Kong Mesh 2.14: Zone Proxy Policies, Security Defaults
Blog post from Kong
Kong Mesh 2.14 introduces significant enhancements for multi-zone customers, focusing on improved security, observability, and policy control. Built on the open-source Kuma service mesh, Kong Mesh simplifies operations for platform teams by providing robust features like zero-trust security and multi-zone support across various environments, including cloud providers, Kubernetes clusters, and traditional servers. This release enhances the mesh-scoped zone proxy deployment model, allowing for precise policy enforcement and traffic control using SNI-based matching, which offers granular management of cross-zone and external-service traffic. Observability is bolstered through integration with OpenTelemetry and updated Grafana dashboards, streamlining metrics and tracing into a cohesive pipeline. Security is reinforced by defaulting to Unix domain sockets for Envoy admin API communication and restricting localhost access, aligning with a zero-trust approach. Additionally, the update introduces Kubernetes native sidecars for improved lifecycle management and offline signing tokens for secure, reliable token generation in disconnected environments. These improvements collectively aim to provide a more secure, efficient, and adaptable service mesh solution for enterprises managing complex, multi-zone topologies.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| OpenTelemetry | 12 | 701 | 153 | 53 | -26% |
| Kubernetes | 11 | 1,993 | 294 | 100 | +1% |
| Observability | 11 | 3,430 | 674 | 183 | +0% |
| Secrets Management | 5 | 2,063 | 322 | 117 | -4% |
| Zero Trust | 2 | 112 | 47 | 30 | -26% |
| Real-time | 1 | 5,457 | 1,338 | 238 | -5% |