Home / Companies / Kong / Blog / September 2021

September 2021 Summaries

16 posts from Kong

Filter
Month: Year:
Post Summaries Back to Blog
Pulumi is highlighted as an exciting infrastructure as code tool that allows users to write configurations using familiar programming languages like Typescript, Go, Python, or DotNet instead of a domain-specific language. This blog post guides users through deploying an AWS EC2 instance and configuring it as a Kong Konnect data plane using Pulumi. It details the installation process of Pulumi, setting up AWS credentials, and creating a Pulumi project for managing infrastructure. Users are shown how to create a new AWS S3 bucket, an EC2 instance with specific configurations, and export the server's public DNS name. Additionally, the post explains using the kong-pulumi package to install and configure Kong Gateway on the server, utilizing Pulumi's secrets system for secure authentication with the Konnect API. The process demonstrates how Pulumi facilitates efficient infrastructure deployment and management, aligning with modern CI/CD workflows and APIOps practices.
Sep 30, 2021 1,118 words in the original blog post.
At the Kong Summit, several new products and features were announced to enhance their service connectivity platform, aiming to make service connectivity as seamless as electricity. These include the general availability of the Kong Istio Gateway, which integrates with Istio service meshes to enhance performance and offers enterprise API management tools. Additionally, Kong Gateway 2.6 promises increased speed and advanced transformation capabilities with support for the jq framework and improved Kafka plugin features. Kong Mesh 1.5 introduces Windows support and Roles-based Access Control to enhance security and governance. Insomnia Projects is launched to promote collaborative API development, and a technology preview of WASMx is introduced, allowing customization using the WebAssembly standard. These developments highlight Kong's commitment to innovation and improving API and service mesh experiences.
Sep 29, 2021 979 words in the original blog post.
Kong API Summit 2021, a highly anticipated virtual event, attracted over 4,000 participants from 87 countries, featuring major announcements, exciting sessions, and interactive activities. The event kicked off with an action-packed keynote by Kong CEO Augusto Marietti, celebrating the company's growth and unveiling Kong Academy for training and Kong Istio Gateway integration. CTO Marco Palladino highlighted the rapid adoption of Kong Gateway, emphasizing its evolution beyond an API gateway. Key product announcements included Insomnia Projects, Kong Gateway 2.6 with performance enhancements, the jq plugin, and Kong Ingress Controller 2.0. Reza Shafii, VP of Product, introduced Kong Mesh 1.5 and Okta support for Konnect Cloud, while the power of WebAssembly was also announced. The summit featured customer success stories and surprise performances, with the day concluding by honoring Cloud Connectivity Innovator Award winners, recognizing transformative use of Kong products. Attendees were encouraged to register for Day 2, promising further sessions and a Hackathon.
Sep 29, 2021 1,687 words in the original blog post.
Kubernetes remains a leading platform for container orchestration, with 83% of respondents in a CNCF survey using it in production for its features like self-healing, automated rollouts, and scaling. It supports microservices applications, which consist of numerous modular services interacting via APIs that need robust security and management to prevent data exposure and compliance issues. Kubernetes introduces unique security challenges, making effective API management crucial for business success. While Kubernetes Ingress facilitates external access to services through HTTP and HTTPS routing, it primarily handles traffic routing and load balancing, prompting the need for API gateways. An API gateway serves as an intermediary layer between clients and service APIs, offering centralized governance, access control, and documentation, thus streamlining complex microservices applications. This blog explores managing APIs in Kubernetes using both Ingress and API gateways, highlighting the importance of these tools in ensuring efficient and secure API operations.
Sep 29, 2021 864 words in the original blog post.
As companies increasingly adopt microservice architectures, effective monitoring and logging become critical due to the segmented nature of applications, which can involve numerous microservices that may encounter errors or hog resources. Although setting up monitoring and logging manually is possible, it is often labor-intensive and error-prone, particularly as the number of microservices grows. Instead, utilizing a service connectivity platform like Kong Konnect simplifies this process by centralizing the setup and management of services and their monitoring and logging capabilities. By deploying Kong Gateway and enabling plugins such as Prometheus for metrics and Loggly for centralized logging, organizations can efficiently manage their microservices architecture, allowing for high-quality and rapid software development without the pitfalls of manual configuration.
Sep 28, 2021 1,909 words in the original blog post.
The blog post discusses a method for modernizing legacy applications by using the Kong Gateway to create an API front for systems originally accessible only through a command-line interface. The example provided involves a Perl-based Pig Latin translator, demonstrating how a simple yet effective Kong Gateway Lua plugin, named Kronos, can expose such applications via REST APIs. The post details the setup process, including the use of tools like Docker Compose and Gojira, as well as the necessary Lua modules and Unix domain sockets. The Kronos plugin acts as a passthrough proxy, allowing command execution on the host via specified strategies. The author emphasizes the flexibility and potential security risks of this approach, highlighting the importance of safeguarding against malicious use while showcasing the powerful capabilities of Kong's plugin architecture for API exposure. Future enhancements, such as asynchronous strategy execution and adapting the framework for Windows hosts, are suggested as potential topics for further exploration.
