KrakenD Changelog

Configurable access log, all Rate Limits supporting Redis, improvements on Postman and OpenAPI, new Lua features, and more.

• Configurable access log field by field

• All rate limits support now a stateful option persisted on Redis: service, endpoints and tiered rate limits.

• New Grafana Dashboard to monitor Redis Pool Connections

• Postman collections can now add folders, group endpoints, descriptions, and a much richer generation

• The gRPC server supports now introspection, so clients no longer need to have Protobuf files locally.

• The new Lua Advanced Helpers add JSON, CSV, YML, XML, time, base64, and hashing functions with a native implementation in Go.

• Added a YAML encoding to read backend responses, but also to return content in YAML no matter the origin

• Add a rename header function to the modifier/response-headers

• The OpenAPI generation is now richer and more customizable thanks to multiple new parameters under param_definition, header_definition, and query_definition, like adding enum, hide, or type.

• The Moesif integration adds a metadata attribute to send custom metadata with events.

• Lua - The custom_error function accepts now a third parameter to pass the content-type

• Lua - The function to set headers is able to destroy headers when passing a nil value.

• Lua - Added an error log decorator to show the line and file where an error raised

• Lua - Added the keyExists helper to check luaTable types.

• OpenTelemetry has now the ability to override configuration at endpoint and backend level

• Upgraded Go to 1.22.10 (No security isses associated to the previous version so far)

• Lua - Conversion from tables to arrays instead of maps when tables have all indexes numeric

• OpenTelemetry - Several fixes on configuration overrides and multiErrors

• The check-plugin command included an unnecessary go prefix before the version.

• OpenAPI: Endpoint parameters are marked as always mandatory

• The letgoapp/influx namespace, which was available for historical reasons, has been removed from the configuration schema. Rename it to telemetry/influx for a quick fix (which is also deprecated), or upgrade to OpenTelemetry for a long-term solution.

• The redis-ratelimit based on the plugin/http-server has transitioned to the new native Redis Service Rate Limit

Improvements on Lua scripts and added OTEL override capabilities

• Added a new type of encoding to return content in YAML no matter the origin

• OpenTelemetry has now the ability to override configuration at endpoint and backend level

• Lua - Added an error log decorator to show the line and file where an error raised

• Lua - Added method keyExists helper to check luaTable types.

• Lua - The custom_errorfunction accepts now a third parameter to pass the content-type

• Upgraded Go to 1.22.10 (No security isses associated to the previous version)

• Lua - Conversion from tables to arrays instead of maps when tables have all indexes numeric

• OpenTelemetry - Several fixes on configuration overrides and multiErrors

• The letgoapp/influx namespace, which was available for historical reasons, has been removed from the configuration schema. Rename it to telemetry/influx for a quick fix (which is also deprecated), or upgrade to OpenTelemetry for a long-term solution.

Commit changelog

Worfklows, Tier Rate Limits, Direct WebSockets, Service-level header response modifiers and more.

• New component to create Workflows and nest infinite virtual endpoints.

• New type of rate-limit based on tiers.

• New service-level header response modifier to delete, add, or replace headers declaratively (including the X-KrakenD family).

• Direct WebSockets communication added, in addition to the existing Multiplexing option.

• OpenAPI import can include x-krakend- metadata to configure gateway behavior on the OpenAPI spec.

• The gRPC server supports now token-based authorization

• Added a new rate limiter based on parameters

• Memory optimization of the rate-limit that greatly reduces the consumption of RAM, and new micro-optimization options added (cleanup_period, cleanup_threads, num_shards).

• The JWT signer can now set a new leeway attribute for scenarios with desynchronized clocks.

• A new flag dns_cache_ttl allows you to set a custom DNS cache TTL for Service Discovery

• Added support to multiple TLS certificates.

• Added new properties for CORS handling options_passthrough, options_success_status, and allow_private_network

• New properties added to the HTTP Security component allowed_hosts_are_regex , ssl_proxy_headers, force_sts_header

• Customizable size of maximum header via the property max_header_bytes. Previously fixed to 1MB.

• New fields jwt_key and param_definition added to OpenAPI

• Added new rules to the audit command.

• OpenTelemetry - Added static labels to global and proxy layers (thanks to @ssepml)

• Corrected a memory leak on some grpc connections

• Corrected redirects with trailing slash when using VirtualHosts

• The request_definition of OpenAPI was an object previously {}, but now is an array of objects [{}] because multiple requests are possible. Wrap the object in an array.

