KrakenD Enterprise v2.6 released with OpenTelemetry, FIPS-140, gRPC server and more
by Albert Lombarte
We’re rolling out KrakenD Enterprise v2.6, and it’s packed with new features and improvements that make managing your APIs smoother and more efficient. This version builds on everything you know and love about KrakenD Community 2.6, adding even more to the mix. Let’s break down what’s new without the fluff.
Observability and monitoring
OpenTelemetry integration: We’ve integrated OpenTelemetry to give you a better way to keep an eye on your APIs through tracing and metrics. This new tool will supersede OpenCensus, offering a more streamlined approach to understanding your API’s performance.
New Grafana dashboard: Thanks to OpenTelemetry, there’s also a new Grafana dashboard for Prometheus users. This means better visuals and insights into your API data, making it easier to spot trends and issues.
FIPS-140 and other security improvements
FIPS-140: A new Enterprise binary includes a cryptographic module option compliant with FIPS-140 standards, which is especially useful for industries with specific cryptographic requirements.
Max request size and Gzip decompression: We have also set new flags, max_request_size
and gzip_decompress
, that allows you to limit the requests’ maximum size in bytes and decompress gzipped requests before sending them to your backends.
JWT Improvements: We’ve made several enhancements to how JWTs are handled. Now, you can use custom headers for tokens and support for arrays in scopes, giving you more flexibility in managing access and security.
gRPC server
While KrakenD could already consume gRPC from your upstream services, we have added gRPC server capabilities in this release. This means that clients can communicate using gRPC with KrakenD, while KrakenD can still communicate with upstream services in any format.
The gRPC server enables gRPC to gRPC and gRPC to HTTP, Lambda, queues, etc. Your backend capabilities, including aggregation and data manipulation, remain the same
Flexibility and usability
Improved dynamic routing: Now, you can set up routing based on the host header, adding more versatility to managing incoming requests.
License Flexibility: You can now store your license file in a different path, making it easier to manage your KrakenD deployment. The environment variable KRAKEND_LICENSE_PATH
or the flag --license
allow you to store the license file anywhere.
Moesif Integration: This integration has been updated to let you set security policies, defining which traffic you want to put to Moesif so you can save money on your bills. It also adds access to nested claims to more accurately identify users and companies.
Plugin and API enhancements
Extended Plugin Capabilities: With the ability to test plugins more effectively and access the HTTP context, plugins are now more powerful and easier to integrate.
More OpenAPI Metadata Options: We’ve added more ways to describe your APIs within OpenAPI, including operation_id
and detailed query string parameters, helping your users better understand how to interact with your APIs.
Summing it up
KrakenD Enterprise v2.6 brings many updates aimed at making your life easier, whether through improved monitoring, enhanced security features, more deployment options, or better API and plugin management tools. We’ve skipped the marketing jargon to give you a straightforward look at what this release offers.
Upgrade to KrakenD Enterprise v2.6 and take advantage of these new features today (no configuration changes are required)
🚀 Summary of changes for EEv2.6
OpenTelemetry integration, extended plugin capabilities, updated Grafana Dashboard, and JWT fixes.
- New binary available with cryptographic module and testing requirements as per FIPS-140
- Dynamic routing based on host
- Added the OpenTelemetry integration which will eventually replace the previous OpenCensus component.
-
The new command
krakend test-plugin
tests if one or more given.so
files are loadable into KrakenD as the selected plugin type. - New Grafana dashboard available for Prometheus via OpenTelemetry
- Direct OpenTelemetry authentication against SaaS providers to avoid installing collectors.
- New gRPC server, allowing you to serve gRPC even if you don’t have gPRC backends internally.
-
The Moesif integration allows you to set a security policy using
should_skip
to save traffic. It also allows now accessing nested claims to identify users and companies. -
More OpenAPI metadata options: Set an
operation_id
, and describe query string paramters and tags withquery_definition
andtag_definition
-
The license file can now live in a different path passing the env var
KRAKEND_LICENSE_PATH
or setting the flag--license
. -
Virtualhosts accept now
aliased_hosts
which allows you to create alias to reuse in the endpoint definition. -
Backend logs like
[BACKEND: /foo]
have mutated now to[BACKEND: GET /endpoint/{var} -> /foo]
showing their relationship with the endpoint. - All plugins have now the KrakenD context, allowing you to perform operations during shutdown
- Request and response modifier plugins have now access to the HTTP context. Reponse modifiers have also access to the internal request, knowing low-level details like which backend was selected.
-
The JWT Validator adds a new field
auth_header_name
to read tokens from custom headers - The JWT validator can read now scopes in array format in addition to the space-separated list
-
The JWT signer returns now the
typ
- The audit command includes new validations and security recommendations, and fixes a false positive on the sequential rule.
-
New flags
max_payload
anddecompress_gzip
to limit the maximum size in bytes of requests and Gzipped content after decompression. - Fixed hostname reporting on Logstash
- Fixed a bug that prevented having multiple backends using Async Agents.
- Force HTTP1.1 over NTLM as IIS doesn’t support NTLM/Kerberos over HTTP2.
- Catchall endpoints to handle non-GET traffic.
-
Removed from schema previosuly deprecated fields
allow_insecure_connections
in the root. Must be declared underclient_tls.allow_insecure_connections
now. -
Removed from schema previously deprecated
prefetch_size
andprefetch_count
attributes from AMQP. These attributes did not have any effect in the software. -
The telemetry exporters based in
telemetry/opencensus
, although they are still available, won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead. -
The telemetry exporter
telemetry/influx
is still available, but won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.
Upgrading to the latest version is always advised.