The following slides may contain information related to upcoming products, features and functionality. The content is presented for informational purposes only and subject to change or delay without notice. The development, release and timing of products, features or functionality are at the sole discretion of Kong Inc.
Increasing Exponentially 65% 87% 100%+ Increasing investment in APIs and Microservices1 Will fall behind if they fail to adopt APIs and Microservices2 YoY growth of APIs and Microservices worldwide3 1 Mckinsey CIO Survey 2 Vanson Bourne 3 Gartner Research
& REST Edge Monolithic Baremetal, VMs Data Center PROTOCOLS CONNECTIVITY PATTERNS APPLICATION TYPES PLATFORMS ENVIRONMENTS APIs Have Evolved, Legacy API Management Hasn’t # OF SERVICES AND AGILE TEAMS CONTROL AND VISIBILITY LEGACY TECH STACK REST, gRPC, GraphQL, Kafka Ingress, Service Mesh Microservices, Serverless Containers, Kubernetes Multi-region, Multi-cloud, Hybrid MODERN TECH STACK
Enterprise Kong Mesh Kong Insomnia Kong Konnect The Kong API Platform - E2E APIm platform - Kong API Gateway - Apps: Portal and Vitals - 100% self-managed (on-prem) - SaaS E2E APIm platform - Kong API Gateway - Apps: Portal, Vitals, ServiceHub and Runtime Manager - Cloud control plane - and apps, self- - managed data - planes - Easy to use and operate service mesh - Built on Kuma CNCF project - Most popular OSS API developer tool - Browse, design, and test APIs - Integrated into Kong Enterprise and Kong Konnect via APIOps
Enterprise Kong Mesh Kong Insomnia Kong Konnect (Cloud) Kong API Gateway Service Mesh API Explorer API Designer API Testing Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins The Kong API Platform Outside of the scope of this presentation Inso CLI AuthN / AuthZ decK CLI Self-managed (i.e. on-prem) Kong hosted (i.e. cloud/saas)
and Automation with APIOps - Infra as code/config ⇔ API - 🥕 vs 🏒 governance - Enables speed, reliability, and re-use - Enables distributed autonomy with control - Benefits all: Devs, Architects, Operators
Enterprise Kong Mesh Kong Insomnia Kong Konnect (Cloud) Kong API Gateway Service Mesh API Explorer API Designer API Testing Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins First stop ⇒ The Kong API Gateway Inso CLI AuthN / AuthZ decK CLI decK CLI
API Product Tiers with Consumer Groups Event Gateway with Kafka Plugin API AutN via OIDC and mTLS Secret Management - AWS, GCP, Vault FIPS 140-2 Validated Powerful GraphQL Enhancement Advanced Data Transformation - jQ, Config OPA Policy driven Traffic Mgmt Developer Speed with API Mocking Highlights of Kong Gateway Enterprise Cloud-Native Connectivity Capabilities FIPS 140-2 API
Kong Gateway 3.0 Plugins Secret Management (GA) - Modify the default plugin execution order - Without the need to change plugin code - No need to package another version of the same plugin with different priority value Plugin Ordering Open Telemetry-Tracing - Support open telemetry - Instrumentation of trace and span - Hashi Vault and AWS Secret Manager integration - Referenceable secrets for more secure deployments - Used in custom and bundled plugins
Kong Gateway Flagship Features LMDB New Route Optimization Plugin Ordering Secrets Management Websocket Support FIPS 140-2 Kong Manager 3.0 LDAP Group Authentication OpenTelemetry New Router UBI + Slim Images
Kong Gateway Flagship Features LMDB New Route Optimization Plugin Ordering Websocket Support FIPS 140-2 LDAP Group Authentication UBI + Slim Images Secrets Management Kong Manager 3.0 OpenTelemetry New Router
Kong Gateway 3.0 ships with a new router ▪ The router is what helps Kong decide which upstream to forward inbound requests to ▪ The new router can be used in traditional-compatible mode, or using a new expression based language What is it? 19
▪ Comparable performance for commonly used scenarios ▪ Incremental rebuilds ◦ By leveraging efficient data structures instead of function closures for matching optimization ▪ More expressive format ◦ Reduced cardinality ◦ Reduced expensive regexs ▪ Unified implementation for all users ◦ Kong DP, Koko, Kong Manager, … Design Goals
▪ Reduced router rebuild time when changing Kong’s configuration ◦ Reduced P99 latency from 1.5s to 0.1s with 10,000 routes ▪ Powerful routing language that can handle complex routing requirements ▪ Increased runtime performance when routing requests Business Benefit
▪ OpenTelemetry (OTel) is a collection of tools, APIs and SDKs to instrument, collect and export telemetry data for your software ▪ Use it to understand what your software is doing, how it’s performing and where time is being spent during execution What is it?
