We’re happy to announce the general availability of Kong Enterprise 3.2. In this release, we've taken significant steps to ensure the smooth and reliable operation of our API management solution.
In Kong Enterprise 3.2, we've delivered key functionality for customers that operate Kong Enterprise in a hybrid environment in order to further enhance its reliability. Specifically, we've expanded Kong Enterprise's capabilities in the following areas:
Dataplane scale out
FIPS 140-2 compliance to include all first-party Kong plugins, in addition to Kong core
Data Plane Scale Out When Control Plane is Unreachable Enterprise
In Kong Enterprise 3.2, we've addressed the issue of a potential disruption of service between control and data planes.
When customers running Kong Enterprise in a hybrid mode provision a data plane, it triggers a communication to the control plane to provide the latest configuration settings. This configuration is required by the data plane in order to start proxying traffic successfully. If, during the initial setup, the data plane is unable to contact the control plane and retrieve the latest configuration, the data plane is unable to start. This poses a challenging situation for customers especially if the communication between control and data plane is disrupted when traffic volume is high, which requires the data plane to scale out.
In 3.2, we addressed this issue for our customers. The solution involves a new type of data plane node called a "backup node" which writes the most current control plane configuration to either a GCP or AWS storage bucket.
This backup node receives configuration from the control plane and writes the configurations to the bucket specified by the customer. In the event of a control plane failure, a new data plane being provisioned can reach out to the specified bucket and retrieve the latest configuration data. The bucket connection specifics are configured via ENV variable on the data plane.
It's worth noting that we've taken special care to ensure that any Kong version differential between data planes is taken into consideration and that new/restarted data plane(s) only retrieve backed-up configuration that is compatible with the version of Kong Enterprise that they're running.
The specifics on how to configure this can be found in the documentation here.
The below diagram illustrates the advantages of this feature in the event that CP/DP communication is disrupted.
Figure 1: Dataplane scale out when the control plane is unreachable
Latency-based steering allows Kong load balancers to choose the "fastest" backend based on total response time when proxying to upstream services. Our latency-based steering implementation is based on the exponentially weighted moving average (EWMA), which ensures the balancer selects the upstream service based on the lowest average latency.
This algorithm is a good choice for services that receive a high volume of requests per second as it allows Kong to constantly rebalance the upstreams based on the most current response time data.
In this release, "latency" will be added as a load-balancing algorithm available during configuration (in addition to the existing round-robin, consistent-hashing, and least-connection algorithms).
Kong Manager Updates Enterprise
In Kong Enterprise 3.2, Kong Manager has added support for the following gateway features:
Key Entity: Key entities can now be created in Kong Manager. A Key object represents asymmetric keys in various formats. The Kong Gateway or a Kong plugin can use this entity when it requires a user-supplied public or private key for authentication via mTLs or other encryption operations.
Figure 2: Create key entities in Kong Manager
Kong Manager also adds various UX enhancements that include:
License Report Export: In previous versions of Kong Enterprise, obtaining license usage reports was only available via an Admin API call. In 3.2, Kong Manager facilitates this by exposing the option to download the license report (or copy it to the clipboard) directly from the UI.
Figure 3: License usage report
Expression Router UX: In Kong Gateway 3.0, we shipped with a new router. The new router can describe routes using a domain-specific language called Expressions. In 3.2, Kong Manager enhances the user experience of building and validating expression-based routes. The "expression" field in the Route form now has full linting and autocomplete support for the expression syntax. Additionally, the Route form exposes a router playground that developers can use to test requests against expression-based routes they build.
Figure 4: Full linting and autocomplete support for the expression syntax
Figure 5: Test requests against expression-based routes
Additional Release Highlights
For users who want a single session maintained across all their apps using OIDC, Kong Enterprise 3.2 now supports global sessions for OIDC within our OIDC plugin.
Kong Gateway core and all associated first-party plugins are now FIPS 140-2 compliant. This builds on our momentum from the 3.1 release in which all "core" Kong components were made FIPS 140-2 compliant.
The Kong Debug header can now be flipped on/off via a flag.
Plugin instances now support an "instance_name" field in configuration. This helps disambiguate between multiple plugins of the same type.
We've added the following to our plugin documentation: