Kong Ingress Controller 2.7: Kubernetes Gateway APIs Go Beta

At Kong Summit this year, we announced the general availability of Kong Ingress Controller (KIC) 2.6. Today we are excited to announce the release of KIC 2.7 with even more features and improvements.

Earlier this year, we launched KIC 2.2 with initial support for Kubernetes Gateway API. Since then, we've continued to refine and iterate on our implementation of Kubernetes Gateway API. In KIC 2.7 we've graduated the following APIs `GatewayClass, Gateway and HTTPRoute` to beta. Alpha stage APIs (TCPRoute, UDPRoute, TLSRoute, ReferenceGrant) have been moved behind a different feature gate.

All things new in KIC 2.7

Kubernetes Gateway APIs Go Beta BETA

With KIC 2.7, we're graduating a few of our alpha APIs to beta. This means that parts of Kubernetes Gateway API are no longer behind a feature flag and are readily available to use in KIC. The specific APIs are `GatewayClass`, `Gateway` and `HTTPRoute`.

TCPRoute, UDPRoute, TLSRoute and Reference Grant ALPHA

In KIC 2.7, we've moved the following APIs to an `alpha` stage:

• TCPRoute
• UDPRoute
• TLSRoute
• ReferenceGrant

As time progresses, we expect the upstream maturity and adoption of these L4 protocols to mature and for these APIs to also advance to beta. For the time being, these can be enabled by adding the `–feature-gates=GatewayAlpha=true` to your configuration.

Additional Prometheus Metrics GA

Our Prometheus integration is integral for our customers to understand the health of their ingress controller by supplying metrics around configuration pushes and latency. In KIC 2.7, Prometheus metrics now highlight configuration push failures caused by conflicts. The `ingress_controller_configuration_push_count` Prometheus metric now reports `success=”false”` with a `failure_reason=”conflict|other”` label, distinguishing configuration conflicts from other errors (transient network errors, Kong offline, Kong reported non-conflict error, etc.). With this added visibility, our customers are able to determine why a configuration push may have failed and act accordingly.

Plugin Ordering GA

Plugins are an important part of the Kong ecosystem. Being able to decide what plugins run in which order is an important use case that can improve efficiency and allow for the custom transformation of a single request.

For example, being able to run the rate-limiting plugin before the authentication plugin will help in dealing with brute force attacks. With KIC 2.7, `KongPlugins` and `KongClusterPlugins` can be adapted to be used in a user defined order.

What's coming next?

As the Kubernetes SIG group continues to innovate on the Gateway API, Kong will be there to follow and keep feature parity. More specifically, future Gateway API release will contain the following features:

• GRPCRoute for gRPC traffic routing
• HTTPRouteResponseModifier is being added to compliment HTTPRouteRequestModifer
• Graduation of ReferenceGrant , TCPRoute, UDPRoute and TLSRoute from alpha to beta

Accompanying this functionality will also be the launch of our Gateway Operator. At a glance, the Gateway Operator is a tool to automatically provision, configure and upgrade Kong Gateway and KIC, manage multiple deployments of the gateway in a single cluster, and support multiple Gateway instances.

Get started with KIC 2.7 today! As always, feedback is welcome. You can keep track of the progress on our Github repository.