Systems | Development | Analytics | API | Testing

December 2021

Insomnia Projects: API Collaboration and Documentation

We don’t build our own ticket tracking systems or email clients, so why do we expect every person who joins a team to build their own collection of snippets for interacting with internal systems? These systems are usually not well documented, and the only way to learn how to use them is by asking someone or reading source code. Let’s learn how to use Insomnia Projects with our new collaboration features to provide a prebuilt collection of sample requests, plus documentation about the purpose of each endpoint so that your new team members can be productive on day one.

Embracing Failure With Gremlin Chaos Engineering

In this episode of Kongcast, I spoke with Jason Yee, director of advocacy at Gremlin, about the concept of chaos engineering, why even the best engineers can’t control everything, and tools and tactics to help build app resiliency. Check out the transcript and video from our conversation below, and be sure to subscribe to get email alerts for the latest new episodes.

API Infrastructure: ESB Versus API Gateway (Part 1)

For the modern enterprise, the focus on customer obsession—an endeavor shown by research to bring better revenue growth and customer retention—requires connectivity across all of an organization’s resources. Back in the day, the Enterprise Service Bus (ESB) was the primary provider of connectivity for a service-oriented architecture (SOA).

Achieving Maximum API Platform Security With Kong

Before exposing your company’s APIs, your highest priority should be to assure the security, governance and reliability of those APIs. To do so, you’ll need to use an API gateway as a single secure entry point for API consumers rather than allowing direct access to APIs. Kong Gateway can help manage the full lifecycle of services and APIs as well as secure and govern the access to those APIs within an API platform.

Set API Bandwidth Limits With This Hackathon Award-Winning Plugin

This year, we hosted our inaugural Kong Summit Hackathon. This virtual competition engaged our open source community and offered recognition and prizes for hacks in various categories. The community delivered with ingenious plugins, hacks and documentation. This blog post highlights our Kong Gateway plugin winner, Narendra Patel. Narendra is a senior DevOps engineer at Egnyte with close to 10 years of experience as a developer, DevOps engineer, SRE and in RPA (robotics process automation).

The Next Generation of Cloud Connectivity: Apache Kafka, API Gateway and Service Mesh

Let’s boldly go where no one has gone before. Get ready, Star Trek fans! Jean-Luc Picard will be representing our microservice. Once we have Jean-Luc in our ship (microservice in production), what happens on day 2? We still need to add authorization, load balancing, rate limiting, etc. With an API gateway, like Kong Gateway, you don’t have to know how to do this because a set of program components, called plugins, allow you to implement this without any problem.

Apache Kafka, API Gateway and Service Mesh for Cloud Connectivity

In this video, @Viktor Gamov illustrates the differences between an API gateway and service mesh — and when to use one or the other pragmatically and objectively. He also discuss the similarities and differences between the communication layer provided by gateways, service mesh and Apache Kafka. Finally, you will learn a few ways to use Apache Kafka within a service mesh architecture.

Kong Gateway 2.7 Is Here and Ready!

Today, we are welcoming another noteworthy advancement of the Kong Gateway – the general availability of version 2.7! Both Kong Gateway and Kong Gateway OSS version 2.7 downloads are available on your favorite distribution channels. This release of the Kong Gateway includes a number of important features that serve as a foundation for addressing three key areas.

Kong Gateway User Meetup | December 2021 | Hackathon winner showcase - Rate limiting plugin

In this session, we welcome our Kong Summit Hackathon winner Narendra Patel, Sr. DevOps Engineer at Egnyte, to show off his Kong Gateway rate-limiting plugin, which allows you to rate-limit not just on the number of requests, but the bandwidth consumed too! Kong’s Online User Meetups are a place to learn about technologies within the Kong open source ecosystem. This interactive forum will give you the chance to ask our engineers questions and get ramped up on information relevant to your Kong journey.

Log4J, Log4Shell and Kong

If you’ve been online at all this week, chances are that you’ve heard about the Log4Shell zero-day (CVE-2021-44228) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target’s machines. I know the first question that you all have is: “Is Kong affected by Log4Shell?” Let’s start with the good news: No Kong products are affected by this Log4J vulnerability.

Building Smart O11y for Kuma With Elastic Observability

This blog was co-created by Ricardo Ferreira (Elastic) and Viktor Gamov (Kong). We love our microservices, but without a proper observability (O11y) strategy, they can quickly become cold, dark places cluttered with broken or unknown features. O11y is one of those technologies deemed created by causation: the only reason it exists is that other technologies pushed for it. There wouldn’t be need for O11y if, for example, our technologies haven’t gotten so complex across the years.

Using Elastic ML to Observe Your Kuma API Observability Metrics

Observability is catching on these days as the de-facto way to provide visibility into essential aspects of systems. It would be unwise for you not to leverage it with Kuma service mesh — the place that allows your services to communicate with the rest of the world. However, many observability solutions restrict themselves to the works: simple metric collection that provides them with dashboards. Expecting users to simply sit on their chairs and look at those metrics all day long is an invitation to failure, as we know that one can only do so much when they get tired and bored.

Building With Insomnia as a REST API Client

As more companies invest in a cloud native infrastructure, they’re choosing to prioritize their applications as microservices—architecting them into distinct servers. Each component is responsible for one (and only one) feature. For example, you might have Server A responsible for handling billing logic, Server B for handling user interaction and Server C for handling third-party user interactions.

4 Ways to Leverage Kong's jq Plugin

As part of the Kong Gateway 2.6 release, we shipped a brand new jq plugin for anyone with an enterprise license to use. It’s like we combined the request and response transformer plugins to form a single, more powerful plugin—supercharging the way we work with request and response bodies. If you’re not familiar with jq, it’s a JSON processing language that allows you to manipulate any JSON document and transform it however you need.

How We Got a 12% Increase in RPS and a 37% Drop in Latency

At Kong, we run performance testing in CI in every commit or pull request that has a potential performance impact, as well as on each release. Thanks to the performance testing framework and its integration with Github Actions, we can easily get basic metrics like RPS and latency. Also, flame graphs to pinpoint the significant part that draws down performance. With that workflow in place, we figured one of the most significant parts of Kong’s hotpath is Nginx variable accesses.

Kong and Neosec: Behavioral Analytics With Response Automation

The Neosec platform integrates with Kong Gateway Enterprise to provide automated and continuous API discovery, API risk posture alerting and API protection through behavioral analytics and response automation. And it does all that while being out of band, using the logs shipped from Kong to Neosec.

What's New (and Coming Soon) With Insomnia

For those who aren’t familiar with Insomnia, it’s Kong’s API testing, design and debugging platform. Insomnia’s product vision is to optimize API development by simplifying and automating a developer’s workflows. APIOps plays a key role in this vision, optimizing API development by simplifying and automating developers’ workflows.