Kong v1.0.0 Release Notes
-
๐ > Released on: 2018/12/18
This is a major release, introducing new features such as Service Mesh and Stream Routing support, as well as a New Migrations framework. It also ๐ includes version 1.0.0 of the Plugin Development Kit. It contains a large ๐ number of other features and fixes, listed below. Also, all plugins included โก๏ธ with Kong 1.0 are updated to use version 1.0 of the PDK.
โฌ๏ธ As usual, major version upgrades require database migrations and changes to the ๐ง Nginx configuration file (if you customized the default template). Please take โฌ๏ธ a few minutes to read the 1.0 Upgrade โฌ๏ธ Path for more details โฌ๏ธ regarding breaking changes and migrations before planning to upgrade your Kong cluster.
๐ Being a major version, all entities and concepts that were marked as deprecated ๐ in Kong 0.x are now removed in Kong 1.0. The deprecated features are retained in Kong 0.15, the final entry in the Kong 0.x series, which is being ๐ released simultaneously to Kong 1.0.
๐ Changes
Kong 1.0 includes all breaking changes from 0.15, as well as the removal ๐ of deprecated concepts.
Dependencies
- The required OpenResty version is still 1.13.6.2, but for a full feature set including stream routing and Service Mesh abilities with mutual TLS, Kong's openresty-patches must be applied (those patches are already bundled with our official distribution packages). Kong in HTTP(S) Gateway scenarios does not require these patches.
- Service Mesh abilities require at least OpenSSL version 1.1.1. In our official distribution packages, OpenSSL has been bumped to 1.1.1. #4005
๐ง Configuration
- ๐ :warning: The
custom_plugins
directive is removed (deprecated since 0.14.0, July 2018). Useplugins
instead. - ๐ง Modifications must be applied to the Nginx configuration. You are not affected by this change if you do not use a custom Nginx template. See the 1.0 Upgrade Path for a diff of changes to apply.
- The default value for
cassandra_lb_policy
changed fromRoundRobin
toRequestRoundRobin
. This helps reducing the amount of new connections being opened during a request when using the Cassandra strategy. #4004
Core
- :warning: The API entity and related concepts such as the
/apis
endpoint, are removed (deprecated since 0.13.0, March 2018). Use Routes and Services instead. - :warning: The old DAO implementation is removed, along with the
old schema validation library (
apis
was the last entity using it). Use the new schema format instead in custom plugins. To ease the transition of plugins, the plugin loader in 1.0 includes a best-effort schema auto-translator, which should be sufficient for many plugins. - Timestamps now bear millisecond precision in their decimal part. #3660
- The PDK function
kong.request.get_body
will now returnnil, err, mime
when the body is valid JSON but neither an object nor an array. #4063
CLI
- โ :warning: The new migrations framework (detailed below) has a different usage (and subcommands) compared to its predecessor. #3802
Admin API
- ๐ :warning: In the 0.14.x release, Upstreams, Targets, and Plugins were still
implemented using the old DAO and Admin API. In 0.15.0 and 1.0.0, all core
entities use the new
kong.db
DAO, and their endpoints have been upgraded to the new Admin API (see below for details). #3689 #3739 #3778
A summary of the changes introduced in the new Admin API:
- Pagination has been included in all "multi-record" endpoints, and pagination control fields are different than in 0.14.x.
- ๐ Filtering now happens via URL path changes (
/consumers/x/plugins
) instead of querystring fields (/plugins?consumer_id=x
). - Array values can't be coerced from comma-separated strings anymore. They must now be "proper" JSON values on JSON requests, or use a new syntax on form-url-encoded or multipart requests.
- Error messages have been been reworked from the ground up to be more consistent, precise and informative.
- The
PUT
method has been reimplemented with idempotent behavior and has been added to some entities that didn't have it.
๐ For more details about the new Admin API, please visit the official docs: ๐ https://docs.konghq.com/
๐ Plugins
- ๐ :warning: The
galileo
plugin has been removed (deprecated since 0.13.0). #3960 - โ :warning: Some internal modules that were occasionally used by plugin authors
before the introduction of the Plugin Development Kit (PDK) in 0.14.0 are now
removed:
- The
kong.tools.ip
module was removed. Usekong.ip
from the PDK instead. - The
kong.tools.public
module was removed. Use the various equivalent features from the PDK instead. - The
kong.tools.responses
module was removed. Please usekong.response.exit
from the PDK instead. You might want to usekong.log.err
to log internal server errors as well. - The
kong.api.crud_helpers
module was removed (deprecated since the introduction of the new DAO in 0.13.0). Usekong.api.endpoints
instead if you need to customize the auto-generated endpoints.
- The
- โก๏ธ All bundled plugins' schemas and custom entities have been updated to the new
kong.db
module, and their APIs have been updated to the new Admin API, which is described in the above section. #3766 #3774 #3778 #3839 - โ :warning: All plugins migrations have been converted to the new migration framework. Custom plugins must use the new migration framework from 0.15 onwards.
