Blog
May 12, 2020

Announcing Maesh 1.2

Now with support for UDP, reworked ACL, and a more efficient installation!

In early March, we proudly announced the general availability of Maesh 1.1. Now, less than 3 months later we’re proud to introduce Maesh 1.2, the latest release of our simpler service mesh. This release brings new additions such as UDP support and enhancing our internal architecture to provide more flexibility and performance in large deployments.

UDP Support

As you probably know, Maesh is built on top of Traefik, our popular Cloud Native Edge Router. Traefik introduced UDP support with the release of version 2.2 in early March, and  as a result, Maesh is now able to handle UDP connections as well.

The only thing you need to do is modify your "maesh.containo.us/traffic-type" annotation and set it to udp.

---
apiVersion: v1
kind: Service
metadata: 
  annotations: 
    maesh.containo.us/traffic-type: udp
  labels: 
    app: my-udp-service
  name: udp-service
  namespace: test
spec: 
  ports: 
    - port: 8080
      protocol: UDP
  selector: 
    app: my-udp-service

That’s it! Maesh will now proxy the UDP protocol to that service.

Pull over Push Configuration

As a result of the architectural change mentioned above, we were able to improve the way our proxy nodes ingest configuration.

Prior to this release, the Maesh Controller pushed the current dynamic configuration to the proxy nodes. Of course, this solution was not optimal as it eventually resulted in longer deployment times and became a bottleneck in large clusters.

We’ve changed the configuration to a pull based system, so instead of waiting for a push, the custom nodes will pull the configuration from the controller.This change improves both performance along with stability, and makes the deployment of configuration not only more efficient but much easier.

ACL as a feature

Maesh was designed from the ground up to be SMI compliant. Therefore, we initially had a CLI flag to configure Maesh called --smi. This would set Maesh into the SMI Mode which made it possible to make use of TrafficSplits or ACL.

As a side-effect you were unable to use the retry annotation together with SMI because internally the two modes were incompatible.

To change that, we have reworked how Maesh discovers services. Maesh will now build an internal topology of every deployed service, including *nested TrafficSplits* through the SMI specification.

Additionally, if you want to use ACL (TrafficTarget in SMI) you may now activate the ACL flag --acl similar to how you could activate the SMI flag before. Doing so, will activate the ACL feature on Maesh without impacting the SMI mode.

Multiple Middlewares per service

Last but not least, we also enhanced the handling of the annotations on your services. It is now possible to combine middlewares, for example the retry-attempts with the rate-limiter to better control your services.

---
apiVersion: v1
kind: Service
metadata: 
  annotations:
    maesh.containo.us/retry-attempts: 2
    maesh.containo.us/ratelimit-burst: 200
  labels: 
    app: my-udp-service
  name: udp-service
  namespace: test
spec: 
  ports: 
    - port: 8080
      protocol: UDP
  selector: 
    app: my-udp-service

This configuration activates the retry feature and Maesh will simultaneously try to proxy the request twice in case of a network error and activate the rate limiting for that service.

New Helm Major Version

As a result of all the architecture changes mentioned above, we needed to enhance the Major Version of our chart as we had some helm breaking changes. For assistance while upgrading your installation, please see here.

What’s Next

We’re just getting started. Work is underway to implement some of the most requested features into Maesh, including End to End encryption. Of course, this is only made possible by you, an awesome community, which provides us such valuable feedback that we’re able to define an exciting roadmap for a product you’ve helped us build.

Please don’t stop contributing, either in PR’s or just raising issues. For us it matters a lot.

Thank you!

About the Author

Latest from Traefik Labs

How to Keep Your Services Secure With Traefik’s Rate Limiting
Blog

How to Keep Your Services Secure With Traefik’s Rate Limiting

Read more
Taming The Wild West of LLMs with Traefik AI Gateway
Blog

Taming The Wild West of LLMs with Traefik AI Gateway

Read more
GitOps-Driven Runtime API Governance: The Secret Sauce for Scale
Webinar

GitOps-Driven Runtime API Governance: The Secret Sauce for Scale

Watch now

Traefik Labs uses cookies to improve your experience. By continuing to browse the site you are agreeing to our use of cookies. Find out more in the Cookie Policy.