• The properties public_key and private_key of the tls configuration have been moved under an array keys to facilitate multiple certificates and domains. Read more

Improved memory consumption of endpoint rate limit and added new security options to TLS, CORS, and HTTPSecurity.

• Added a new rate limiter based on parameters

• Memory optimization of the rate-limit that greatly reduces the consumption of RAM, and new micro-optimization options added (cleanup_period, cleanup_threads, num_shards).

• The JWT signer can now set a new leeway attribute for scenarios with desynchronized clocks.

• A new flag dns_cache_ttl allows you to set a custom DNS cache TTL for Service Discovery

• Added support to multiple TLS certificates.

• Added new properties for CORS handling options_passthrough, options_success_status, and allow_private_network

• New properties added to the HTTP Security component allowed_hosts_are_regex , ssl_proxy_headers, force_sts_header

• Added new rules to the audit command.

• Customizable size of maximum header via the property max_header_bytes. Previously fixed to 1MB.

• OpenTelemetry - Added static labels to global and proxy layers (thanks to @ssepml)

• The properties public_key and private_key of the tls configuration have been moved under an array keys to facilitate multiple certificates and domains. Read more

Commit changelog

OpenTelemetry integration, extended plugin capabilities, updated Grafana Dashboard, and JWT fixes.

• New binary available with cryptographic module and testing requirements as per FIPS-140

• Dynamic routing based on host

• Added the OpenTelemetry integration which will eventually replace the previous OpenCensus component.

• The new command krakend test-plugin tests if one or more given .so files are loadable into KrakenD as the selected plugin type.

• New Grafana dashboard available for Prometheus via OpenTelemetry

• Direct OpenTelemetry authentication against SaaS providers to avoid installing collectors.

• New gRPC server, allowing you to serve gRPC even if you don’t have gPRC backends internally.

• The Moesif integration allows you to set a security policy using should_skip to save traffic. It also allows now accessing nested claims to identify users and companies.

• More OpenAPI metadata options: Set an operation_id, and describe query string paramters and tags with query_definition and tag_definition

• The license file can now live in a different path passing the env var KRAKEND_LICENSE_PATH or setting the flag --license.

• Virtualhosts accept now aliased_hosts which allows you to create alias to reuse in the endpoint definition.

• Backend logs like [BACKEND: /foo] have mutated now to [BACKEND: GET /endpoint/{var} -> /foo] showing their relationship with the endpoint.

• All plugins have now the KrakenD context, allowing you to perform operations during shutdown

• Request and response modifier plugins have now access to the HTTP context. Reponse modifiers have also access to the internal request, knowing low-level details like which backend was selected.

• The JWT Validator adds a new field auth_header_name to read tokens from custom headers

• The JWT validator can read now scopes in array format in addition to the space-separated list

• The JWT signer returns now the typ

• The audit command includes new validations and security recommendations, and fixes a false positive on the sequential rule.

• New flags max_payload and decompress_gzip to limit the maximum size in bytes of requests and Gzipped content after decompression.

• Fixed hostname reporting on Logstash

• Fixed a bug that prevented having multiple backends using Async Agents.

• Force HTTP1.1 over NTLM as IIS doesn’t support NTLM/Kerberos over HTTP2.

• Catchall endpoints to handle non-GET traffic.

• Removed from schema previosuly deprecated fields allow_insecure_connections in the root. Must be declared under client_tls.allow_insecure_connections now.

• Removed from schema previously deprecated prefetch_size and prefetch_count attributes from AMQP. These attributes did not have any effect in the software.

• The telemetry exporters based in telemetry/opencensus, although they are still available, won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.

• The telemetry exporter telemetry/influx is still available, but won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.

OpenTelemetry integration, extended plugin capabilities, updated Grafana Dashboard, and JWT fixes.

• Added the OpenTelemetry integration which will eventually replace the previous OpenCensus component.

• The new command krakend test-plugin tests if one or more given .so files are loadable into KrakenD as the selected plugin type.

• New Grafana dashboard available for Prometheus via OpenTelemetry

• Backend logs like [BACKEND: /foo] have mutated now to [BACKEND: GET /endpoint/{var} -> /foo] showing their relationship with the endpoint.

• All plugins have now the KrakenD context, allowing you to perform operations during shutdown

• Request and response modifier plugins have now access to the HTTP context. Reponse modifiers have also access to the internal request, knowing low-level details like which backend was selected.

