The company Kong has released version 2.3 of the microservices gateway of the same name. The current release changes the default settings for running Lua scripts in favor of security. It also brings some additions to the plug-ins for logging and authentication, among other things.

With a view to global use, Route and service names are now specified in UTF-8. In addition to Russian or Japanese characters, emojis may also be part of the service name.

Open instead of secure The secure-by-default principle now applies to the settings: Kong Gateway is set restrictively by default, and if you need more flexible settings, you must activate them explicitly. This is especially true when running Lua code. The scripting language could previously be used for serverless functions as required and they thus potentially had access to the Kong process itself.

There was an explicit recommendation to secure the administration port and, if in doubt, corresponding plug-ins to deactivate in the configuration. Now, however, the software is turning the tables and by default only executes Lua programs in a sandbox. Administrators must explicitly allow extended use.

The sandbox has its own rules Specifically, serverless Functions that Lua code in the sandbox only has access to the Kong PDK (Plugin Development Kit), the OpenResty-ngx APIs and the Lua standard libraries by default. There are three new configuration parameters for sandboxing: untrusted_lua , untrusted_lua_sandbox_requires and untrusted_lua_sandbox_environment .

In the Standard setting sandbox allows the parameter untrusted_lua running Lua code in the sandbox. Via off the loading of Lua code is generally prohibited, while on allows execution without sandbox. The latter setting corresponds to the previous specifications.

untrusted_lua_sandbox_requires is a global setting , which provides additional modules for the sandbox, and with untrusted_lua_sandbox_environment you can define additional Lua variables for the sandbox.

Extended plug-ins There are a few notable additions to the plug-ins from Kong Gateway. The fact that the HTTP log plug-in allows headers to be added to the HTTP request is intended to improve the interaction with observability tools such as Splunk and the tools of the Elastic Cloud on Kubernetes (ECK). The key authentication plug-in brings the two new Boolean configuration parameters key_in_header key_in_query , which are set to true by default.

Finally, the parameter require_content_length can be used to specify that the request size limiting Before reading the request body, the plug-in ensures that the header contains a valid content length .

Big gorilla for small services Kong connects an open source API gateway with a load balancer. The gateway has Italian roots and was originally 2009 in Milan. Until the renaming 2017 the company behind it was called Mashape, and the Kong software has been 2015 an open source project.

There is also an enterprise product that offers additional functions for administration, security and high availability. In addition, the enterprise version with Kong Studio contains an adapted version of Insomnia for creating, testing and publishing REST- and GraphQL-based interfaces.

Further innovations in Kong Gateway 2.3 can be found on the Kong blog remove. As with the previous versions 2.1 and 2.2, Kong has released a beta version of Kong Enterprise 2.3 parallel to the open source version.

( rme)