News KrakenD EE v2.8 released: Configurable logging, Redis-backed rate limits, Lua, YAML encoding and more

Product UpdatesSecurity

8 min read

KrakenD Enterprise 2.1 released

by Albert Lombarte

The KrakenD team is pleased to announce the release of KrakenD Enterprise 2.1, already available for install or upgrade.

Apologies because we have added so much that the summary is not going to be short this time :)

🚀 Summary of changes for EEv2.1

KrakenD Enterprise v2.1 brings a lot of new functionality, including advanced manipulation with a JSON Query language, a Revoke Server to manage tokens in clusters, new Kibana and Grafana dashboards, faster encoding, a rewritten and richer NewRelic exporter, Websockets balancing, everything on Community 2.1.2, and much more.

  • The private Amazon or Azure container registries are now publicly hosted under the repository krakend/krakend-ee on Docker Hub
  • New JMESpath Query Language
  • New JWT Revoke Server that pushes revoke instructions to all members in the cluster and maintains consistency between all the nodes, existing or new.
  • The new Service Rate Limit controls the usage of a specific user or all users against all endpoints in the API.
  • The new Response Schema Validator ensures that the backend responses contain at least the structure of your choice, defining the rules with a JSON schema.
  • The new Content Replace is a manipulation plugin that allows you to apply regular expressions to the response.
  • The new fast-json encoding is 140% faster on collections and 30% faster on objects on average tests, compared to the open source edition json decoder.
  • WebSocket servers load balancing
  • New repository Telemetry Dashboards, including Kibana, Grafana, Logstash, and Influx v2
  • The NewRelic exporter has been rewritten from scratch, including now distributed traces and richer content.
  • When you use OpenAPI in combination with JSON Schema, write methods add the validation requirements in the documentation.
  • Multiple OpenAPI exports based on the audience field.
  • Add a response example to OpenAPI exports
  • Added a skip option for the static server to ignore matching sub-paths and route them to KrakenD endpoints
  • Added a no_redirect option to wildcards to let clients follow redirections (e.g: user logins)
  • Added identifier to the API Key authentication to allow custom headers and custom query strings.
  • Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.
  • Added allow_insecure_connections flag to ease development stages that use self-signed certificates.
  • Customizable response body for 404 and 405 errors
  • Added context propagation between Handler plugins and KrakenD Client plugins
  • Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.
  • More logging consistency (Bot detector, Bloom filter, Gologging)
  • Better control of errors when GELF is failing
  • Influx client not initialized during startup randomly (namespace collision being the cause)
  • The check-plugin command could panic when analyzing malformed files.
  • Easier logging to disk or remote server logging via the configurable syslog facility
  • The --accept-eula (or -e) flag is no longer necessary to start KrakenD and should be removed
  • The telemetry/opencensus component for NewRelic will stop working in future versions. Use telemetry/newrelic instead.

Upgrading to the latest version is always advised.

A little more detail on the most relevant above:

Changed the official Docker registry!

KrakenD Enterprise was download from a private Amazon or Azure container registries, where you needed their corresponding CLI tools to authenticate you. In order to ease this process, all Docker images of Enterprise are publicly available under the repository krakend/krakend-ee. For KrakenD EE 2.0 or greater you can now replace the following lines:

# Before
FROM 052351007912.dkr.ecr.us-east-1.amazonaws.com/krakend-ee
# Now
FROM krakend/krakend-ee

Easier and cleaner!

Advanced manipulation with a query language

You are probably now using Lua or Go plugins for complicated manipulations, or maybe you avoid them because it’s cumbersome. KrakenD EE 2.1 adds a powerful JSON query language manipulation executor that allows you to transform the data in ways it wasn’t possible without scripting just yet: perform searches, evaluate expressions, do replacements, apply sorting, and more.

KrakenD Advanced manipulation

Learn more about Advanced manipulation with JMESPath

Revoke Server

You can start KrakenD now with krakend revoke-server, and it creates a new service available to all KrakenD servers in a cluster. It pushes revoke instructions to all members in the cluster and maintains consistency between all the nodes, existing or new. In addition, you can interact with the server through an API to better integrate it with your existing applications, and it helps you revoke still valid tokens from a time expiration point of view.