• The JWT Validator adds a new field auth_header_name to read tokens from custom headers (thanks to @rodion-goritskov)

• The JWT validator can read now scopes in array format in addition to the space-separated list (thanks to @pirm-in)

• The JWT signer returns now the typ (thanks to @AlyHKafoury)

• The audit command includes new validations and security recommendations, and fixes a false positive on the sequential rule.

• Fixed hostname reporting on Logstash (thanks to @lxdraw)

• Fixed a bug that prevented having multiple backends using Async Agents

• Removed from schema previosuly deprecated fields allow_insecure_connections in the root. Must be declared under client_tls.allow_insecure_connections now.

• Removed from schema previously deprecated prefetch_size and prefetch_count attributes from AMQP. These attributes did not have any effect in the software.

• The telemetry exporters based in telemetry/opencensus, although they are still available, won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.

• The telemetry exporter telemetry/influx is still available, but won’t receive further updates and will be deprecated in the future. All efforts are focused on OpenTelemetry instead.

Commit changelog

The v2.5 introduces API Monetization, allows multiple POSTS in and out sequential calls, adds a license command and listening to a specific IP, and improves Flexible Configuration, E2E tests, OpenAPI, and more.

• Added the API Monetization feature (integration in partnership with Moesif)

• Endpoints with multiple POSTs are now possible. The restriction to work with multiple unsafe methods is now removed.

• The response body generator also has access to the request body using .req_body

• New command license to check licenses in pipelines automatically

• The End-to-End testing allows multiple calls in a single test case using next.

• The Extended Flexible Configuration can work automatically now without any environment variables when you have a flexible_config.json file, accepts multiple partial dirs, adds a .meta variable in templates, and improves error logging and debugging

• The OpenAPI generation allows you to define the request body using request_definition and also to declare component/schemas you can reuse in endpoints with the $ref attribute.

• Added Mutual TLS from the gateway to your upstream services, both globally (all connections) or individually per backend

• API keys declaration accepts now the hashing functions fnv128, sha256, and sha1.

• The body request generator is now available at the endpoint level in addition to the backend. It also parses the query and path at a later stage to have the most up-to-date values.

• The new field listen_ip can now restrict the service to listen to a specific IP.

• Added new attribute static_routing_key on AMQP consumers (thanks to Georgios Chronis).

• Added a second level of input_query_strings in the backend section.

• The propagate_claims attribute for JWT claims now sets to blank those headers with missing values and does not allow the user to override via custom headers.

• The gRPC can now use headers to construct the payload

• The WebSockets load balancer now takes a random host when a previously established connection fails.

• The Flexible Configuration and the --lint flag of check can work now in a single step

• Your custom plugins (server and client) will now receive the Service Go Context, so you can cancel services started by the plugin when the gateway shuts down.

• Identity servers returning Content-Type: application/jwk-set+json in their jwk_url are now accepted.

• When defining a custom router section, the default settings for remote_ip_headers were reset.

• The rate limit eviction was resetting on very large time settings

• Fixed race conditions on global JWK URL keys cache

• Requests with method OPTIONS (CORS module) with HTTP/2 without HTTP/1.1 Upgrade returned 405 status code instead of 204 when use_h2c flag was enabled (thanks to @anivanovic)

• WebSocket race condition on concurrent writing

• The flag router.use_h2c has moved to the root level as use_h2c, and its usage inside the router is marked as deprecated.

The v2.5 binary allows multiple POSTS in and out sequential calls, restricts service listening to a specific IP, and improves JWT and AMQP.

• Endpoints with multiple POSTs are now possible. The restriction to work with multiple unsafe methods is now removed.

• Added new attribute static_routing_key on AMQP consumers (thanks to Georgios Chronis).

• The new field listen_ip can now restrict the service to listen to a specific IP.

• You can now configure mTLS options globally to connect to your backends

• Added a second level input_query_strings in the backend section.

• The Flexible Configuration and the --lint flag of check can work now in a single step

• Your custom plugins (server and client) will now receive the Service Go Context, so you can cancel services started by the plugin when the gateway shuts down.

• Identity servers returning Content-Type: application/jwk-set+json in their jwk_url are now accepted

• When definining a custom router section the default settings for remote_ip_headers were reset.

• The rate limit eviction was resetting on very large time settings

• Fixed race conditions on global JWK URL keys cache

• Requests with method OPTIONS (CORS module) with HTTP/2 without HTTP/1.1 Upgrade returned 405 status code instead of 204 when use_h2c flag was enabled (thanks to @anivanovic)

• The propagate_claims attribute for JWT claims sets now to blank those headers with missing values, and does not allow the user to override via custom headers.

