Skip to content

Releases: kmesh-net/kmesh

v0.4.0

10 Jul 10:15
@hzxuzhonghu hzxuzhonghu
v0.4.0
2a46e99
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.4.0 Latest
Latest

2024 Mid-Year Review: We are pleased to announce release v0.4.0 after more than two months's hard work from all our contributors. In release v0.4.0 we have done many enhancements such as refined pod management, management of DNS typed services, IPv6 protocol support, and data plane communication metrics monitoring. Additionally, improvements have been made in performance, maintainability, and testability, making Kmesh more robust. The key features included in this release are listed but not limited to the following:

Fine-Grained Namespace and Pod Manage:

In addition to namespace-level management, Kmesh now supports fine-grained pod-level management. You can manage pods using the following commands:

# Particular pod manage
kubectl label pod <podName> istio.io/dataplane-mode=kmesh -n {namespace}

# Namespace scoped pods manage
kubectl label ns <namespace> istio.io/dataplane-mode=kmesh

Supports IPv6 Communication in Workload Mode:

Kmesh now supports IPv6 communication, catering to both public and private cloud environments. Even for IPv4 services, Java-based services default to using the IPv6 protocol family. This enhancement ensures broader service management scenarios.

The ads mode will also support IPv6 in the near future, and also we will make Kmesh dual-stack compatible.

Performance Optimization for Rule Refresh in ads Mode:

Previously in the ads mode, Kmesh suffered from slow rule refresh because of map-in-map model used. This release, we significantly improves rule refresh performance by orders of magnitude, laying the groundwork for large-scale cluster management.

Fine-Grained Waypoint Traffic Capture:

To stay in sync with Istio 1.22, Kmesh now supports the latest workload API model. You can now use the “istio.io/use-waypoint” label to enable waypoint capture at the namespace, service, or pod level. This flexibility allows precise and on-demand use of waypoints.

DNS-Type Services Support:

In Kmesh’s ads mode, HTTP protocol is managed using eBPF and kernel modules, along with Listener, Route, and Cluster APIs. However, DNS-typed services posed a challenge because their clusters use domain names as endpoints, making DNS resolution during load balancing impossible within eBPF.

Kmesh introduces a DNS resolve module within the Kmesh daemon. It resolves domain names in user space and rewrites clusters's inlined endpoints to prevent resolving DNS early. As a result, Kmesh now supports Kubernetes ExternalName Services and Istio DNS Resolution ServiceEntry.

Observability Support:

Kmesh prioritizes observability as a critical feature in traffic management. It achieves low-cost connection monitoring using eBPF in the kernel and supports Prometheus-based metrics collection and aggregation. Future updates will enhance other observability capabilities, accesslog and traces.
To query monitoring information, use the following command:

kubectl exec -ti -n kmesh-system kmesh-6ct4h -- curl http://127.0.0.1:15020/status/metrics

Dynamic Log Level Adjustment:

Kmesh now allows dynamic adjustment of log levels for both the kmesh-daemon and eBPF prog. Now kmesh also redirect eBPF data plane logs to user space printing to avoid trace-pipe cost (requires kernel version 5.13 or higher).

# Adjust kmesh-daemon log level (e.g., debug | error | info)
kubectl exec -ti -n kmesh-system kmesh-6ct4h -- kmesh-daemon log --set default:debug
# Adjust kmesh eBPF data plane log level
kubectl exec -ti -n kmesh-system kmesh-6ct4h -- kmesh-daemon log --set bpf:debug

Additionally, there are many other improvements are there:

  • Kmesh has introduced an E2E testing framework, ensuring that each PR submission undergoes E2E tests to prevent regressions.
  • Reliability reconnections with Istiod have been addressed, and community documentation has been enriched.

