Kong Konnect Adds Support for Multi-Geo, Dynamic Client Registration

Christian Heidenreichand Sunny Xiaalso contributed to this post.

We're excited to announce a new release of Kong Konnect, the end-to-end SaaS API lifecycle management platform. This release introduces a number of brand new features as well as improve existing features that empower you to efficiently publish, consume, secure, analyze, and manage APIs and services across all your applications in any environment. Read on to learn more about the new capabilities in Kong Konnect.

Multi-Geo Support (European Union)

Kong Konnect customers can now host and operate Kong Konnect control planes in the European Union (EU) region. This allows our customers to meet data residency and regulatory requirements.

In addition, with multi-geo support customers can operate the control plane in the same geographical regions where their end-users, applications, and gateway deployments are located thereby reducing network latency and minimizing the blast-radius in the event of cross-region connectivity failure. This feature is exclusively available via our Kong Konnect Enterprise tier plan.

Figure 1: Kong Konnect multi-geo support

Kong Konnect supports Kong Gateway 3.0 capabilities

We recently released Kong Gateway 3.0 for both the enterprise and open source editions.

Kong Gateway 3.0 adds powerful new features such as secret management, OpenTelemetry integration, WebSocket support, plugin ordering in addition to major architectural improvements that enhance Kong Gateway's robustness and performance.

We’re happy to announce that Kong Konnect also supports all of Kong Gateway 3.0 capabilities except for secret management, FIPS 140-2 compliant runtime and consumer groups features. Kong Konnect supports new plugins in Kong Gateway 3.0 including WebSocket Validator, WebSocket Size Limit, and OpenTelemetry plugins. Similar to Kong Gateway 3.0, Kong Konnect supports dynamic plugin execution order through decK and the updates made to LDAP Authentication Advanced plugin in Kong Gateway 3.0. To learn more about these features please read the Kong Gateway 3.0 release blog.

We plan to enable secret management and consumer groups features support for Konnect by the end of the year.

Get started with the newest version of Kong Gateway in Konnect here.

Dynamic Client Registration support for application management using Okta

Kong Konnect developer portal supports the integration with Okta for the end to end client management. This feature is released as private beta, available to Kong Konnect Enterprise customers. Please work with your account team to set up this feature in your Konnect organization.

In this feature, Okta acts as the authorization server and issues the client credentials for the application, which will be shared with the developer in the developer portal. The interaction between the developer portal and Okta is compliant with the OpenID Connect Dynamic Client Registration open standard.

It solves the following problems:

• Removing the manual overhead for the developers to create the application and map the credentials in both dev portal and the third party identity provider, dev portal directly integrates with the existing security infrastructure adopted by the enterprises and enables a better experience and easier adoption.
• It leverages the identity provider for the client authentication and authorization management, which is a more secure solution for distributed applications.

We’ll add support for more idP in the future releases. For more information, please visit our documentation.

Figure 2: Configure Okta for DCR

Figure 3: Receive client credentials from dev portal

Support for Application Registration Across all Runtime Groups

Kong Konnect developer portal now supports application registrations to all the services across all runtime groups. Earlier application registration only supported the services proxied through the gateway instances configured in the default runtime group. With this improvement, customers can now register applications across any runtime group. This feature will be supported in Kong Gateway 3.0 and above versions There are no gateway version constraints for the default runtime group.

As part of this feature release, we’ll no longer store the API key credentials in the developer portal. Portal users need to store their credentials immediately after the creation of the credentials.

Currently, this feature is released as a tech preview. We welcome customers to provide early feedback.

New Features in Kong Analytics (formerly known as Vitals)

Runtime Groups Dashboard

Customers now have insights into their runtime groups usage across all and individual runtime instances. These insights help platform owners to understand the health and performance of each runtime group which often reflects individual business units in a more federated organization.

Figure 4: Runtime Groups Dashboard

Custom Reporting

Announcing the general availability of Kong Konnect’s custom reporting functionality for Kong Analytics. In this release we focused on stability and minor usability improvements.

What is custom reporting?

With only a few clicks, customers can look at Kong Analytics data in more detail and export that data into a CSV. With this capability, you can easily visualize the data you need.

To learn more about custom reporting, please refer to our documentation here.

Figure 5: Create custom report of services by status codes

Next Steps

For additional details on Kong Konnect, refer to our documentation or start your free trial today! Want to learn more about Kong Konnect and other exciting Kong updates? Check out our Kong Summit event today!