Today, we’re proud to announce the release of Kong Enterprise 2.2 GA! Kong Enterprise 2.2 is built on top of version 2.2 of our popular open source gateway and brings with it a slew of new features and some Enterprise-only features on top. Let’s dive in!
For a long time, Kong has supported not only HTTP/HTTPS traffic with REST and gRPC APIs, but also raw TCP streams. In version 2.2, we now extend our support to include UDP-based protocols as well! UDP is used in a wide range of applications, ranging from audio/video streaming to gaming servers to financial services and much more, thus giving Kong Enterprise 2.2 a much wider range of APIs that we support.
Kong Enterprise 2.2 adds support for proxying, load balancing and running plugins on UDP data giving users similar functionality for UDP that was already available for TCP. Using Kong for load balancing UDP data is particularly interesting since there is no inherent sense of a stateful connection in UDP, so Kong can ensure incoming packets are balanced consistently across upstream services, ensuring optimal cache use in those services.
Even More Security
Kong Enterprise 2.2 has a number of new features that help our customers make security even simpler and more robust than ever before. One such feature built based on feedback we have received from our users and customers is a new option for automatically loading certificates that are pre-installed with the operating system. The configuration allows multiple entries alongside the certificate file bundled with the OS. This makes it much easier operationally to support HTTPS services in the open internet while also enabling custom certificates for internal services.
Speaking of security at the operating system level, Kong 2.2 allows you to reduce the risk level and help meet compliance needs by allowing Kong to run as a non-root user. This is generally a best practice for the principle of least privilege. Note that if you’ve been using our Docker images: we’d already taken steps before 2.2 to build those images in a way that we add a “kong” user and granted that user access to the necessary files/directories. This new change helps cover the remaining use cases for non-Dockerized installs.
Finally, Kong Enterprise 2.2 introduces new features in the Enterprise-only OpenID Connect plugin. That new plugin has several new features. It’s now more resilient to discovery (and rediscovery) and has a new ability to specify a salt for a cache key so that if you have 2 instances of the OIDC plugin, you can avoid cache collisions. It also now lets you set a configuration parameter (issuers_allowed) to specify valid issuers, allows you to manually define the user info endpoint via a new userinfo_endpoint setting, and can now pass urn:ietf:params:oauth:grant-type:jwt-bearer assertions with the client_credentials authentication method.
Significant Performance Improvements
There were several improvements made in Hybrid Mode in Kong 2.2, most of which are generally transparent for the user but which result in an overall smoother scenario. One of the more notable improvements comes from a much more efficient mechanism to communicate between Control Plane and Data Plane nodes, especially when the Data Planes are receiving large and frequent updates.
Another win for users that route large amounts of data through Kong is that we’ve added a new ability to disable buffering of the responses on a per-Route basis. This can help you to significantly reduce Kong’s latency in cases where your users are uploading images or videos or other large files through a Kong gateway, as a few examples.
The above list only touches on some of the larger features in this release. For a complete list of changes, check out the Kong Enterprise 2.2 Changelog.
Try it Today!
We’re thrilled to be able to share this latest release with you, and we’re proud of the contributions from Kong employees, our awesome customers, and our great community! Kong Enterprise 2.2 is available today as a free trial and for our customers to download.