install/0.3.1/

    CHANGELOG:

    Changes:

    • feature: added Kuma UI #461
    • feature: support TLS in Postgres-based storage backend #472
    • feature: prevent removal of a signing certificate from a "provided" CA in use #490
    • feature: validate consistency of changes to "provided" CA on k8s #485
    • feature: validate consistency of changes to "provided" CA on universal #475
    • feature: add kumactl manage ca commands to support "provided" CA #474 ⚠️ warning: api breaking change
    • feature: include health checks into generated Envoy configuration (#483) #483
    • feature: pick a single the most specific HealthCheck for every service reachable from a given Dataplane #481
    • feature: add REST API for managing "provided" CA #473
    • feature: reuse policy matching logic for TrafficLog resource #482 ⚠️ warning: backwards-incompatible change of behaviour
    • feature: refactor policy matching logic into reusable function #479
    • feature: add kumactl get healthchecks command #477
    • feature: validate HealthCheck resource #476
    • feature: add HealthCheck CRD on kubernetes #471
    • feature: add HealthCheck to core model #470
    • feature: add proto definition for HealthCheck resource #446
    • feature: ground work for "provided" CA support #467
    • feature: remove "namespace" from core model #458 ⚠️ warning: api breaking change
    • feature: expose effective configuration of kuma-cp as part of REST API #454
    • feature: improve error messages in kumactl config control-planes add #455
    • feature: delete resource operation should return 404 if resource is not found #450
    • feature: autoconfigure bootstrap server on kuma-cp startup #449
    • feature: update envoy to v1.12.1 #448

    Breaking changes:

    • ⚠️ a few arguments of kumactl config control-planes add have been renamed: --dataplane-token-client-cert => --admin-client-cert and --dataplane-token-client-key => --admin-client-key 474
    • ⚠️ instead of applying all matching TrafficLog policies to a given outbound interface of a Dataplane, only a single the most specific TrafficLog policy is now applied #482
    • ⚠️ Mesh CRD on Kubernetes is now Cluster-scoped #458
    Source code(tar.gz)
    Source code(zip)
  • 0.3.0(Nov 20, 2019)

    Download Kuma 0.3.0 and run it now:

    • https://kuma.io/install/0.3.0/

    CHANGELOG:

    Changes:

