Before exposing your company’s APIs, your highest priority should be to assure the security, governance and reliability of those APIs. To do so, you’ll need to use an API gateway as a single secure entry point for API consumers rather than allowing direct access to APIs. Kong Gateway can help manage the full lifecycle of services and APIs as well as secure and govern the access to those APIs within an API platform.

For the modern enterprise, the focus on customer obsession—an endeavor shown by research to bring better revenue growth and customer retention—requires connectivity across all of an organization’s resources. Back in the day, the Enterprise Service Bus (ESB) was the primary provider of connectivity for a service-oriented architecture (SOA).

This year, we hosted our inaugural Kong Summit Hackathon. This virtual competition engaged our open source community and offered recognition and prizes for hacks in various categories. The community delivered with ingenious plugins, hacks and documentation. This blog post highlights our Kong Gateway plugin winner, Narendra Patel. Narendra is a senior DevOps engineer at Egnyte with close to 10 years of experience as a developer, DevOps engineer, SRE and in RPA (robotics process automation).

Let’s boldly go where no one has gone before. Get ready, Star Trek fans! Jean-Luc Picard will be representing our microservice. Once we have Jean-Luc in our ship (microservice in production), what happens on day 2? We still need to add authorization, load balancing, rate limiting, etc. With an API gateway, like Kong Gateway, you don’t have to know how to do this because a set of program components, called plugins, allow you to implement this without any problem.

Today, we are welcoming another noteworthy advancement of the Kong Gateway – the general availability of version 2.7! Both Kong Gateway and Kong Gateway OSS version 2.7 downloads are available on your favorite distribution channels. This release of the Kong Gateway includes a number of important features that serve as a foundation for addressing three key areas.

If you’ve been online at all this week, chances are that you’ve heard about the Log4Shell zero-day (CVE-2021-44228) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target’s machines. I know the first question that you all have is: “Is Kong affected by Log4Shell?” Let’s start with the good news: No Kong products are affected by this Log4J vulnerability.

In this episode of Kongcast, I spoke with Scott Lowe, principal field engineer at Kong, about what a service mesh does and when to use it, among other common mesh-related questions. Check out the transcript and video from our conversation below, and be sure to subscribe to get email alerts for the latest new episodes.

This blog was co-created by Ricardo Ferreira (Elastic) and Viktor Gamov (Kong). We love our microservices, but without a proper observability (O11y) strategy, they can quickly become cold, dark places cluttered with broken or unknown features. O11y is one of those technologies deemed created by causation: the only reason it exists is that other technologies pushed for it. There wouldn’t be need for O11y if, for example, our technologies haven’t gotten so complex across the years.

As more companies invest in a cloud native infrastructure, they’re choosing to prioritize their applications as microservices—architecting them into distinct servers. Each component is responsible for one (and only one) feature. For example, you might have Server A responsible for handling billing logic, Server B for handling user interaction and Server C for handling third-party user interactions.

At Kong, we run performance testing in CI in every commit or pull request that has a potential performance impact, as well as on each release. Thanks to the performance testing framework and its integration with Github Actions, we can easily get basic metrics like RPS and latency. Also, flame graphs to pinpoint the significant part that draws down performance. With that workflow in place, we figured one of the most significant parts of Kong’s hotpath is Nginx variable accesses.