▪ Allows DevOps and SRE teams to understand where time is being spent when running Kong Gateway to help tune performance ▪ Provides a Plugin Development Kit (PDK) to enable customers to instrument their own custom plugins Business Benefit
▪ Kong Manger is a UI that we provide to help customers configure and monitor their Kong deployment ▪ Kong Manager 3.0 ships a new design and improved user experience (including more tooltips) What is it?
▪ Store sensitive information in external vaults, such as AWS Secrets Manager, Google Cloud Secrets Manager or Hashicorp Vault ▪ Secrets can be used for any kong.conf value, and specific plugins (with more being added each release) ▪ Automatic secret rotation is supported for some values (such as Postgres password) What is it?
▪ Ensure these Sensitive Keys used in Kong Deployments are: ◦ Secrets are not inadvertently visible throughout Kong’s platform (e.g decK configurations, logs, Manager UIs) which may lead to unauthorized access. ◦ Secrets can be securely stored, tightly controlled and are auditable by IT organizations ▪ Move from “Secret Sprawl” to Centralization ◦ Customers can leverage their own centrally managed secret management infrastructure to ensure sensitive information necessary for Gateway operations is up-to-date and adheres to IT security policies Business Benefit
1) Use pre-built “Connectors” to AWS Secret Manager, Hashicorp Vault and Google Cloud Secret Manager 2) Reference secrets using a simple and intuitive variable used throughout Kong configurations: {vault://driver/secret/path} 3) Automatically resolve secrets on Kong Data Planes whose secret values only exist in memory and are obfuscated throughout the deployment. Key Features
Kong Gateway 3.1 (ETA: End of November) Headless Scale-out - On-demand granularity control of logs for Day 2 operations. Dynamic Log Level Changes More OOTB Plugins - AppDynamics and Datadog - SAML 2.0 Authentication - JWT Encryption & Decryption - Open API Spec validation - XML threat-protection - - DPs can scale out even with no connection to Control Plane - DPs can navigate your forward proxies
Kong Kubernetes Ingress Controller - Kong API Gateway 💪 via K8s CRDs - Kubernetes Gateway API support - Integrated Prometheus metrics - Plugin-in Istio gateway support - Kong Gateway Operator - Konnect Platform integrations - Create svc in portal from k8s - Create Gateways directly from Konnect Today Roadmap
Runtimes KONG GATEWAY WasmX - Multi-language connectivity support • Write Connectivity Logic in a WASM supported language • Compile to WASM and run on any WASM supported runtime layer • Go, Rust, and JavaScript are P1 WASM CONNECTIVITY RUNTIME LAYER KONG MESH Side-car Logic Edge Traffic Logic Edge Traffic Logic
Konnect (Cloud) Kong Enterprise Kong Mesh Kong Insomnia Kong API Gateway Service Mesh API Explorer API Designer API Testing Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins Next ⇒ Kong Konnect complements the 🌍 most 😍 API gateway Inso CLI AuthN / AuthZ decK CLI decK CLI
and Automation with APIOps - Infra as code/config ⇔ API - 🥕 vs 🏒 governance - Enables speed, reliability, and re-use - Enables distributed autonomy with control - Benefits all: Devs, Architects, Operators
Governance at Scale RUNTIME FUNCTIONALITY USERS Kong Gateway Kong Mesh Kong Ingress Controler Portal Runtime ServiceHub Vitals Insomnia OPERATORS ENTERPRISE ARCHITECTS DEVELOPERS App Team 1 App Team 2 App Team 3
for multi-cloud environments SaaS-based control plane accelerates deployments and offers expanded APIOps & Full-Lifecycle applications Self-managed runtimes provide flexibility for any hybrid or multi-cloud deployment pattern Gateway Gateway Global Management Plane ServiceHub Runtime Manager Vitals Developer Portal Kong Insomnia* * Kong Insomnia is a Kong product that integrates natively with Kong Konnect.