โ Additions
:fireworks: Service Mesh and Stream Routes
๐ Kong's Service Mesh support resulted in a number of additions to Kong's ๐ง configuration, Admin API, and plugins that deserve their own section in this changelog.
- ๐ Support for TCP & TLS Stream Routes via the new
stream_listen
config option. #4009 - A new
origins
config property allows overriding hosts from Kong. #3679 - A
transparent
suffix added to stream listeners allows for setting up a dynamic Service Mesh withiptables
. #3884 - Kong instances can now create a shared internal Certificate Authority, which is used for Service Mesh TLS traffic. #3906 #3861
- ๐ Plugins get a new
run_on
field to control how they behave in a Service Mesh environment. #3930 #4066 - There is a new phase called
preread
. This is where stream traffic routing is done.
๐ง Configuration
- A new
dns_valid_ttl
property can be set to forcefully override the TTL value of all resolved DNS records. #3730 - ๐ง A new
pg_timeout
property can be set to configure the timeout of PostgreSQL connections. #3808 upstream_keepalive
can now be disabled when set to 0. Thanks @pryorda for the patch. #3716- The new
transparent
suffix also applies to theproxy_listen
directive.
CLI
- ๐ :fireworks: New migrations framework. This new implementation supports no-downtime, Blue/Green migrations paths that will help sustain Kong 1.0's stability. It brings a considerable number of other improvements, such as new commands, better support for automation, improved CLI logging, and many more. Additionally, this new framework alleviates the old limitation around multiple nodes running concurrent migrations. See the related PR for a complete list of improvements. #3802
Core
- ๐ :fireworks: Support for TLS 1.3. The support for OpenSSL 1.1.1 (bumped in our official distribution packages) not only enabled Service Mesh features, but also unlocks support for the latest version of the TLS protocol.
- ๐ :fireworks: Support for HTTPS in active healthchecks. #3815
- :fireworks: Improved router rebuilds resiliency by reducing database accesses in high concurrency scenarios. #3782
- ๐ :fireworks: Significant performance improvements in the core's plugins runloop. #3794
- PDK improvements:
- New
kong.node
module. #3826 - New functions
kong.response.get_path_with_query()
andkong.request.get_start_time()
. #3842 - Getters and setters for Service, Route, Consumer, and Credential. #3916
kong.response.get_source()
returnserror
on nginx-produced errors. #4006kong.response.exit()
can be used in theheader_filter
phase, but only without a body. #4039
- New
- Schema improvements:
- New field validators:
distinct
,ne
,is_regex
,contains
,gt
. - Adding a new field which has a default value to a schema no longer requires a migration. #3756
- New field validators:
Admin API
- :fireworks: Routes now have a
name
field (like Services). #3764 - ๐ Multipart parsing support. #3776
- Admin API errors expose the name of the current strategy. #3612
๐ Plugins
- ๐ :fireworks: aws-lambda: Support for Lambda Proxy Integration with the new
is_proxy_integration
property. Thanks @aloisbarreras for the patch! #3427. - ๐ง http-log: Support for buffering logging messages in a configurable logging queue. #3604
- ๐ Most plugins' logic has been rewritten with the PDK instead of using internal Kong functions or ngx_lua APIs.
๐ Fixes
Core
- ๐ Fix an issue which would insert an extra
/
in the upstream URL when the request path was longer than the configured Route'spath
attribute. #3780 - ๐ Ensure better backwards-compatibility between the new DAO and existing core runloop code regarding null values. #3772 #3710
- ๐ Ensure support for Datastax Enterprise 6.x. Thanks @gchristidis for the patch! #3873
- Various issues with the PostgreSQL DAO strategy were addressed.
- Various issues related to the new schema library bundled with the new DAO were addressed.
- PDK improvements:
kong.request.get_path()
and other functions now properly handle cases when$request_uri
is nil. #3842
Admin API
- ๐ง Ensure the
/certificates
endpoints properly returns all SNIs configured on a given certificate. #3722 - Ensure the
upstreams/:upstream/targets/...
endpoints returns an empty JSON array ([]
) instead of an empty object ({}
) when no targets exist. #4058 - ๐ Improved inferring of arguments with
application/x-www-form-urlencoded
. #3770 - ๐ Fix the handling of defaults values in some cases when using
PATCH
. #3910
๐ Plugins
- cors:
- Ensure
Vary: Origin
is set whenconfig.credentials
is enabled. Thanks @marckhouzam for the patch! #3765 - Return HTTP 200 instead of 204 for preflight requests. Thanks @aslafy-z for the patch! #4029
- Ensure request origins specified as flat strings are safely validated. #3872
- Ensure
- ๐ acl: Minor performance improvements by ensuring proper caching of computed values. #4040
- correlation-id: Prevent an error to be thrown when the access phase was skipped, such as on nginx-produced errors. #4006
- aws-lambda: When the client uses HTTP/2, strip response headers that are disallowed by the protocols. #4032
- rate-limiting & response-ratelimiting: Improve efficiency by avoiding
unnecessary Redis
SELECT
operations. #3973