• The flag router.use_h2c has moved to the root level as use_h2c, and its usage inside the router is marked as deprecated.

Commit changelog

The v2.4 introduces powerful features such as the Catch All (or No-route, or Fallback), the Advanced Flexible Configuration, response manipulation using templates, improves gRPC, or the conversion of some plugins to native functionality. It also includes all features and fixes of Community 2.4.3. Check out the rest of features.

• The new Catchall endpoint defines a fallback backend for any non-matching route and method

• The new Advanced Flexible Configuration adds the $ref keyword, recursivity, behavior file and much more

• Response body transformation using templates with the modifier/response-body-generator

• A rewritten rate limit introduces the every component, allowing to set limits per second, minute, or hour.

• Add a second level of input_headers filtering in the backend section.

• The DNS SRV can now use protocols other than http through the flag sd_scheme.

• Added header_mapping to pass headers of gRPC backends as metadata.

• The JWK aggregator now fetches all keys in parallel and adds the cache attribute to reduce network traffic.

• The Static Filesystem is now available natively, and the plugin is no longer needed. There is also a new flag directory_listing.

• Virtualhosts are now available natively and the plugin is no longer needed.

• Log the name of endpoints that cannot register correctly during startup

• The krakend check --lint command fetches the schema for its version.

• The post execution on Lua fixes the error handling.

• The static filesystem plugin has been deprecated. Upgrade to the native functionality.

• The virtual host plugin has been deprecated. Upgrade to the native functionality.

• The Instana integration was deprecated in previous versions and has been removed.

• The Google Analytics integration was deprecated in previous versions and has been removed.

• When the license is missing or expired, the Enterprise binary will not try to run in open source mode as there might be security implications, such as not understanding security policies.

• The flag tls.allow_insecure_connections has been relocated under client_tls.allow_insecure_connections in v2.3, and the old location is no longer supported.

• The flag prefer_server_cipher_suites is no longer supported. Servers now select the best mutually supported cipher suite automatically based on the logic that considers inferred client hardware, server hardware, and security.

The v2.4 improves the rate limit usage experience to support non-second time intervals, and offers more granularity option to improve security.

• A rewritten rate limit introduces the every component, allowing to set limits per second, minute, or hour.

• Add a second level of input_headers filtering in the backend section.

• The DNS SRV can now use other protocols than http through flag sd_scheme.

• Log the name of endpoints that cannot register correctly during startup

• The krakend check --lint command fetches the schema for its version.

• The post execution on Lua fixes the error handling.

• The flag allow_insecure_connections was relocated under client_tls in v2.3 and the old location on tls is no longer supported.

• The flag prefer_server_cipher_suites is no longer supported. Servers now select the best mutually supported cipher suite automatically based on the logic that considers inferred client hardware, server hardware, and security.

Commit changelog

The v2.3 includes awaited new features requested by customers, such as gRPC backends without plugins, easier wildcards (simply writing a star *), and the End-to-End testing with JSON Schema contracts. It also includes all features and fixes of Community 2.3.2. Checkout the rest of features.

• Easier wildcards using the /path/to/* syntax. Plugins are no longer needed!

• Automatic gRPC backends based on proto files. No plugins are needed anymore.

• End-to-end testing supports now JSON Schema definitions

• Added Multiple merge of OpenAPI contracts. Import many contracts in one operation.

• Added NTLM authentication for Microsoft Dynamics and similar integrations

• The security policies add now bitwise operations to facilitate mask calculation.

• The new OpenAPI serve command to start a KrakenD server with the OpenAPI file and no import.

• The New Relic integration now accepts an additional list of headers to report

• Added service-to-service authentication flow on Google Cloud

• Support for legacy API keys that pass keys without a Bearer or Basic indication.

• Override of API keys strategy and identifier per endpoint.

• Retries for AMQP consumers and producers with configurable back-off strategies

• Global caching of JWK URLs, reused between endpoints.

• KrakenD Designer can now apply changes on a local KrakenD directly from the web.

• New /__echo/ endpoint, to dump requests from users and test functionality.

• Added use_h2c (clear text HTTP/2), in addition to the already supported HTTP/2 over TLS

• Add new TLS settings for the internal HTTP client (client_tls)

• Add per backend HTTP client settings, including no redirect, TLS, and web proxy

• The body generator, and the soap integration support now Sprig functions.

• The underlying Go version has been upgraded to 1.20.4, which includes security fixes to crypto packages.