Connectivity Registry of Record - Support for Kong & non-Kong services - Versioning and documentation - Streamlined Runtime Manager integration - Contextual insights - Non-Gateway Cataloging Roadmap Today
API Analytics - Throughput, latency, error rate by route, service, or application - Available in context of service or raw report - Ability to create custom reports - 360 data exploration - Consumer analytics - Custom dashboards Today Roadmap
Konnect (Cloud) Kong Enterprise Kong Mesh Kong API Gateway Service Mesh Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins Next ⇒ Insomnia the 🌍 most 😍 OSS API developer tool AuthN / AuthZ decK CLI decK CLI Kong Insomnia API Explorer API Designer API Testing Inso CLI
Insomnia - Overview - Support for REST, gRPC, and graphQL APIs - Sync and git integration for collaboration - Publish OpenAPI specs to Dev Portal - CLI companion for APIOps in CI/CD - Debug and test Websocket APIs - Login with GitHub and Google - More collaboration with invite flows - RBAC and SSO with Konnect as backend Today Roadmap
Konnect (Cloud) Kong Enterprise Kong API Gateway Platform Platform Portal Vitals Portal Service Hub Vitals Runtime Manager K8s Ingress Controller Kong Manager Community and Enterprise Plugins Next ⇒ Kong Mesh - Easy to use, powerful, and based on Kuma AuthN / AuthZ decK CLI decK CLI Kong Insomnia API Explorer API Designer API Testing Inso CLI Kong Mesh Service Mesh
- Dec: 75% Most Likely Kong Gateway or Kong Enterprise Kong Konnect Kong Insomnia Jan - March: 60% Likely SAML 2.0 Plugin Multi-geo support: Australia Gateway: Secret Mgmt & Consumer Groups Developer & application analytics Kong Manager 3.0 Ongoing Improvements Response Schema Validation FIPS Compliance - Plugins Identity and Runtime Group APIs Konnect Platform Konnect Developer Portal Insomnia Kong Gateway and Kong Ingress Controller Multi-runtime Groups App Reg Multi-geo support AU Cloud Application Rewrite + Refactoring API - Needed for Vision24 Social and EE SSO Invite Flows Dynamic client registration Service Doc Mgmt. Platform APIs AppDynamic Plugin Data Dog Advanced Plugin XML Threat Protection Headless DP Scale-out Dynamic log level changes KIC ⇔ Konnect Integration Contextual API documentation Mocking RBAC Runtime cert mgmt & proxy support Self-managed custom plugins Custom dashboards & drill-down Platform audit logs Cloud Launcher Beta, Gateway 3.1, Runtime UI enhancements RBAC for Portal Content Support for Azure Vault Overall End-to-End Experience Improvements (Key Plugins, APIOps, …)
Next 6 months Beyond eBPF - iptables lookup leveraging eBPF Serverless - AWS Lambda support RBAC Auditing - Exact logs of changes SSO - For API and UI Authentication Cross Mesh Discovery - Istio (& other mesh) integrations Top policies - More policies as requested by customers and community (see next slide)
and Automation with APIOps - Infra as code/config ⇔ API - 🥕 vs 🏒 governance - Enables speed, reliability, and re-use - Enables distributed autonomy with control - Benefits all: Devs, Architects, Operators
re-use and manage cross-app concerns DEPLOY External Developers Operators DISCOVER PUBLISH TO A MANAGE A A REGISTERED TOA DISCOVERY SECURITY STRENGTHEN SECURITY
re-use and manage cross-app concerns DEPLOY External Developers Operators PUBLISH TO A MANAGE A A REGISTERED TOA DISCOVERY SECURITY STRENGTHEN SECURITY
xibuka
oracle4engineer
minorun365
ma2shita
jpishikawa
hf149
kouzoukaikaku
katoaz
hiropo20
lambda
comucal
yuj1osm
jcasabona
marcelosomers
myddelton
bcantrill
robhawkes
erikaheidi
sachag
colly
jrom
cromwellryan
62gerente
chrisshort
