News New Look, Same Vision: KrakenD’s Website Redesign

Product UpdatesSecurity

5 min read

KrakenD CE v2.5 released: multiple POSTs opened

by Albert Lombarte

Hey KrakenD enthusiasts,

We’ve got some exciting news for you – KrakenD v2.5 is here, packed with features that take simplicity to a whole new level while tackling complex challenges head-on. Let’s dive right into the key updates that make this release worth upgrading:

Multiple POSTs

When we created the aggregation feature seven years ago, we considered it too dangerous for our users to open the door to allow aggregation and sequential calls to write data to multiple targets from a single API call. Therefore, you might have felt restricted when dealing with numerous POSTs and other unsafe methods.

With KrakenD v2.5, we have revisited this ancient determination, and now there is no limit to the number of write operations you can do in a single endpoint. What we did here is to shift the responsibility to you, the developer, because you know better than anyone else if this pattern is something you can afford.

We still firmly believe that doing distributed transactions in the API gateway is a bad idea, but we have also seen (especially in legacy systems) that you have to play with what you have. Sometimes, methods are unsafe, but the operations underneath them are not. How many old APIs have you seen that use a POST verb to perform a SELECT in a database?

With this version, you can now:

  • Add multiple POST, DELETE, PUT, or PATCH entries in a single endpoint
  • Use sequential calls with unsafe methods.

As seen in Spider-Man comics and movies, With great power, there must also come great responsibility.

Restrict the service to a specific IP

Now, you can dictate which IP your service listens to. So far, KrakenD listened to all interfaces (0.0.0.0). The new listen_ip field lets you restrict the service to a specific IP (v4 and v6 formats accepted), putting you in control of your network configurations.

Connect to backends using mTLS

Security is non-negotiable. Complementing the previously existing Service mTLS where your clients had to provide a certificate in business-to-business (B2B) applications, you can now configure Client mTLS options to establish secure connections from KrakenD to your backends more securely.

More granular filtering of query strings

The new release brings a second level input_query_strings in the backend section, which allows you to apply a second round of query string filtering. You might need to pass a few query strings in your endpoint, but not all backends need to receive all of them. You can now do configurations like this:

{
    "endpoint": "/letters",
    "input_query_strings": ["a","b","c","d"],
    "backend": [
        {
            "url_pattern": "/wowels",
            "input_query_strings": ["a"]
        },
        {
            "url_pattern": "/consonants",
            "input_query_strings": ["b","c","d"]
        }
    ]
}

One-step Flexible Configuration and linting

The usage of the Flexible Configuration with the check commands now, does not require you to use FC_OUT to apply the --lint, saving one step in all pipelines.

Empowering Custom Plugins

We believe in giving you control. Custom plugins (both server and client) will now receive the Service Go Context, allowing you to gracefully handle services started by the plugin when the gateway shuts down.

More Identity Servers

Identity servers returning Content-Type: application/jwk-set+json are now seamlessly accepted without doing any extra configuration, expanding the horizon of possibilities for your authentication mechanisms.

Ironing Out the Wrinkles

KrakenD v2.5 doesn’t just bring new features; it also addresses previous quirks. Race conditions on global JWK URL keys cache? Fixed. Rate limit eviction resetting on very large time settings? No more. We’re committed to delivering a smoother experience.

Upgrade now and experience the power of simplicity with KrakenD v2.5. We’re engineering solutions for your complex problems, one release at a time.

🚀 Summary of changes for CEv2.5

The v2.5 binary allows multiple POSTS in and out sequential calls, restricts service listening to a specific IP, and improves JWT and AMQP.

  • Endpoints with multiple POSTs are now possible. The restriction to work with multiple unsafe methods is now removed.
  • Added new attribute static_routing_key on AMQP consumers (thanks to Georgios Chronis).
  • The new field listen_ip can now restrict the service to listen to a specific IP.
  • You can now configure mTLS options globally to connect to your backends
  • Added a second level input_query_strings in the backend section.
  • The Flexible Configuration and the --lint flag of check can work now in a single step
  • Your custom plugins (server and client) will now receive the Service Go Context, so you can cancel services started by the plugin when the gateway shuts down.
  • Identity servers returning Content-Type: application/jwk-set+json in their jwk_url are now accepted
  • When definining a custom router section the default settings for remote_ip_headers were reset.
  • The rate limit eviction was resetting on very large time settings
  • Fixed race conditions on global JWK URL keys cache
  • Requests with method OPTIONS (CORS module) with HTTP/2 without HTTP/1.1 Upgrade returned 405 status code instead of 204 when use_h2c flag was enabled (thanks to @anivanovic)
  • The propagate_claims attribute for JWT claims sets now to blank those headers with missing values, and does not allow the user to override via custom headers.
  • The flag router.use_h2c has moved to the root level as use_h2c, and its usage inside the router is marked as deprecated.

Upgrading to the latest version is always advised.

Scarf

Stay up to date with KrakenD releases and important updates