• The audit rules add more security recommendations.

• WebSockets with forced Gzip could panic

• JMESpath support for json.Number instead of integer

• HTTP logger plugin panic

• The router configuration was overwriting defaults for unexisting attributes

• The prefetch_size flag on AMQP was never implemented, and it has been removed from the configuration

• The prefetch_count has been removed from AMQP producers as it only makes sense in a consumer scenario

• The krakend generate openapi command has been renamed to krakend openapi export; please replace its usages.

• The krakend generate from openapi command has been renamed to krakend openapi import; please replace its usages.

• The HTTP proxy plugin is deprecated as the functionality is natively supported as an HTTP Client option.

• The no-redirect plugin is deprecated as the functionality is natively supported as an HTTP Client option.

• The allow_insecure_connections property at the service level now moves under client_tls > allow_insecure_connections.

• The Instana integration is deprecated and will be removed in future releases.

• The Google Analytics integration is deprecated and will be removed in future releases.

The v2.3 adds more connectivity options with backends and caching and adds the possibility to load changes into a local KrakenD using the Designer (UI) directly.

• AMQP consumers and producers offer now retries with several backoff strategies.

• Downloading of JWK URLs now uses global caching (reused between endpoints)

• KrakenD Designer can now apply changes on a local KrakenD directly from the web.

• New /__echo/ endpoint, to dump requests from users and test functionality.

• Added h2c protocol (clear text HTTP/2), in addition to the already supported HTTP/2 over TLS

• Add new TLS settings for the internal HTTP client (client_tls). The flag allow_insecure_connections moves inside it.

• The underlying Go version has been upgraded to 1.20.3, which includes security fixes to crypto packages.

• The audit rules add more security recommendations.

• The router configuration was overwriting defaults for unexisting attributes

• The prefetch_size on AMQP flag was never implemented, and it has been removed from the configuration

• The prefetch_count has been removed from AMQP producers as it only makes sense in a consumer scenario

• The flag tls.allow_insecure_connections is now marked as deprecated because it has moved to client_tls.allow_insecure_connections. The support under tls will be removed in the next version.

Commit changelog

The v2.2. introduces a new security policies engine, routing based on headers, OpenAPI 3, SOAP integration with custom body generation, everything on Community 2.2.1, and more.

• New Dynamic Routing based on headers and query strings.

• New Security Policies engine.

• New krakend audit command.

• JMESpath Query Language at the endpoint level

• New SOAP integration with data injection

• New Body manipulation and generation

• New HTTP proxy plugin

• Support for OpenAPI 3

• UDP on Jaeger exporter.

• The Bot Detector adds the flag empty_user_agent_is_bot to define empty user agent treatment.

• Output adds gzip compression

• Flexible Configuration upgraded

• Improvements on the JWT validator

• Upgraded Basic Authentication

• When you were loading multiple plugins, and one of them failed, the gateway did not load the rest. Now the sequence will continue excluding the failing one.

• Older Docker images raised false positives when performing security scans due to an unused but included library (Thrift server). This library is no longer in the code.

It introduces a new security audit command (krakend audit) that parses and analyzes your configurations and outputs security recommendations. We have designed it to run as a standalone command or integrated it into your existing CI/CD pipeline to avoid dangerous configurations, such as unwillingly disabling the TLS, setting excessive timeouts, unprotected endpoints, or similar scenarios.

• When you were loading multiple plugins, and one of them failed, the gateway did not load the rest. Now the sequence will continue excluding the failing one.

• Older Docker images raised false positives when performing security scans due to an unused but included library (Thrift server). This library is no longer in the code.

• The krakend audit command.

• The Flexible Configuration component upgrades Sprig from v2 to v3. This has changes in the way ^ is handled. Some of the new functions available are fromJson, addf, maxf, mulf, osBase, osDir, osExt, osClean, or osIsAbs. It also documents how to use yaml or toml to write configurations using FC.

• The Jaeger exporter now supports the UDP protocol to post traces to a Jaeger-agent.

• The Bot Detector adds the flag empty_user_agent_is_bot to define empty user agent treatment.

• JWT: Extraction of JSON from paths in JWT claims has been improved

• JWT is now more restrictive, and fallbacks to returning 401 error codes with incorrect configurations.

• The JWK URL requests to your identity server include now a KrakenD-specific user agent.