Sep 23, 2021 2,202 words in the original blog post.
Deploying a full application performance monitoring (APM) stack using the Kong Ingress Controller in a Kubernetes environment can be simplified by leveraging Prometheus and Grafana. This approach, designed as a demonstration rather than a production-ready guide, involves setting up a local Kubernetes cluster with "kind," installing Prometheus and Grafana for monitoring, and configuring Kong for application management. The process includes configuring Prometheus to scrape metrics every 10 seconds, setting up a Grafana dashboard integrated with Kong, and forwarding ports to access the services locally. By simulating traffic through dummy services, users can observe how these tools capture and visualize metrics, providing a foundation that can be adapted for production applications. Once the demonstration is complete, the tutorial provides steps for cleaning up the setup, while also encouraging engagement with the Kong community for further exploration and learning.
Sep 21, 2021 1,206 words in the original blog post.
As the software industry transitions from monolithic to microservices architectures, there is an increasing emphasis on developing modular and reusable APIs, which must be well-documented and compliant to be effective. The API specification serves as a vital contract between its designers, builders, and consumers, necessitating regular reviews to ensure compliance with standards and alignment with implementation. Manual review processes are time-consuming and error-prone, highlighting the benefits of using automated tools like Insomnia, which offers real-time syntax validation, Git synchronization, and automated testing capabilities. By integrating Insomnia into the API development workflow, teams can maintain up-to-date and consistent API specifications, facilitating more efficient API design, testing, and deployment. This approach not only streamlines the review process but also supports test-driven development and seamless collaboration, making it a superior alternative to traditional manual methods.
Sep 20, 2021 2,827 words in the original blog post.
Automating digital transformation API deployments can accelerate time to market and reduce resource use, provided security requirements are met, as discussed by Kong's Peggy Guyott and Ned Harris during the Destination: Automation 2021 digital event. They highlighted tools like Kong Developer Portal and Inso CLI that facilitate secure and automated API deployments. APIOps, which ensures frequent and continuous security and performance testing, is central to making deployments consistent and predictable. During a demo, Harris showcased a "spec-first" approach for API deployment using Kubernetes clusters for development and QA, emphasizing the importance of OpenAPI Specifications for configuration and documentation. The demo revealed that the API initially failed testing due to the absence of rate limiting and OpenID Connect policies, which were later enforced using Kong's plug-ins. By utilizing GitHub Actions and CI/CD, Harris demonstrated deploying the API configuration to development successfully. The process highlighted the versatility of Kong's plug-ins and the potential for customization based on organizational needs.
Sep 16, 2021 765 words in the original blog post.
Kong Gateway 2.5 introduces event hooks, a new feature that allows users to receive notifications when specific events occur in their Kong Gateway deployment, particularly useful for monitoring system changes such as the creation of new administrators or the addition of plugins to latency-sensitive routes. This enterprise feature offers four types of actions: sending preformatted POST requests via webhooks, building custom HTTP requests, logging events in Kong Gateway logs, and triggering Lua functions. Users can configure event listeners by accessing the /event-hooks/sources endpoint to view available sources, events, and fields for templating. Examples of event hook applications include sending Slack notifications for unreachable upstream services, logging the creation of new admins, and enforcing email policies for new admins via webhooks. To enhance security and functionality, users can configure features such as the snooze parameter to silence notifications within specific time windows and enable the x-kong-signature to validate request authenticity. The event hooks feature is designed with developer experience in mind, offering extensive customization and integration options, and users are encouraged to explore and share their creative implementations.
Sep 13, 2021 1,102 words in the original blog post.
In 2019, Kong introduced Kuma, an open-source control plane for service mesh built on Envoy, which has become a CNCF sandbox project. Over the past year, Kuma has seen significant growth, including an 800% increase in instances and a 2,200% rise in data plane proxies globally, with adoption by companies like Chipotle, Intel, and Cisco. The project has a thriving community, with 2,400 GitHub stars, contributions from 43 developers, and 800 Slack members. Recent developments include 24 official releases with features like a service map topology view, permissive mTLS for easier migrations, rate limiting for service protection, enhanced L7 traffic routing, and improved hybrid and multi-zone capabilities. The roadmap for Kuma is user-driven, focusing on performance improvements and simplifying upgrades, with ongoing community engagement encouraged through GitHub, Slack, and other platforms.
Sep 10, 2021 539 words in the original blog post.
