Today, we are excited to announce the release of Kong 1.3! Our engineering team and awesome community has contributed numerous features and improvements to this release. Based on the success of the 1.2 release, Kong 1.3 is the first version of Kong that natively supports gRPC proxying, upstream mutual TLS authentication, along with a bunch of new features and performance improvements.
Read on below to understand more about Kong 1.3’s new features, improvements and fixes, and how you can take advantage of those exciting changes. Please also take a few minutes to read our Changelog as well as the Upgrade Path for more details.
We have observed increasing numbers of users shifting towards Microservices architecture and heard users expressing their interests in native gRPC proxying support. Kong 1.3 answers this by supporting gRPC proxying natively, bringing more control and visibility to a gRPC enabled infrastructure.
protocol attribute can now be set to grpc or grpcs, which corresponds to gRPC over clear text HTTP/2 (h2c) and gRPC over TLS HTTP/2 (h2).Kong has long supported TLS connection to the upstream services. In 1.3, we added the support for Kong to present a specific certificate while handshaking with upstream for increased security.
Service entity has a new field client_certificate. If set, the corresponding Certificate will be used when Kong attempts to handshake with the service.In Kong 1.3, we have open sourced the Sessions Plugin (previously only available in Kong Enterprise) for all users to use. Combined with other authentication plugins, it allows Kong to remember browser users that have previously authenticated. You can read the detailed documentations here.
Kong 1.3 ships with fixes to the NGINX HTTP/2 module (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). We also released Kong 1.0.4, 1.1.3, 1.2.2 to patch the vulnerabilities in older versions of Kong in case upgrade to 1.3 can not happen immediately.
The version of OpenResty has been bumped to the latest OpenResty release – 1.15.8.1 which is based on Nginx 1.15.8. This release of OpenResty brought better behavior while closing upstream keepalive connections, ARM64 architecture support and LuaJIT GC64 mode. The most noticeable change is that Kong now runs ~10% faster in the baseline proxy benchmarks with key authentication thanks to the LuaJIT compiler generating more native code and OpenResty storing request context data more efficiently.
Host).kong config db_export CLI command can be used for creating a dump of the database content into a YAML file that is suitable for declarative config or importing back to the database later.error.log, this release should significantly reduce or even eliminate this error in your deployment.reuseport flag which can be used to improve load distribution and latency jitter if the number of Kong workers are large.deferred and bind flag support has also been added. You can check NGINX listen directive documentation to understand the effect of using them.Kong 1.3 also contains improvements regarding new entities for storing CA Certificates (certificates without a private key), Admin API interface and more PDK functions. We also fixed a lot of bugs along the way. Because of the amount of new features in this release, we can not go over all of them in this blog post and instead encourage you to read the full Changelog here.
We also added a new section to the kong.conf template to better explain the capabilities of injected NGINX directives. For users who have customized templates for adding just a few NGINX directives, we recommend switching over to use the injected NGINX directives instead for better upgradability.
As always, the documentation for Kong 1.3 is available here. Additionally, as mentioned above, we will be discussing the key features in 1.3 in subsequent posts and on community calls, so stay tuned!
Thank you to our community of users, contributors, and core maintainers for your continuing support of Kong's open source platform.
Please give Kong 1.3 a try, and be sure to let us know what you think!
As usual, feel free to ask any question on Kong Nation, our Community forum. Learning from your feedback will allow us to better understand the mission-critical use-cases and keep improving Kong.
Happy Konging!
Our latest release of Kong Konnect augments the security and compliance of the offering through enhanced authentication capabilities. Through the rest of this post, we’ll walk you through each of these features and explore what’s new in this Kong
Bridging the API (and API access) gap between AI coding tools, agents, and the APIs that they “eat” Data might be the fuel for AI. But APIs are the proper way to package that “fuel” as AI-ready “food” is through the API. AI coding tools can do a lot
Explore Kong Konnect’s new approach to API Orchestration Different teams, different preferences API orchestration at the gateway layer can involve coordinating multiple services, transforming data, and managing request flows. Some teams prefer worki
Simplify operations and scale with confidence To unlock Kubernetes’ full potential, many enterprises are relying on three key building blocks available in Kong Konnect today: Kubernetes Ingress Controllers: Ingress controllers are used for managing
Most APIs today are accessed over the ubiquitous HTTP protocol and the framework to create these APIs is known as REpresentational State Transfer (REST). These APIs are known as RESTful APIs . However, if you've been working in API development over