    • fix: fixed discrepancy between ProxyTemplate documentation and actual implementation #422
    • chore: dropped support for Mesh-wide logging settings #438 ⚠️ warning: api breaking change
    • feature: validate ProxyTemplate resource on CREATE/UPDATE in universal mode #431 ⚠️ warning: api breaking change
    • feature: add kumactl generate tls-certificate command #437
    • feature: validate TrafficLog resource on CREATE/UPDATE in universal mode #435
    • feature: validate TrafficPermission resource on CREATE/UPDATE in universal mode #436
    • feature: dropped support for multiple rules per single TrafficPermission resource #434 ⚠️ warning: api breaking change
    • feature: added configuration for Kuma UI #428
    • feature: included Kuma UI into kuma-cp #410
    • feature: dropped support for multiple rules per single TrafficLog resource #433 ⚠️ warning: api breaking change
    • feature: validate Mesh resource on CREATE/UPDATE in universal mode #430
    • feature: kumactl commands now do custom formating of errors returned by the Kuma REST API #411
    • feature: tcp_proxy configuration now routes to a list of weighted clusters according to TrafficRoute #423
    • feature: included tags of a dataplane into ClusterLoadAssignment #422
    • feature: validate Kuma CRDs on Kubernetes #401
    • feature: improved feedback given to a user when kuma-dp run is configured with an invalid dataplane token #418
    • release: included Docker image with kumactl into release build #425
    • feature: support enabling/disabling DataplaneToken server via a configuration flag #415
    • feature: pick a single the most specific TrafficRoute for every outbound interface of a Dataplane #421
    • feature: validate TrafficRoute resource on CREATE/UPDATE in universal mode #424
    • feature: kumactl apply can now download a resource from URL #402
    • chore: migrated to the latest version of go-control-plane #419
    • feature: added kumactl get traffic-routes command #400
    • feature: added TrafficRoute CRD on Kubernetes #398
    • feature: added TrafficRoute resource to core model #397
    • feature: added support for CORS to Kuma REST API #412
    • feature: validate Dataplane resource on CREATE/UPDATE in universal mode #388
    • feature: added support for client certificate-based authentication to kumactl generate dataplane-token command #372
    • feature: added --overwrite flag to the kumactl config control-planes add command #381 👍contributed by @Gabitchov
    • feature: added MESH column into the output of kumactl get proxytemplates #399 👍contributed by @programmer04
    • feature: kuma-dp run is now configured with a URL of the API server instead of a former URL of the boostrap config server #417 ⚠️ warning: interface breaking change
    • feature: added a REST endpoint to advertize location of various sub-components of the control plane #369
    • feature: added protobuf descriptor for TrafficRoute resource #396
    • fix: added reconciliation on Dataplane delete to handle a case where a user manually deletes Dataplane on Kubernetes #392
    • feature: Kuma REST API on Kubernetes is now restricted to READ operations only #377 👍contributed by @sterchelen
    • fix: ignored errors in unit tests #376 👍contributed by @alrs
    • feature: JSON output of kumactl is now pretty-printed #360 👍contributed by @sterchelen
    • feature: DataplaneToken server is now exposed for remote access over HTTPS with mandatory client certificate-based authentication #349
    • feature: kuma-dp now passes a path to a file with a dataplane token as an argumenent for bootstrap config API #348
    • feature: added support for mTLS on Kubernetes v1.13+ #356
    • feature: added kumactl delete command #343 👍contributed by @pradeepmurugesan
    • feature: added kumactl gerenerate dataplane-token command #342
    • feature: added a DataplaneToken server to support dataplane authentication in universal mode #342
    • feature: on removal of a Mesh remove all policies defined in it #332
    • docs: documented release process #341
    • docs: DEVELOPER.md was brought up to date #346
    • docs: added instructions how to deploy kuma-demo on Kubernetes #347

    Community contributions from:

    • 👍@pradeepmurugesan
    • 👍@alrs
    • 👍@sterchelen
    • 👍@programmer04
    • 👍@Gabitchov

    Breaking changes:

    • ⚠️ fixed discrepancy between ProxyTemplate documentation and actual implementation #422
    • ⚠️ selectors in ProxyTemplate now always require service tag #431
    • ⚠️ dropped support for Mesh-wide logging settings #438
    • ⚠️ dropped support for multiple rules per single TrafficPermission resource #434
    • ⚠️ dropped support for multiple rules per single TrafficLog resource #433
    • ⚠️ value of --cp-address parameter in kuma-dp run is now a URL of the API server instead of a former URL of the boostrap config server #417
    Source code(tar.gz)
    Source code(zip)
Owner
Kuma
The Universal Service Mesh. CNCF Sandbox Project.
Kuma
A curated list of awesome Kubernetes tools and resources.

Awesome Kubernetes Resources A curated list of awesome Kubernetes tools and resources. Inspired by awesome list and donnemartin/awesome-aws. The Fiery

Tom Huang 881 Sep 22, 2021
Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

Open Service Mesh (OSM) Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure,

Open Service Mesh 2.1k Sep 16, 2021
Progressive delivery Kubernetes operator (Canary, A/B Testing and Blue/Green deployments)

flagger Flagger is a progressive delivery tool that automates the release process for applications running on Kubernetes. It reduces the risk of intro

Flux project 3.2k Sep 25, 2021
Litmus helps Kubernetes SREs and developers practice chaos engineering in a Kubernetes native way.