Kong has announced the beta release of its Kong Ingress Controller (KIC) version 2.0, marking a significant update from its previous version 1.0 with over 300 new features and bug fixes. Key enhancements in KIC 2.0 include support for UDPIngress, the ability to watch multiple Kubernetes namespaces simultaneously, and native Prometheus integration for improved performance monitoring. The update also introduces breaking changes, such as the removal of support for classless resources and revamped structured logging. Built on Kubebuilder, KIC 2.0 aims to leverage advancements in Kubernetes to provide operational robustness, centralized monitoring, and better scalability through incremental configuration updates. This new architecture is set to support the Kubernetes Gateway API for more expressive ingress configurations and aims to integrate service mesh capabilities directly within the controller. The transition to KIC 2.0 is designed to be seamless for users, with detailed upgrade documentation available, although some changes in flags may affect highly customized setups.
Sep 09, 2021 959 words in the original blog post.
As companies increasingly adopt multi-cloud strategies, API providers face challenges in delivering scalable APIs while adhering to security requirements across different cloud platforms. The complexity of API authorization is heightened by the use of various technologies and the need for consistent security standards, which can lead to chaos when left to individual teams. A centralized Center of Excellence (COE) for reviewing APIs is often inefficient and becomes a bottleneck. To address these challenges, declarative configuration using APIOps, Kong Gateway, and Open Policy Agent (OPA) offers a solution by automating API lifecycle processes, including validation and authorization. OPA enables policy-as-code, allowing companies to enforce security policies across different applications seamlessly, integrate with CI/CD tools, and support platform-agnostic operations. This approach enhances efficiency and security for API deployment in multi-cloud environments, offering a powerful and flexible solution that simplifies the complex task of managing APIs at scale.
Sep 09, 2021 1,803 words in the original blog post.
Modern microservices-based architectures necessitate a shift in both application development and deployment strategies, emphasizing hybrid deployments and Kubernetes orchestration as fundamental components. Kong Gateway facilitates hybrid deployments by separating the control plane, which handles administrative tasks, from the data plane, which serves API consumers, allowing them to operate in distinct environments. Amazon Elastic Kubernetes Service (EKS) provides a robust platform for deploying these architectures, offering features like high availability, scalability, and load balancing. The integration of Kong Konnect and Amazon EKS Anywhere enhances this setup by enabling flexible deployment across AWS Cloud and on-premise environments, utilizing Amazon's open-source Kubernetes distribution and the Cluster API Project. This synergy allows for seamless workload movement and microservices management, with mTLS tunnels ensuring secure communication between control and data planes. The deployment of these components can be managed using Kubernetes tools like YAML, Helm Charts, and DevOps practices, which simplify the configuration of roles and communication settings. Together, Kong Konnect Enterprise and Amazon EKS Anywhere offer a comprehensive solution for running services across hybrid environments, supporting a wide range of API management features and plugins.
Sep 08, 2021 924 words in the original blog post.
As companies increasingly transition to cloud infrastructures, understanding and implementing cloud native architecture becomes crucial for optimizing this shift. Cloud native infrastructure, as defined by the Cloud Native Computing Foundation (CNCF), typically includes containers, service meshes, microservices, immutable infrastructure, and declarative APIs. This transition involves isolating services into microservices, which allows for independent updates, enhanced security, and better automation through continuous delivery. Communication between these microservices is facilitated via APIs, often managed by an API gateway like Kong Konnect, which offers a comprehensive view of service interactions. Security is bolstered by network isolation, and automation is achieved through a DevOps approach, using Infrastructure-as-Code to manage resources consistently. Containerization, managed by platforms like Kubernetes, ensures consistency and scalability, while Kong Konnect enhances service reliability by providing insights into uptime and traffic patterns. With over 90% of enterprises expected to rely on cloud infrastructures by 2022, embracing a cloud native approach becomes essential, and platforms like Azure and Google Compute encourage this transition by offering supportive tools and frameworks.
Sep 07, 2021 1,342 words in the original blog post.
A service mesh is an infrastructure layer for facilitating service-to-service communications, with Envoy often utilized as a data plane component within service meshes such as Istio and Kong's Kuma. Envoy configurations can be complex due to its support for dynamic configuration, load balancing, protocol support, retries, circuit breaking, and rate limiting. Core components of Envoy include listeners, filters, clusters, and routes. Listeners receive traffic, filters process it, clusters determine the traffic's destination, and routes are used for directing HTTP traffic based on higher-level application knowledge. The control plane of a service mesh integrates with systems like Kubernetes to gather service information, translating it into configurations for Envoy using xDS APIs, which manage the discovery of components such as listeners and clusters. The Aggregated Discovery Service (ADS) streamlines this process by delivering configuration data in one continuous stream. Practical applications of Envoy in a service mesh context can be seen in demonstrations using Kubernetes and Kuma, showcasing how service mesh policies are translated into Envoy configurations.
Sep 02, 2021 1,066 words in the original blog post.