Commit changelog

KrakenD Enterprise v2.1 brings a lot of new functionality, including advanced manipulation with a JSON Query language, a Revoke Server to manage tokens in clusters, new Kibana and Grafana dashboards, faster encoding, a rewritten and richer NewRelic exporter, Websockets balancing, everything on Community 2.1.2, and much more.

• The private Amazon or Azure container registries are now publicly hosted under the repository krakend/krakend-ee on Docker Hub

• New JMESpath Query Language

• New JWT Revoke Server that pushes revoke instructions to all members in the cluster and maintains consistency between all the nodes, existing or new.

• The new Service Rate Limit controls the usage of a specific user or all users against all endpoints in the API.

• The new Response Schema Validator ensures that the backend responses contain at least the structure of your choice, defining the rules with a JSON schema.

• The new Content Replace is a manipulation plugin that allows you to apply regular expressions to the response.

• The new fast-json encoding is 140% faster on collections and 30% faster on objects on average tests, compared to the open source edition json decoder.

• WebSocket servers load balancing

• New repository Telemetry Dashboards, including Kibana, Grafana, Logstash, and Influx v2

• The NewRelic exporter has been rewritten from scratch, including now distributed traces and richer content.

• When you use OpenAPI in combination with JSON Schema, write methods add the validation requirements in the documentation.

• Multiple OpenAPI exports based on the audience field.

• Add a response example to OpenAPI exports

• Added a skip option for the static server to ignore matching sub-paths and route them to KrakenD endpoints

• Added a no_redirect option to wildcards to let clients follow redirections (e.g: user logins)

• Added identifier to the API Key authentication to allow custom headers and custom query strings.

• Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.

• Added allow_insecure_connections flag to ease development stages that use self-signed certificates.

• Customizable response body for 404 and 405 errors

• Added context propagation between Handler plugins and KrakenD Client plugins

• Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.

• More logging consistency (Bot detector, Bloom filter, Gologging)

• Better control of errors when GELF is failing

• Influx client not initialized during startup randomly (namespace collision being the cause)

• The check-plugin command could panic when analyzing malformed files.

• Easier logging to disk or remote server logging via the configurable syslog facility

• The --accept-eula (or -e) flag is no longer necessary to start KrakenD and should be removed

• The telemetry/opencensus component for NewRelic will stop working in future versions. Use telemetry/newrelic instead.

KrakenD 2.1 brings a new ready-to-use Kibana dashboard, an updated Grafana Dashboard for InfluxDB v2 and more features and bugfixes

• New repository Telemetry Dashboards, including Kibana, Grafana, Logstash, and Influx v2

• Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.

• Added allow_insecure_connections flag to ease development stages that use self-signed certificates.

• Customizable response body for 404 and 405 errors

• Added context propagation between Handler plugins and KrakenD Client plugins

• Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.

• Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.

• Easier logging to disk or remote server logging via the configurable syslog facility

• More logging consistency (Bot detector, Bloom filter, Gologging)

• Better control of errors when GELF is failing

• Influx client not initialized during startup randomly (namespace collision being the cause)

• The check-plugin command could panic when analyzing malformed files.

Commit changelog

KrakenD Enterprise 2.0 is a major rework and needs migration. API Analytics, IP Filtering, GraphQL, OpenAPI importers and exporters, integration tests, specific request/modifier plugins, Async Agents, backend response logging (dumper) and improves the existing WebSockets, API Keys, configuration syntax, New Relic reporting, logging, and router to put a few examples. It also includes everything on Community 2.0.4.

• The new Google Analytics integration allows you to generate API Analytics from your API activity

• The new IP filtering plugin allows you to restrict the traffic to your API gateway by CIDR

• REST to GraphQL conversion, or direct consumption of GraphQL through the gateway

• Generate a KrakenD configuration from an OpenAPI spec file

• A new command krakend e2e allows you to execute integration tests

• Backend response logging

• New plugin types (request/response)

• Plenty of new configurable router flags

• The krakend check adds verbosity level

• A new command krakend check-plugin for quicker development of custom plugins

• Shortened configuration namespaces.

• NewRelic reporting

• Async agents

• Better logging, with more context

• Alpine-based Docker image

KrakenD 2.0 is the new major version of KrakenD bringing a lot of improvements to the API Gateway. GraphQL, specific request/modifier plugins, async agents, easier configuration, better logging, and a more flexible router to put a few examples.

• REST to GraphQL conversion, or direct consumption of GraphQL through the gateway

• Backend response logging

• New plugin types (request/response)

• Plenty of new configurable router flags

• The krakend check adds verbosity level

• A new command krakend check-plugin for quicker development of custom plugins

• Shortened configuration namespaces.