What's Changed

Read more

Contributors

YaoZengzeng, kwb0523, and 13 other contributors
Assets 2
Loading

v0.3.1

11 May 07:43
@nlgwcy nlgwcy
v0.3.1
f0523f2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.1

Bug Fixes:

  1. Fix authz on server listening on both ipv4 and ipv6 port #279
  2. Fix incorrect domain matching in ads mode #315
  3. Repair kmesh manager not effect in sockops on oe 23.03 #303
  4. Fix DNS resolve failed from python #314
Assets 2
Loading

v0.3.0

19 Apr 16:26
@nlgwcy nlgwcy
v0.3.0
0caf0c9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.0

Enhancements

After a series of intense tests, we have released version 0.3.0 of Kmesh. This version introduces a four-seven layer separation governance architecture, supports distant L7 waypoint components, and includes optimizations in security, operations, and other areas. Additionally, it addresses issues related to kind deployments, making it easier for developers to use Kmesh more effectively. The key features included in this update are as follows:

  • Four-seven layer separation architecture

    Kmesh supports a workload model and integrates with distant L7 waypoints through the proxy protocol.

    • Lightweight interception forwarding: Kmesh performs L4 interception forwarding in the kernel using eBPF programs during the connection phase.

    • Simplified proxy protocol: Kmesh defines TLV-based meta-information (including communication source, destination addresses, etc.) to carry original link information required for waypoint operations. This meta-information is appended to the first data packet and sent to the waypoint.

    • L7 waypoint component

      In contrast to existing waypoint integrations based on the HBONE protocol, Kmesh introduces a waypoint component compatible with the proxy protocol. This component is developed with enhancements based on Envoy and provides services externally via port 15019.

  • Support for IP address-based traffic authorization

    • Support for access authorization based on source and destination address information.

  • Troubleshooting assistant: One-click bypass for mesh data plane

    • In service meshes, when there is an issue with data forwarding for a particular Pod, it is necessary to determine whether the problem is caused by the mesh data plane. Kmesh supports one-click bypass for the mesh data plane (Kmesh data plane/sidecar data plane), helping users troubleshoot more effectively.

      # kubectl label pod <pod_name> kmesh.net/bypass=enabled

Optimization Features:

  • Ease of Use Optimization for kind Deployments

    • Optimized the steps required to mount the BPF file system for deployments using kind, enabling one-click deployment of Kmesh.

      # helm install kmesh ./deploy/helm -n kmesh-system --create-namespace

  • Kmesh Governance Mechanism Update

    • Optimized the implementation mechanism of Kmesh governance, removing the restrictions of cgroupv1.

    • Added annotations on Pods to indicate whether they are governed by Kmesh.

      # kubectl get pods {podName} -o yaml
metadata:
  annotations:
    kmesh.net/redirection: enabled
    ...

Meanwhile, Kmesh has also optimized logging, added support for Ubuntu systems, and enhanced protection for UT test cases, making Kmesh more stable. Feel free to try out the new Kmesh image version!

# The Kmesh x86 image is used for openEuler 23.03 OS & other 5.10+ OS.
docker pull ghcr.io/kmesh-net/kmesh:v0.3.0

# Kmesh L7 waypoint image
docker pull ghcr.io/kmesh-net/waypoint-x86:v0.3.0

# Kmesh compilation environment image 
docker pull ghcr.io/kmesh-net/kmesh-build-x86:v0.3.0
Assets 2
Loading

v0.2.0

08 Feb 15:05
@nlgwcy nlgwcy
v0.2.0
6f90963
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0

On the eve of the Lunar New Year, we released version 0.2.0 of Kmesh, which has been optimized for installation, deployment, and security, and now supports basic workload functionality to better serve developers in using Kmesh. The main features included in this update are as follows:

  • More aligned with cloud-native usage patterns

    • Support for building Docker images

      Kmesh provides a compilation environment image, where all compilation processes take place within the compilation container and the output is directed to the out folder in the root directory, simultaneously generating a runnable Kmesh image.

      # make docker IMAGE={repo:tag}

    • One-click Helm installation

      # helm install kmesh ./deploy/helm -n kmesh-system --create-namespace

  • Enhanced xDS communication security

    Strengthened communication security with the service mesh control plane, establishing sessions with Istiod via secure channels.

