News KrakenD EE v2.8 released: Configurable logging, Redis-backed rate limits, Lua, YAML encoding and more

Product UpdatesSecurity

6 min read

KrakenD Enterprise v2.4: New Power and Efficiency

by Albert Lombarte

We are thrilled to announce the upcoming release of KrakenD API Gateway v2.4 (download, a significant step forward in enhancing your API management experience. Packed with an array of powerful features and improvements, this release is set to improve the way you manage and optimize your APIs.

As the API landscape evolves, KrakenD remains dedicated to providing cutting-edge tools to optimize and manage your APIs. The v2.4 release showcases our commitment to innovation, flexibility, and security, ensuring that you have the best possible resources at your disposal.

Catch All: Forward non-matching routes to a fallback backend

One of the standout features of KrakenD v2.4 is the introduction of the Catch All endpoint. This addition allows you to define a fallback backend for any non-matching route and method, ensuring that no request is left unanswered by a backend behind.

Its primary use case is for initial stages of a migration, when you want to test a small subset of endpoints on KrakenD and have all the rest of the traffic forwarded to a joint backend that acts as a reverse proxy for unmatched routes.

Advanced Flexible Configuration

The engine behind the open-source Flexible Configuration has been rewritten from scratch to remove its limitations, and the Extended Flexible Configuration is the result.

With the addition of the $ref keyword, recursion capabilities, behavior files, and more, configuring your API gateway becomes more intuitive and efficient than before. This is a game-changer for those who demand precision and control over their API setup.

Response transformation with templates

Say hello to response body transformation using Go templates. With this new feature, you can effortlessly manipulate response bodies, tailoring them to your exact requirements, even when you use no-op.

This opens up a world of possibilities for adapting API responses to suit various client needs, all while maintaining consistency and efficiency.

Enhanced Rate Limiting

Our rate-limiting capabilities have received a significant upgrade. The rewritten rate limit component introduces the every parameter, empowering you to set granular limits per second, minute, or hour. This level of control ensures that your APIs remain performant and responsive, even in the face of varying traffic patterns, in a syntax that is easier to understand.

Header Filtering taken up a notch

In response to your feedback, we’ve added a second level of input_headers filtering in the backend section. This enhancement provides an additional layer of control over which headers are passed through, contributing to a more secure and efficient API gateway setup.

gRPC adds header mapping

The addition of the header_mapping feature allows you to pass headers of gRPC backends as metadata, simplifying communication and ensuring consistent data transfer between your services.

Faster and smarter JWK Aggregator

Our JWK aggregator that enables multiple identity providers has undergone a makeover, fetching all keys in parallel and adding the cache attribute to reduce network traffic. This means that securing your API with JSON Web Tokens is now faster, smarter, and more efficient than ever before, as you now have three possible levels of JWK caching (endpoint, service, and aggregator).

Enhanced Startup Visibility

We understand the importance of a smooth startup process, and that’s why we’ve introduced endpoint name logging. Now, you can easily identify endpoints that may be facing registration issues during startup, making troubleshooting a breeze.

Native Functionality, deprecations and removals

As we continue to evolve KrakenD API Gateway, some features have been deprecated or removed to make way for newer, more efficient solutions:

Security and Compatibility

We take your security seriously. In v2.4, the Enterprise binary will no longer attempt to run in open source mode when the license is missing or expired. This proactive step ensures that security policies are consistently upheld. We don’t want any customer running a gateway by accident that does not enable security components.

– Upgrading to the latest version is highly recommended to take advantage of these exciting new features and improvements. Stay tuned for the official release, and empower your API management with KrakenD v2.4!

🚀 Summary of changes for EEv2.4

The v2.4 introduces powerful features such as the Catch All (or No-route, or Fallback), the Advanced Flexible Configuration, response manipulation using templates, improves gRPC, or the conversion of some plugins to native functionality. It also includes all features and fixes of Community 2.4.3. Check out the rest of features.

  • The new Catchall endpoint defines a fallback backend for any non-matching route and method
  • The new Advanced Flexible Configuration adds the $ref keyword, recursivity, behavior file and much more
  • Response body transformation using templates with the modifier/response-body-generator
  • A rewritten rate limit introduces the every component, allowing to set limits per second, minute, or hour.
  • Add a second level of input_headers filtering in the backend section.
  • The DNS SRV can now use protocols other than http through the flag sd_scheme.
  • Added header_mapping to pass headers of gRPC backends as metadata.
  • The JWK aggregator now fetches all keys in parallel and adds the cache attribute to reduce network traffic.
  • The Static Filesystem is now available natively, and the plugin is no longer needed. There is also a new flag directory_listing.
  • Virtualhosts are now available natively and the plugin is no longer needed.
  • Log the name of endpoints that cannot register correctly during startup
  • The krakend check --lint command fetches the schema for its version.
  • The post execution on Lua fixes the error handling.
  • The static filesystem plugin has been deprecated. Upgrade to the native functionality.
  • The virtual host plugin has been deprecated. Upgrade to the native functionality.
  • The Instana integration was deprecated in previous versions and has been removed.
  • The Google Analytics integration was deprecated in previous versions and has been removed.
  • When the license is missing or expired, the Enterprise binary will not try to run in open source mode as there might be security implications, such as not understanding security policies.
  • The flag tls.allow_insecure_connections has been relocated under client_tls.allow_insecure_connections in v2.3, and the old location is no longer supported.
  • The flag prefer_server_cipher_suites is no longer supported. Servers now select the best mutually supported cipher suite automatically based on the logic that considers inferred client hardware, server hardware, and security.

Upgrading to the latest version is always advised.

Scarf

Stay up to date with KrakenD releases and important updates