• Async agents

• Better logging, with more context

• Alpine-based Docker image

• To upgrade the configuration from v0.x or v1.x see the legacy migration tool

KrakenD 1.4 is the last version of the 1.x family and primarily replaces the KrakenD Framework with the Lura Project and includes minor bug fixing and an extended flexible configuration. The next release with the new functionality will be 2.0.

• All dependencies for the framework moved to Lura

• The json-collection output encoding allows returning collections directly

• Added Sprig functions to Flexible Configuration

• Allow the propagation of nested claims using dot notation (JWT)

• Add the del method to Lua

Commit changelog

First commercial version of KrakenD Enterprise. Includes everything in the Community v1.3 and adds generator commands for OpenAPI, Postman, and rendering PNG files with the configuration. It also adds support for wildcard routes.

• New generate postman command

• New generate openapi command

• New generate config2dot command

• Support for wildcard routes

• Multiple identity providers

• Integration of secret providers

KrakenD 1.3.0 makes focus on completing the RBAC system regarding JWT.

• Scopes validation (thanks to @chrisdennig)

• Extract and forward claims as headers (thanks to @chrisdennig)

• Support for Oracle Identity Cloud Service by allowing key identifers other than kid such as x5t or kid_x5t (contribution from Oracle)

• Allow loading of local JWK files

• Integration with secret providers such as, Amazon KMS, Azure’s Key Vault, Google Cloud KMS, Hashicorp’s Vault, Encrypted or plain base64 file

• Expose router request host to Lua virtual machine (thanks to Marc Ruiz from Stayforlong)

• Add X-Forwarded-Host header (thanks to Marc Ruiz from Stayforlong)

• Allow the extraction of client IP from custom headers

• Add debugging information to CORS component

• The Etcd component is no longer loaded in KrakenD-CE (but the repository is available for custom integrations)

• The WASM-based emulator in KrakenDesigner has been removed.

Commit changelog

KrakenD 1.2.0 adds a health endpoint, array manipulation, safejson encoding, Datadog integration, JWT claims as url parameters, and many other features and bugfixes.

• Added a /__health endpoint

• Removed the wording whitelist and blacklist from all our products (#BlackLivesMatter)

• Datadog integration

• Array manipulation available after merging multiple backends

• All KRAKEND_-like environment vars to override configuration

• A lot of small features and bugfixes

• Flatmap (array manipulation) now also at endpoint level

• Removed wording with racist connotations whitelist and blacklist. Now using allow and deny instead.

• Upgrade go to 1.15.

• support for the append operation added

• Added a new supported encoding safejson

• support for nested targets added

• Client plugin example fixed

• Do not copy nil readers on no-op

• Nested sequential params

• Clone also the request body in the CloneRequest method

• The /__debug/ endpoint accepts now any method

• Use the weight of the SRV record to generate the list of hosts when resolving a service name

• Decompress gzipped responses before parsing them

• Added a /__health endpoint

• Ability to use collections in sequential proxy as input (collection filters)

• Support using JWT claims as backend url params

• Mutual TLS between KrakenD and clients added

• Check that headers aren’t nil on Lua scripts

• Pub/sub module ignores empty hosts

• Lua scripts can now send custom errors

• The RunServer can be injected into the executor builder

• Integration test for CORS with auto-redirects added

• CORS mw for gin removed and added as a RunServer wrapper so it’s always executed

• Support for namespaced custom claims added

• Added more integration tests

• Bad request status code added on JSON Schema validation

• Configuration can be overriden with KRAKEND_-like environment vars

• Integration with Datadog

• Add ca-certificates as dependency on debian

• Allow “sequential proxy” to work with a POST, PUT and DELETE if there are only GET methods before (thanks to Alphyron)

• Updated CEL engine with more features

• Added a label name to circuit breakers to identify activity from different circuits in the logs and traces.

• XML encoder supports now ISO-8859-1 encoding (in addition to UTF8)

Commit changelog

KrakenD 1.1.0 adds Kafka integration, an extended Docker image, telemetry for Azure Monitor and performance improvements.

• Corrected a bug in the httpsecure module.