Litmus Cloud-Native Chaos Engineering Read this in other languages. ???? ???? ???? ???? Overview Litmus is a toolset to do cloud-native chaos engineer

Litmus Chaos 2.1k Sep 23, 2021
Enterprise-grade container platform tailored for multicloud and multi-cluster management

KubeSphere Container Platform What is KubeSphere English | 中文 KubeSphere is a distributed operating system providing cloud native stack with Kubernete

KubeSphere 6.8k Sep 19, 2021
A Kubernetes Network Fabric for Enterprises that is Rich in Functions and Easy in Operations

中文教程 Kube-OVN, a CNCF Sandbox Level Project, integrates the OVN-based Network Virtualization with Kubernetes. It offers an advanced Container Network

null 1k Sep 16, 2021
Production-Grade Container Scheduling and Management

Kubernetes (K8s) Kubernetes, also known as K8s, is an open source system for managing containerized applications across multiple hosts. It provides ba

Kubernetes 81.1k Sep 22, 2021
Simplified network and services for edge applications

English | 简体中文 EdgeMesh Introduction EdgeMesh is a part of KubeEdge, and provides a simple network solution for the inter-communications between servi

KubeEdge 56 Sep 19, 2021
KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

Kubernetes-based Event Driven Autoscaling KEDA allows for fine-grained autoscaling (including to/from zero) for event driven Kubernetes workloads. KED

KEDA 3.6k Sep 18, 2021
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration, and automating updates to configuration when there is new code to deploy.

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy.

Flux project 2.1k Sep 26, 2021
GitHub中文排行榜,帮助你发现高分优秀中文项目、更高效地吸收国人的优秀经验成果;榜单每周更新一次,敬请关注!

榜单设立目的 ???? GitHub中文排行榜,帮助你发现高分优秀中文项目; 各位开发者伙伴可以更高效地吸收国人的优秀经验、成果; 中文项目只能满足阶段性的需求,想要有进一步提升,还请多花时间学习高分神级英文项目; 榜单设立范围 设立1个总榜(所有语言项目汇总排名)、18个分榜(单个语言项目排名);

kon9chunkit 38.7k Sep 23, 2021
Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes (k8s + wg = kg)

Kilo Kilo is a multi-cloud network overlay built on WireGuard and designed for Kubernetes. Overview Kilo connects nodes in a cluster by providing an e

Lucas Servén Marín 1.1k Sep 25, 2021
The OCI Service Operator for Kubernetes (OSOK) makes it easy to connect and manage OCI services from a cloud native application running in a Kubernetes environment.

OCI Service Operator for Kubernetes Introduction The OCI Service Operator for Kubernetes (OSOK) makes it easy to create, manage, and connect to Oracle

Oracle 6 Sep 10, 2021
Reconstruct Open API Specifications from real-time workload traffic seamlessly

Reconstruct Open API Specifications from real-time workload traffic seamlessly: Capture all API traffic in an existing environment using a service-mes

null 3 Sep 16, 2021
A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI

A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI. Table of Contents Abstract Features Installation

Aqua Security 8.6k Sep 22, 2021
Lightweight, CRD based envoy control plane for kubernetes

Lighweight, CRD based Envoy control plane for Kubernetes: Implemented as a Kubernetes Operator Deploy and manage an Envoy xDS server using the Discove

null 36 Sep 18, 2021
Polaris is a cloud-native service discovery and governance center

It can be used to solve the problem of service connection, fault tolerance, traffic control and secure in distributed and microservice architecture.

PolarisMesh 556 Sep 11, 2021
An example of Kubernetes' Horizontal Pod Autoscaler using costume metrics.

Kubernetes Autoscaling Example In this project, I try to implement Horizontal Pod AutoscalerHPA provided by Kubernetes. The Horizontal Pod Autoscaler

Jaskeerat Singh Randhawa 4 Aug 28, 2021
Hassle-free minimal CI/CD for git repositories with docker or docker-compose projects.

GIT-PIPE Hassle-free minimal CI/CD for git repos for docker-based projects. Features: zero configuration for repos by default automatic encrypted back

Aleksandr Baryshnikov 50 Sep 16, 2021