Microservices: kong gateway 2.1 extended support of the grpc protocol

Microservices: Kong Gateway 2.1 Advanced Support of the GRPC protocol

The company kong has version 2.1 of the same name microscopic gateway. The most comprehensive API gateway includes two new plug-ins for GRPC services and updates its storage structures for routers and now serves in an asynchronous mode to better offset the load distribution. There are also news in the publication cycles: the community and enterprise version are recently coordinated, both expenses should always appear at the same time.

From this release the reconfiguration of the load balancer is always asynchronous. Configuration representation at the upstream and target states should therefore "no perceptible latency peaks" cause more, it is called in the release notes. For routers and load balancer, the new version brings a standardization of the configurations through the asynchronous mode. The manual choice between a strict (synchronous) and a consistent (asynchronous) mode when configuring is attributed to it, according to the provider in favor of a more stable overall performance.

Two new plug-ins for GRPC

Fresh added are also two new plug-ins who support the GRPC communication. GRPC-web should enable access to GPRC services via GRPC web protocol. The plug-in is apparently aligned with javascript applications running in the browser and integrating a GRPC library. The second plug-in is to disclose GRPC services via an HTTP residual interface: GRPC gateway surveys requests into a JSON format and allows access to upstream GRPC services via a simple HTTP request.

Certificates in the public-key infrastructure of the gateway

Since version 2.0 supports kong a hybrid mode that separates the control from the data layer (control plane and data plan). Version 2.1 offers further innovations for hybrid use, for example by allowing authentication over MTLS (mutual TLS authentication) in the public-key infrastructure (PKI). A PKI refers to a system that ies digital certificates, distributes and suggests. The certificates ied within the PKI of the kong gateway can use the system for hedging the computerized communication, more recently, with MTLS. Certificates created in hybrid mode can now be checked for restrictions and validity.

The declarative configuration format also worked the kong developers: the import of credentials should now be possible with or without hash passwords, which could provide users of DB-less mode a relief.

An identifier for all authenticating plug-ins

A series of plug-ins for kong gateway 2.1 contains new features: for example, the monitoring tool prometheus is now supported health checks from the upstream, oauth2 can generate in the new release refresh token and AWS lambda custom endpoints in test environments. Another plug-in (LDAP) offers virtual credentials with which users can restrict traffic rates, and rate limiting allows (like his name suggests) the restraints of traffic rates through automatic postgresql cleanup and custom header. Overall, the various plug-ins are designed to output authentication, now output a consistent header (X-credential identifier), whereby client services can invest the identifier used independently of the respective authentication method.

Distribution of the workload on postgresql replicas

Users who use kong with postgrsql, recently read-only database conflicts (read-only). Kong can then reading out the write-filled replicas exports, instead of going the way over the main reading and write connection. As a result, the data banklast of the kong cluster distributes to write-insulated replicas, which should improve the performance according to the provider.

More information can be found in the release notes of KONG. The two new plug-ins can be found on github, where GRPC-web and grpc gateway are represented with their own project pages.