  • Support for basic workload functionality

    In certain scenarios, Layer 7 governance capabilities are not mandatory. For such scenarios, the Istio community has introduced the workload model, which Kmesh now supports, specifically the L4 service forwarding capability within workloads. Specific usage instructions include:

    # Modify kmeshDaemonArgs value in value.yaml before Helm installation
containers:
       kmeshDaemonArgs: "-enable-kmesh-workload -enable-ads=false -enable-workload=true"

# Helm install
# helm install kmesh ./deploy/helm -n kmesh-system --create-namespace

  • Process optimization

    • Refactored the xDS incremental refresh process;
    • Removed dependency on .kubeconfig, automatically generating data plane identity information.

The image information released by Kmesh is also updated:

# The Kmesh x86 image is used for openEuler 23.03 OS.
docker pull ghcr.io/kmesh-net/kmesh:v0.2.0

# The x86 image for Kmesh online compilation and execution, supports OS kernel versions 5.10 and above.
docker pull ghcr.io/kmesh-net/kmesh-compatible:v0.2.0

# Kmesh compilation environment image 
docker pull ghcr.io/kmesh-net/kmesh-build-x86:v0.2.0
Assets 2
Loading

v0.1.0

26 Dec 14:18
@nlgwcy nlgwcy
v0.1.0
ff61192
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0

Kmesh is a high-performance traffic management engine, based on eBPF+programmable kernel technology, sinking traffic management into the OS. The forwarding path within the service mesh changes from multi-hop to single-hop, greatly improving forwarding performance, suitable for delay-sensitive application scenarios.

Quick View of Kmesh:

Features:

  • One-click Deployment

    The community has released Kmesh deployment images, and supports one-click deployment of Kmesh through YAML here.

  • Namespace Enabling

    Supports enabling Kmesh's traffic takeover scope through namespaces.

  • Collaborative Work with Sidecar Data Plane

    Supports collaborative work with sidecar data plane. After enabling Kmesh, the traffic of newly created Pods within the namespace will be automatically taken over by Kmesh without passing through a sidecar proxy. If the sockmap feature is enabled during Kmesh deployment, it can accelerate the original sidecar traffic (reducing latency by about 15%).

  • Layer 4 Traffic Management

    Support for tcp_proxy management rules based on eBPF, including routing, grayscale, load balancing, etc.

  • Layer 7 Traffic Management

    Thanks to Kmesh's enhancement of the kernel, L7 traffic management can be fully completed within the eBPF prog without passing through any proxy software. Currently supports some models of http_connection_manager xds, including routing, grayscale, and load balancing under the http1.1 protocol.

  • Service Mesh Control Plane Connection

    Supports XDS protocol and can easily connect with service mesh control planes such as Istiod.

Docker Images:

Kmesh achieves the ability to completely sink traffic management below the OS through kernel enhancements. When releasing images, the range of OS for which the image is applicable must be considered. To this end, we consider releasing two types of images:

  • Supported OS versions with kernel enhancement modifications

    The current openEuler 23.03 OS natively supports the kernel enhancement features required by Kmesh. Kmesh release images can be directly installed and run on this OS. For a detailed list of supported OS versions with kernel enhancement modifications, please refer to this link.

  • Unsupported OS versions with kernel enhancement modifications

    To be compatible with different OS versions, Kmesh provides online compilation and running images. After Kmesh is deployed, it will automatically select Kmesh features supported by the host machine's kernel capabilities, to meet the demand for one image to run in different OS environments.

# The Kmesh x86 image is used for openEuler 23.03 OS.
docker pull ghcr.io/kmesh-net/kmesh:v0.1.0

# The x86 image for Kmesh online compilation and execution, supports OS kernel versions 5.10 and above.
docker pull ghcr.io/kmesh-net/kmesh-x86:v0.1.0

# The arm image for Kmesh online compilation and execution, supports OS kernel versions 5.10 and above.
docker pull ghcr.io/kmesh-net/kmesh-arm:v0.1.0
Assets 2
Loading