• Lambda context as base64 json-encoded context

• Lua request and response helpers

• Upgraded to Go 1.14

• Optimization of the rate-limit module

• Optimization of the load-balancer

• Added Opencensus exporter to send metrics to Azure

• Added Apache Kafka integration

• FIFO HTTP handler plugin loader (adding more than one HTTP handler plugin to the gateway)

• Add metrics for Go and process to Prometheus exporter (Thanks to Lucas Bremgartner)

• Docker image supporting plugins (Thanks to Alexandr Hacicheant)

Commit changelog

In November 2016, we released KrakenD framework to the public. After three years serving traffic around the world, and a lot of lessons learned on the way, KrakenD 1.0 is out 🎉🎉🎉

• dedicated plugin loader function added

• return all headers from proxy response

• botdetector module added

• pass the gelf writer to the gin logger

• lua module

• support for handler plugins added

• support for http request executor plugins added

• krakend-lambda module added

• pubsub module added

• forward the user-agent header

• opencensus upgraded to 0.21.0

• send the XML response without a final line break

• alpine version upgraded

• integration tests extended

• xml render improved

• upgrade to 1.13.1

• moving from dep to go mod

Commit changelog

Integration with AMQP, traffic shadowing, and flatmaps!

• AMQP client (producer and consumer)

• Shadow proxy factory added to the proxy factory stack

• CEL: upgraded to 0.2.0

• Flexibleconfig: accept partial templates

• martian: status package included

• ratelimit: cleanup unused limiters after some TTL

• cobra: krakend check exits with a non zero status code when the configuration fails

• usage: timeout added to every request

• Flexibleconfig: fix ‘invalid cross-device link’

Commit changelog

New validation module (CEL), wildcard option to forward all query strings and headers to the backend.

• Updated to Go 1.12

• Logging GELF formatter,

• Logstash logger integration

• Added logging to the circuit breaker to warn every time the circuit is opened/closed

• Metrics log removed

• Forbidden and unauthorized responses

• New CEL module (JWT, request and response)

• Client headers are now case insensitive

• Added a wildcard option to forward all query strings and headers to the backend

• Possibility to include error details into the response

• Etcd client updated to 3.3

• Influx client updated

• Reuse OAuth2 client sessions

• JWK client supports local CA

• Chained token rejecters

Commit changelog

Integration with Graylog Clusters, schema validation and metrics exporter to Stack Driver.

• Support for sending structured events in GELF format (Graylog Cluster)

• Added a json schema validator to valid endpoint inputs before reaching the backends

• Added the sequential proxy merger (Use input from a previous backend response)

• Added StackDriver as a new backend for metrics and traces

• Added a usage stats report (can be disabled passing env var USAGE_DISABLE=1 when starting)

Commit changelog

Adds the JOSE component that validates and signs JWT tokens, and a bloomfilter to facilitated decentralized revoke.

• Added JOSE component. Validation and signing of JWT tokens

• Added the Bloomfilter component to facilitate decentralized revoke of tokens at a massive rate.

• Added the Cross-origin resource sharing (CORS) component

• Golang updated to 1.10.3

• Updated Opencensus component, adding an exporter to AWS XRay

Commit changelog

This release focuses heavily on metrics and its export options to different backend systems such as Zipkin, InfluxDB, Prometheus or Jaeger. It also adds the NoOp logger and exposes all the advanced settings of the http client and server, giving all the power to the user.

• Updated golang version to 1.10.2.

• Fully configurable custom metrics module. Also with influxdb exporter

• Support for flexible configuration in the krakend.json

• Opencensus integration (with 5 exporters: Zipkin, Prometheus, Jaeger, InfluxDB, Logger)

• Added more output decoders in addition to JSON

• Enabled advanced HTTP Client settings

• Custom combiners for merging the backend responses.

• Added static responses behavior to several strategies

Commit changelog

Open sourcing all the 1st-year enterprise components!

• KrakenD 0.4 core with the gin router

• Circuit breaker

• Rate limit

• Oauth2 client

• Service, router, proxy and backend metrics

• Security router

• Google’s Martian library integration (Injections via DSL)

• JSON, RSS and XML encoding

• Logging

• Service discovery integrations: etcd, DNS SRV

• Cobra prowered CLI

Add service discovery through etcd

• Added etcd service discovery

• Improved support for custom transport layers for the backend communication

• More data collected from the backend responses

• Support for Go 1.9

• Gin router update

Add service discovery through DNS SRV and decoding of RSS responses.

• DNS SRV Service Discovery

• Accept collections in the backend responses (as opposed to objects)

• RSS decoder added

First version of the functional gateway.

• Process endpoints with Gin router

• Fully functional gateway with aggregation of multiple backends

Initial commit of KrakenD Framework open-source libraries. No ready-to-use gateway yet.