Kong Donates Kuma Service Mesh to the CNCF

The Cloud Native Computing Foundation (CNCF) announced today it has accepted the open source Kuma service mesh developed by Kong as a sandbox level project.

At the same time, Kong announced an update to the service mesh for monolithic and microservices-based applications that makes it easier to deploy multi-tenant instances of Kuma across multiple types of networking environments.

A service mesh provides a layer of abstraction across networking environments that simplifies the deployment of distributed applications. Rather than having to manually configure each application service for a specific network, the service mesh automatically routes application traffic across multiple network underlays.

Kuma is based on Envoy, an open source proxy server developed under the auspices of the CNCF. Kuma will be the second service mesh project that CNCF has accepted after Linkerd. However, Linkerd is not based on Envoy, so the CNCF is adding another service mesh project.

Kong CTO Marco Palladino said Envoy provides an opportunity to create a lighter-weight service mesh that is easier to deploy across a distributed computing environment.

Arguably, the best-known instance of a service mesh is Istio, which was developed by Google, IBM and Lyft for Kubernetes clusters. Istio, however, is complex to deploy and manage, and it hasn’t come under the auspices of any open source consortium.

Palladino said given the popularity of Envoy, it only makes sense to add a service mesh that is both lighter-weight, scales better and is more extensible. For example, the latest release of Kuma adds support for global/remote control plane replication across hundreds of thousands of data plane proxies, he said.

Also added was an ingress data plane mode that automates cross-platform and cross-cluster service mesh communication and a native universal DNS service discovery application programming interface (API) that makes it appear multiple services are all sharing the same cluster.

As a sandbox-level project managed by the CNCF, Kong is now inviting other organizations to contribute to the development of the Kuma service. It remains to be seen which service meshes will eventually gain broad support. In addition to Kuma, Istio and Linkerd, the open source Consul service mesh from HashiCorp is vying for support. There are other proxy servers as well, such as NGINX, on which service meshes can be constructed.

Very few IT organizations have deployed any type of service mesh in a production environment. However, as the number of microservices being deployed steadily increases, IT organizations need an easier way to enable applications to invoke network resources. Kuma provides a service mesh to address that issue that can be employed by both emerging microservices-based applications and legacy monolithic applications.

Kuma also makes it possible to more easily secure traffic, establish service connectivity permissions and capture metrics using a combination of routing rules that can be set using APIs, says Palladino. It also comes with out-of-the-box policies for the most common service mesh use cases.

Service meshes should also play a major role in the eventual convergence of network operations (NetOps) and best DevOps practices. Network specialists still will be needed to deploy the physical network underlay. However, network services themselves are becoming a virtual abstraction that developers can invoke within the parameters of policies defined by a central IT organization.

The challenge now is advancing service mesh platforms to the point where the average enterprise IT team is capable of deploying and managing them.