Kong Gateway 2.0 opens up to the Go crowd


The team behind Kong Gateway has released version 2.0 of its microservice abstraction layer, providing users with buffered proxying and an option for hybrid mode deployments.

Buffered proxying is a core addition that offers plugins an alternative to streaming service responses by allowing buffered reading. This can be used to “modify headers based on the  contents of the body”. Meanwhile the hybrid mode has been added to improve the security of large clusters, by not letting data plane nodes connect to the database directly. Their configuration is instead “managed and pushed by the control plane as necessary”.

Better security as well as improved performance is the idea behind the new separation of caches for core entities and plugin-controlled ones. Other enhancements include on_read support for transformations in DAO schemas for two-way data transformations between admin API I/O and database storage, and a backlog option for stream_listen.

Kong configurations has been fitted with new Nginx injections contexts and have the reuseport option in the listen directive enabled by default.

In terms of plugins, Kong now comes with an ACME plugin providing users with Let’s Encrypt and ACMEv2 integration. To make writing extensions like this more accessible to the larger containerisation community, the team has added an out-of-process Go plugin server. This allows devs to create new plugins in Go, which was also used to write Docker and Kubernetes, instead of Lua and could therefore help with the adoption of the project. 

There were also some fixes to the core and admin API, which are meant to help with some configuration and change detection issues. A complete list can be found in the Kong changelog.

Users that haven’t updated their Kong installation for a while will be interested to hear that along with the 2.0 release the team also pushed out Kong 1.5. This is the last minor version of the 1.x series and is meant to help users still on 0.x versions to jump on more current releases via some specially designed migration features. Which is something to seriously consider, since support for the 0.x series ceased with the delivery of the current version.