Announcing Maesh 1.2

May 12, 2020

Now with support for UDP, reworked ACL, and a more efficient installation!

In early March, we proudly announced the general availability of Maesh 1.1. Now, less than 3 months later we’re proud to introduce Maesh 1.2, the latest release of our simpler service mesh. This release brings new additions such as UDP support and enhancing our internal architecture to provide more flexibility and performance in large deployments.

UDP Support

As you probably know, Maesh is built on top of Traefik, our popular Cloud Native Edge Router. Traefik introduced UDP support with the release of version 2.2 in early March, and  as a result, Maesh is now able to handle UDP connections as well.

The only thing you need to do is modify your "maesh.containo.us/traffic-type" annotation and set it to udp.

---
apiVersion: v1
kind: Service
metadata: 
  annotations: 
    maesh.containo.us/traffic-type: udp
  labels: 
    app: my-udp-service
  name: udp-service
  namespace: test
spec: 
  ports: 
    - port: 8080
      protocol: UDP
  selector: 
    app: my-udp-service

That’s it! Maesh will now proxy the UDP protocol to that service.

Pull over Push Configuration

As a result of the architectural change mentioned above, we were able to improve the way our proxy nodes ingest configuration.

Prior to this release, the Maesh Controller pushed the current dynamic configuration to the proxy nodes. Of course, this solution was not optimal as it eventually resulted in longer deployment times and became a bottleneck in large clusters.

We’ve changed the configuration to a pull based system, so instead of waiting for a push, the custom nodes will pull the configuration from the controller.This change improves both performance along with stability, and makes the deployment of configuration not only more efficient but much easier.

ACL as a feature

Maesh was designed from the ground up to be SMI compliant. Therefore, we initially had a CLI flag to configure Maesh called --smi. This would set Maesh into the SMI Mode which made it possible to make use of TrafficSplits or ACL.

As a side-effect you were unable to use the retry annotation together with SMI because internally the two modes were incompatible.

To change that, we have reworked how Maesh discovers services. Maesh will now build an internal topology of every deployed service, including *nested TrafficSplits* through the SMI specification.

Additionally, if you want to use ACL (TrafficTarget in SMI) you may now activate the ACL flag --acl similar to how you could activate the SMI flag before. Doing so, will activate the ACL feature on Maesh without impacting the SMI mode.

Multiple Middlewares per service

Last but not least, we also enhanced the handling of the annotations on your services. It is now possible to combine middlewares, for example the retry-attempts with the rate-limiter to better control your services.

---
apiVersion: v1
kind: Service
metadata: 
  annotations:
    maesh.containo.us/retry-attempts: 2
    maesh.containo.us/ratelimit-burst: 200
  labels: 
    app: my-udp-service
  name: udp-service
  namespace: test
spec: 
  ports: 
    - port: 8080
      protocol: UDP
  selector: 
    app: my-udp-service

This configuration activates the retry feature and Maesh will simultaneously try to proxy the request twice in case of a network error and activate the rate limiting for that service.

New Helm Major Version

As a result of all the architecture changes mentioned above, we needed to enhance the Major Version of our chart as we had some helm breaking changes. For assistance while upgrading your installation, please see here.

What’s Next

We’re just getting started. Work is underway to implement some of the most requested features into Maesh, including End to End encryption. Of course, this is only made possible by you, an awesome community, which provides us such valuable feedback that we’re able to define an exciting roadmap for a product you’ve helped us build.

Please don’t stop contributing, either in PR’s or just raising issues. For us it matters a lot.

Thank you!

Related Posts
Traefik Proxy v2.11 is Now Available! Here are the Latest Updates.

Traefik Proxy v2.11 is Now Available! Here are the Latest Updates.

Emile Vauge
·
DevOps
·
February, 2024

On the heels of our announcement last week regarding the new release candidate of Traefik 3.0, we are excited to bring to you Traefik Proxy 2.11! Learn all about it in this blog.

Announcing Traefik Proxy v3.0 RC1

Announcing Traefik Proxy v3.0 RC1

Emile Vauge
·
Product News
·
February, 2024

Traefik Proxy v3 is now a Release Candidate and is on the way to GA. Learn all the new features, including Wasm, OpenTelemetry, Kubernetes Gateway API, & more.

Traefik Proxy 3.0 — Scope, Beta Program, and the First Feature Drop

Traefik Proxy 3.0 — Scope, Beta Program, and the First Feature Drop

Douglas De Toni Machado
·
Ingress
·
December, 2022

Traefik Proxy 3.0 Beta 1 is here! Let's explore the new major version and how you can get started with the released features in Beta 1.

Traefik Labs uses cookies to improve your experience. By continuing to browse the site you are agreeing to our use of cookies. Find out more in the Cookie Policy.