Releases: kmesh-net/kmesh
v0.3.1
v0.3.0
Enhancements
After a series of intense tests, we have released version 0.3.0 of Kmesh. This version introduces a four-seven layer separation governance architecture, supports distant L7 waypoint components, and includes optimizations in security, operations, and other areas. Additionally, it addresses issues related to kind deployments, making it easier for developers to use Kmesh more effectively. The key features included in this update are as follows:
-
Four-seven layer separation architecture
Kmesh supports a workload model and integrates with distant L7 waypoints through the proxy protocol.
-
Lightweight interception forwarding: Kmesh performs L4 interception forwarding in the kernel using eBPF programs during the connection phase.
-
Simplified proxy protocol: Kmesh defines TLV-based meta-information (including communication source, destination addresses, etc.) to carry original link information required for waypoint operations. This meta-information is appended to the first data packet and sent to the waypoint.
-
L7 waypoint component
In contrast to existing waypoint integrations based on the HBONE protocol, Kmesh introduces a waypoint component compatible with the proxy protocol. This component is developed with enhancements based on Envoy and provides services externally via port
15019.
-
-
Support for IP address-based traffic authorization
- Support for access authorization based on source and destination address information.
-
Troubleshooting assistant: One-click bypass for mesh data plane
-
In service meshes, when there is an issue with data forwarding for a particular Pod, it is necessary to determine whether the problem is caused by the mesh data plane. Kmesh supports one-click bypass for the mesh data plane (Kmesh data plane/sidecar data plane), helping users troubleshoot more effectively.
# kubectl label pod <pod_name> kmesh.net/bypass=enabled
-
Optimization Features:
-
Ease of Use Optimization for kind Deployments
-
Optimized the steps required to mount the BPF file system for deployments using kind, enabling one-click deployment of Kmesh.
# helm install kmesh ./deploy/helm -n kmesh-system --create-namespace
-
-
Kmesh Governance Mechanism Update
-
Optimized the implementation mechanism of Kmesh governance, removing the restrictions of
cgroupv1. -
Added annotations on Pods to indicate whether they are governed by Kmesh.
# kubectl get pods {podName} -o yaml metadata: annotations: kmesh.net/redirection: enabled ...
-
Meanwhile, Kmesh has also optimized logging, added support for Ubuntu systems, and enhanced protection for UT test cases, making Kmesh more stable. Feel free to try out the new Kmesh image version!
# The Kmesh x86 image is used for openEuler 23.03 OS & other 5.10+ OS.
docker pull ghcr.io/kmesh-net/kmesh:v0.3.0
# Kmesh L7 waypoint image
docker pull ghcr.io/kmesh-net/waypoint-x86:v0.3.0
# Kmesh compilation environment image
docker pull ghcr.io/kmesh-net/kmesh-build-x86:v0.3.0v0.2.0
On the eve of the Lunar New Year, we released version 0.2.0 of Kmesh, which has been optimized for installation, deployment, and security, and now supports basic workload functionality to better serve developers in using Kmesh. The main features included in this update are as follows:
-
More aligned with cloud-native usage patterns
-
Support for building Docker images
Kmesh provides a compilation environment image, where all compilation processes take place within the compilation container and the output is directed to the out folder in the root directory, simultaneously generating a runnable Kmesh image.
# make docker IMAGE={repo:tag} -
One-click Helm installation
# helm install kmesh ./deploy/helm -n kmesh-system --create-namespace
-
-
Enhanced xDS communication security
Strengthened communication security with the service mesh control plane, establishing sessions with Istiod via secure channels.
-
Support for basic workload functionality
In certain scenarios, Layer 7 governance capabilities are not mandatory. For such scenarios, the Istio community has introduced the workload model, which Kmesh now supports, specifically the L4 service forwarding capability within workloads. Specific usage instructions include:
# Modify kmeshDaemonArgs value in value.yaml before Helm installation containers: kmeshDaemonArgs: "-enable-kmesh-workload -enable-ads=false -enable-workload=true" # Helm install # helm install kmesh ./deploy/helm -n kmesh-system --create-namespace
-
Process optimization
- Refactored the xDS incremental refresh process;
- Removed dependency on .kubeconfig, automatically generating data plane identity information.
The image information released by Kmesh is also updated:
# The Kmesh x86 image is used for openEuler 23.03 OS.
docker pull ghcr.io/kmesh-net/kmesh:v0.2.0
# The x86 image for Kmesh online compilation and execution, supports OS kernel versions 5.10 and above.
docker pull ghcr.io/kmesh-net/kmesh-compatible:v0.2.0
# Kmesh compilation environment image
docker pull ghcr.io/kmesh-net/kmesh-build-x86:v0.2.0v0.1.0
Kmesh is a high-performance traffic management engine, based on eBPF+programmable kernel technology, sinking traffic management into the OS. The forwarding path within the service mesh changes from multi-hop to single-hop, greatly improving forwarding performance, suitable for delay-sensitive application scenarios.
Quick View of Kmesh:
Features:
-
One-click Deployment
The community has released Kmesh deployment images, and supports one-click deployment of Kmesh through YAML here.
-
Namespace Enabling
Supports enabling Kmesh's traffic takeover scope through namespaces.
-
Collaborative Work with Sidecar Data Plane
Supports collaborative work with sidecar data plane. After enabling Kmesh, the traffic of newly created Pods within the namespace will be automatically taken over by Kmesh without passing through a sidecar proxy. If the sockmap feature is enabled during Kmesh deployment, it can accelerate the original sidecar traffic (reducing latency by about 15%).
-
Layer 4 Traffic Management
Support for tcp_proxy management rules based on eBPF, including routing, grayscale, load balancing, etc.
-
Layer 7 Traffic Management
Thanks to Kmesh's enhancement of the kernel, L7 traffic management can be fully completed within the eBPF prog without passing through any proxy software. Currently supports some models of http_connection_manager xds, including routing, grayscale, and load balancing under the http1.1 protocol.
-
Service Mesh Control Plane Connection
Supports XDS protocol and can easily connect with service mesh control planes such as Istiod.
Docker Images:
Kmesh achieves the ability to completely sink traffic management below the OS through kernel enhancements. When releasing images, the range of OS for which the image is applicable must be considered. To this end, we consider releasing two types of images:
-
Supported OS versions with kernel enhancement modifications
The current openEuler 23.03 OS natively supports the kernel enhancement features required by Kmesh. Kmesh release images can be directly installed and run on this OS. For a detailed list of supported OS versions with kernel enhancement modifications, please refer to this link.
-
Unsupported OS versions with kernel enhancement modifications
To be compatible with different OS versions, Kmesh provides online compilation and running images. After Kmesh is deployed, it will automatically select Kmesh features supported by the host machine's kernel capabilities, to meet the demand for one image to run in different OS environments.
# The Kmesh x86 image is used for openEuler 23.03 OS.
docker pull ghcr.io/kmesh-net/kmesh:v0.1.0
# The x86 image for Kmesh online compilation and execution, supports OS kernel versions 5.10 and above.
docker pull ghcr.io/kmesh-net/kmesh-x86:v0.1.0
# The arm image for Kmesh online compilation and execution, supports OS kernel versions 5.10 and above.
docker pull ghcr.io/kmesh-net/kmesh-arm:v0.1.0