By on January 7, 2020

Kong for Kubernetes 0.7 Released!

Kong for Kubernetes (Kong for K8s) is a Kubernetes Ingress Controller based on the popular Kong Gateway open source project. Kong for K8s is fully Kubernetes Native and provides enhanced API management capabilities. From an architectural perspective, Kong for K8s consists of two parts: A Kubernetes controller, which manages the state of Kong for K8s ingress configuration, and the Kong Gateway which processes and manages incoming API requests. 

We are thrilled to announce the availability of this latest release of Kong for K8s! This release’s highlight features include encrypted credentials, mutual authentication using TLS, native gRPC routing, and performance improvements.

With this release, Kong for K8s now has 100%coverage of Kong Gateway’s administrative API functions. This means that all the features of the Kong Gateway can now be used natively on Kong for K8s through Kubernetes resources.

Encrypted Credentials Using Secret Resource

API access credentials can now be stored in encrypted form inside the Kubernetes datastore using the Secret resource. This provides encryption at rest for sensitive credentials. Kong’s controller reads these secrets from the Kubernetes API server and loads them into Kong.

 

 

 

We have also added support for validating the above secrets as they are created, using the Admission Controller that ships with Kong for K8s.

KongCredential CRD is now deprecated and will be removed in a future release. Users are encouraged to use Secrets for storing credentials.

Native gRPC Routing

gRPC traffic can now be routed via Kong for K8s natively with support for method-based routing. This can be enabled via the path field in the Ingress spec, which corresponds to the gRPC method name when the Ingress resource is annotated with gRPC as the protocol.

 

All logging and observability plugins can be enabled on the gRPC traffic to monitor and get insights into the traffic as gRPC requests are routed via Kong. Kong. We will be adding gRPC support to the wide array of authentication, traffic throttling, transformation plugins – stay tuned!

Mutual Authentication Using mTLS

The connection between Kong for K8s  and Kubernetes services can now be encrypted and authenticated using mTLS. You can use this to further lock down access to your services.

You can enable this feature for all the services in Kubernetes or on a case-by-case basis.

Plugins for Combinations of Consumer and Service

Plugins can now be created for a combination of Ingress and a KongConsumer or a Service and a KongConsumer. This allows for cases where a specific client of an API needs special treatment. A good example here is rate-limiting your users based on different tiers of your services (based on your SLAs/pricing) or giving a specific customer a higher rate-limit on a specific endpoint. Simply apply the same plugins.konghq.com annotation on the resources you’d like to configure the plugin for, and the controller will figure the rest out for you. 

Performance Improvements

By default, Kong for K8s will run in in-memory mode without a database now. This means that the Kubernetes datastore is now the source of truth. This also reduces the operational burden of running Kong and simplifies the management and upgrades, as there is no need to worry about the database anymore.

The controller will also consume less memory, and the number of sync events to Kong should reduce by at least an order of magnitude, further increasing Kong’s performance.

Miscellaneous Additions

Controller Configuration Revamped

Configuration of the Kong for K8s Kubernetes Controller itself can now be tweaked via both environment flags and CLI flags. Environment variables and Secrets can be used to pass sensitive information to the controller. Each flag has a corresponding environment variable (simply prefix the flag name with CONTROLLER_ string).

Multi-Port Services

Services with multiple ports are now supported and can be flexibly exposed to the outside world via Kong for K8s. This was a long-standing ask from the community and our enterprise users alike. Thank you @rainest for contributing this feature!

Upstream Host

The host header sent to the Kubernetes service can now be tweaked using the KongIngress resource.

For a complete list of changes and new features for this latest release of Kong for K8s, please consult the changelog document.

Compatibility

Kong for Ka variety of deployments and runtimes. For a complete view of Kong for K8s compatibility, plea8S works in se see the compatibility document.

Getting Started!

You can try out Kong for K8s using our lab environment, available for free to all at konglabs.io/kubernetes.

You can install Kong for K8s on your Kubernetes cluster with one click:

Alternatively, if you want to use your own Kubernetes cluster, follow our getting started guide to get your hands dirty.

Please feel free to ask questions on our Community forum — Kong Nation — and open a Github issue if you happen to run into a bug. 

Happy Konging!

Share Post: