News KrakenD EE v2.8 released: Configurable logging, Redis-backed rate limits, Lua, YAML encoding and more

Product UpdatesSecurity

5 min read

KrakenD Enterprise v2.6 released with OpenTelemetry, FIPS-140, gRPC server and more

by Albert Lombarte

We’re rolling out KrakenD Enterprise v2.6, and it’s packed with new features and improvements that make managing your APIs smoother and more efficient. This version builds on everything you know and love about KrakenD Community 2.6, adding even more to the mix. Let’s break down what’s new without the fluff.

Observability and monitoring

OpenTelemetry integration: We’ve integrated OpenTelemetry to give you a better way to keep an eye on your APIs through tracing and metrics. This new tool will supersede OpenCensus, offering a more streamlined approach to understanding your API’s performance.

New Grafana dashboard: Thanks to OpenTelemetry, there’s also a new Grafana dashboard for Prometheus users. This means better visuals and insights into your API data, making it easier to spot trends and issues.

FIPS-140 and other security improvements

FIPS-140: A new Enterprise binary includes a cryptographic module option compliant with FIPS-140 standards, which is especially useful for industries with specific cryptographic requirements.

Max request size and Gzip decompression: We have also set new flags, max_request_size and gzip_decompress, that allows you to limit the requests’ maximum size in bytes and decompress gzipped requests before sending them to your backends.

JWT Improvements: We’ve made several enhancements to how JWTs are handled. Now, you can use custom headers for tokens and support for arrays in scopes, giving you more flexibility in managing access and security.

gRPC server

While KrakenD could already consume gRPC from your upstream services, we have added gRPC server capabilities in this release. This means that clients can communicate using gRPC with KrakenD, while KrakenD can still communicate with upstream services in any format.

The gRPC server enables gRPC to gRPC and gRPC to HTTP, Lambda, queues, etc. Your backend capabilities, including aggregation and data manipulation, remain the same

grpc-server.mmd diagram

Flexibility and usability

Improved dynamic routing: Now, you can set up routing based on the host header, adding more versatility to managing incoming requests.

License Flexibility: You can now store your license file in a different path, making it easier to manage your KrakenD deployment. The environment variable KRAKEND_LICENSE_PATH or the flag --license allow you to store the license file anywhere.

Moesif Integration: This integration has been updated to let you set security policies, defining which traffic you want to put to Moesif so you can save money on your bills. It also adds access to nested claims to more accurately identify users and companies.

Plugin and API enhancements

Extended Plugin Capabilities: With the ability to test plugins more effectively and access the HTTP context, plugins are now more powerful and easier to integrate.

More OpenAPI Metadata Options: We’ve added more ways to describe your APIs within OpenAPI, including operation_id and detailed query string parameters, helping your users better understand how to interact with your APIs.

Summing it up

KrakenD Enterprise v2.6 brings many updates aimed at making your life easier, whether through improved monitoring, enhanced security features, more deployment options, or better API and plugin management tools. We’ve skipped the marketing jargon to give you a straightforward look at what this release offers.

Upgrade to KrakenD Enterprise v2.6 and take advantage of these new features today (no configuration changes are required)

🚀 Summary of changes for EEv2.6

OpenTelemetry integration, extended plugin capabilities, updated Grafana Dashboard, and JWT fixes.

  • New binary available with cryptographic module and testing requirements as per FIPS-140
  • Dynamic routing based on host
  • Added the OpenTelemetry integration which will eventually replace the previous OpenCensus component.
  • The new command krakend test-plugin tests if one or more given .so files are loadable into KrakenD as the selected plugin type.
  • New Grafana dashboard available for Prometheus via OpenTelemetry
  • Direct OpenTelemetry authentication against SaaS providers to avoid installing collectors.
  • New gRPC server, allowing you to serve gRPC even if you don’t have gPRC backends internally.
  • The Moesif integration allows you to set a security policy using should_skip to save traffic. It also allows now accessing nested claims to identify users and companies.
  • More OpenAPI metadata options: Set an operation_id, and describe query string paramters and tags with query_definition and tag_definition
  • The license file can now live in a different path passing the env var KRAKEND_LICENSE_PATH or setting the flag --license.
  • Virtualhosts accept now aliased_hosts which allows you to create alias to reuse in the endpoint definition.
  • Backend logs like [BACKEND: /foo] have mutated now to [BACKEND: GET /endpoint/{var} -> /foo] showing their relationship with the endpoint.
  • All plugins have now the KrakenD context, allowing you to perform operations during shutdown
  • Request and response modifier plugins have now access to the HTTP context. Reponse modifiers have also access to the internal request, knowing low-level details like which backend was selected.
  • The JWT Validator adds a new field auth_header_name to read tokens from custom headers
  • The JWT validator can read now scopes in array format in addition to the space-separated list
  • The JWT signer returns now the typ
  • The audit command includes new validations and security recommendations, and fixes a false positive on the sequential rule.
  • New flags max_payload and decompress_gzip to limit the maximum size in bytes of requests and Gzipped content after decompression.
  • Fixed hostname reporting on Logstash
  • Fixed a bug that prevented having multiple backends using Async Agents.
  • Force HTTP1.1 over NTLM as IIS doesn’t support NTLM/Kerberos over HTTP2.
  • Catchall endpoints to handle non-GET traffic.
  • Removed from schema previosuly deprecated fields allow_insecure_connections in the root. Must be declared under client_tls.allow_insecure_connections now.
  • Removed from schema previously deprecated prefetch_size and prefetch_count attributes from AMQP. These attributes did not have any effect in the software.
  • The telemetry exporters based in telemetry/opencensus, although they are still available, won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.
  • The telemetry exporter telemetry/influx is still available, but won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.

Upgrading to the latest version is always advised.

Scarf

Stay up to date with KrakenD releases and important updates