Skip to content

v0.3.0
Compare
Choose a tag to compare
@nlgwcy nlgwcy released this 19 Apr 16:26
· 1163 commits to main since this release
v0.3.0
0caf0c9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Enhancements

After a series of intense tests, we have released version 0.3.0 of Kmesh. This version introduces a four-seven layer separation governance architecture, supports distant L7 waypoint components, and includes optimizations in security, operations, and other areas. Additionally, it addresses issues related to kind deployments, making it easier for developers to use Kmesh more effectively. The key features included in this update are as follows:

  • Four-seven layer separation architecture

    Kmesh supports a workload model and integrates with distant L7 waypoints through the proxy protocol.

    • Lightweight interception forwarding: Kmesh performs L4 interception forwarding in the kernel using eBPF programs during the connection phase.

    • Simplified proxy protocol: Kmesh defines TLV-based meta-information (including communication source, destination addresses, etc.) to carry original link information required for waypoint operations. This meta-information is appended to the first data packet and sent to the waypoint.

    • L7 waypoint component

      In contrast to existing waypoint integrations based on the HBONE protocol, Kmesh introduces a waypoint component compatible with the proxy protocol. This component is developed with enhancements based on Envoy and provides services externally via port 15019.

  • Support for IP address-based traffic authorization

    • Support for access authorization based on source and destination address information.

  • Troubleshooting assistant: One-click bypass for mesh data plane

    • In service meshes, when there is an issue with data forwarding for a particular Pod, it is necessary to determine whether the problem is caused by the mesh data plane. Kmesh supports one-click bypass for the mesh data plane (Kmesh data plane/sidecar data plane), helping users troubleshoot more effectively.

      # kubectl label pod <pod_name> kmesh.net/bypass=enabled

Optimization Features:

  • Ease of Use Optimization for kind Deployments

    • Optimized the steps required to mount the BPF file system for deployments using kind, enabling one-click deployment of Kmesh.

      # helm install kmesh ./deploy/helm -n kmesh-system --create-namespace

  • Kmesh Governance Mechanism Update

    • Optimized the implementation mechanism of Kmesh governance, removing the restrictions of cgroupv1.

    • Added annotations on Pods to indicate whether they are governed by Kmesh.

      # kubectl get pods {podName} -o yaml
metadata:
  annotations:
    kmesh.net/redirection: enabled
    ...

Meanwhile, Kmesh has also optimized logging, added support for Ubuntu systems, and enhanced protection for UT test cases, making Kmesh more stable. Feel free to try out the new Kmesh image version!

# The Kmesh x86 image is used for openEuler 23.03 OS & other 5.10+ OS.
docker pull ghcr.io/kmesh-net/kmesh:v0.3.0

# Kmesh L7 waypoint image
docker pull ghcr.io/kmesh-net/waypoint-x86:v0.3.0

# Kmesh compilation environment image 
docker pull ghcr.io/kmesh-net/kmesh-build-x86:v0.3.0
Assets 2
Loading