Revoke Server

Learn more about the Revoke Server

Service Rate Limit

In addition to the proxy rate limit and the endpoint rate limit, the Enterprise version adds a service rate limit. It controls the usage of a specific user or all users against all endpoints in the API.

Learn more about Service Rate Limit

Response Schema Validator

The Response Schema Validator plugin ensures that the backend responses contain at least the structure of your choice before its returned to the user. You can define the rules with a JSON schema.

For instance, you might want to connect to three backend servers simultaneously and aggregate their information. In specific cases, if one of them does not return the needed information, there is no point in returning the information to the end user. The plugin gives you control on that.

Content Replacer

The Content Replacer is a manipulation plugin that allows you to apply regular expressions to any object, from the response. It can be used for standardization, obfuscating information, or any other application. Example:

{
    "content-replacer": {
        "data.credit_card": {
            "@comment": "Ridiculous card masking. Take 4 digits and remove the rest. Credit card is inside a data object.",
            "find": "(^\\d{4})(.*)",
            "replace": "${1}-XXXX",
            "regexp": true
        },
        "message": {
            "@comment": "Replace '6 items left' with '6' on the message field",
            "find": " items left",
            "replace": ""
        }
    }
}

Faster json decoder. Yes, faster!

It seemed impossible, but this version comes with a faster JSON decoder, and it flies! The fast-json encoder is now available in the encoding section of your backends. The new encoder is 140% faster on collections and 30% faster on objects on average tests, compared to the open source edition json decoder, and the difference is relevant when you manipulate payloads of a certain size.

Learn more about fast-json

Websocket balancing

Before this version, multiple WebSocket servers needed external balancing, but this is no longer necessary. KrakenD now accepts multiple WebSocket servers in its host array.

New Dashboards

We have created a new repository Telemetry Dashboards with new Dashboard configurations, and we’ve rewritten our NewRelic integration. The new stuff is:

NR traces

New features on OpenAPI

Three new features on OpenAPI generation:

  • When you use OpenAPI in combination with JSON Schema, write methods add the validation requirements in the documentation.

  • Multiple OpenAPI exports based on audience. You can segment the endpoints in your API to multiple audiences and generate different OpenAPI specs for each.

  • Add a response example as a static JSON object to show in the documentation.

    {
        "documentation/openapi": {
            "description": "An endpoint that is available to all plans",
            "audience": ["gold","silver","bronze"],
            "example": {
                "hi": "This is what I return"
            }
        }
    }
    

The list of new features still goes on…

More new features worth mentioning:

  • Easier logging to disk or remote server logging via the configurable syslog facility

  • Added a skip option for the static server to ignore matching sub-paths and route them to KrakenD endpoints. For instance, you can now treat any path starting on / in KrakenD as static (e.g., routes of a React application) and route sub-paths like /api/ to endpoints.

    {
        "plugin/http-server": {
            "name": ["static-filesystem"],
            "static-filesystem": {
                "prefix": "/",
                "path": "./react/dist",
                "skip": [
                    "/api"
                ]
            }
        }
    }
    
  • Added a no_redirect option to wildcards to let clients follow redirections (e.g: user logins)

    {
        "plugin/http-client": {
                "name": "wildcard",
                "no_redirect": false
            }
    }
    
  • Added identifier to the API Key authentication to allow custom headers and custom query strings. This is useful for transitioning from legacy systems.

    {
        "auth/api-keys": {
            "strategy": "header",
            "identifier": "X-Key"
        }
    }
    
  • Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.

  • Added allow_insecure_connections flag to ease development stages that use self-signed certificates.

  • Customizable response body for 404 and 405 errors

  • Added context propagation between Handler plugins and KrakenD Client plugins (router gin 1.8.1)

  • Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.

Relevant fixes

  • More logging consistency (Bot detector, Bloom filter, Gologging)
  • Better control of errors when GELF is failing
  • Influx client not initialized during startup randomly (namespace collision being the cause)
  • The check-plugin command could panic when analyzing malformed files.

Deprecations

The following components and options are marked as deprecated and will be removed in future versions:

  • The --accept-eula (or -e) flag is no longer necessary to start KrakenD
  • The telemetry/opencensus component for NewRelic will stop working in future versions. Use telemetry/newrelic instead.

Youtube channel

We have started to create video content on our KrakenD API Gateway channel on youtube; subscribe!

Scarf

Stay up to date with KrakenD releases and important updates