News KrakenD CE v2.7 released with better rate-limiting and security options

Open sourcing all 1st-year enterprise components

by alombarte

Oct 22, 2017

4 min read
post image

It’s been almost one year live, and what is known today as the KrakenD Enterprise components will be disclosed in the form of open-source repositories in the following weeks, and the action has already started, don’t miss it! In this post, we will explain the reasons behind this decision which might sound crazy from a business perspective in the first place. Why would anyone publish one year of paid software as free software?

A look back…

If you are reading this post, chances are that you know this already. In short, KrakenD is the fastest API Gateway in the market. It’s built with the Go programming language while following best practices and designed with performance in mind. But don’t take it for granted; we encourage you to run your own benchmarks against your APIs.

We are a small group of engineers helping companies solve complex problems. Since we’re all engineers here, our marketing skills are on a similar level to our skills in butterfly sexing. So we communicated this significant change in our strategy with this only tweet:

Today with this post, I will extend a little bit this short announcement.

KrakenD framework, KrakenD CE, and KrakenD EE. What Da?

When we started this adventure, we decided to distinguish between the KrakenD Enterprise Edition, a commercial product, and the open-sourced KrakenD framework, a library we use ourselves as the foundations of all software.

We “released the KrakenD” on Github right before past winter holidays. We have always believed in the OS movement, and it is no strange that a commercial product is built upon an open-source framework maintained by the same organization.

Until now, if you wanted to use KrakenD, you had to compile and assemble the libraries yourself to build a gateway, or instead, you could get a packaged free version of KrakenD with almost all the Enterprise features, only that limited in concurrency and the number of endpoints you could create. Just a teaser to make you want more and pay for an Enterprise license. This limited freemium version is what today is gone.

Goodbye to the freemium model

Enters the KrakenD Community Edition: a fully open-source, unrestricted, unlimited, packaged-ready version of KrakenD, including the publication of Enterprise components up to date (Oct 2017).

So yesterday, if you wanted a full-equipped and unlimited KrakenD in usage, you needed to apply (pay) for an enterprise license. If you did, we generated a license you would install in your on-premise. All features were unlocked then, and the limits raised accordingly.

What we are changing from now on is that no one will need a license to run an unlimited KrakenD because we have created the open-source package KrakenD Community Edition.

It may seem like a significant change for us in terms of business, but the product will benefit more from a more extensive open-source model that does not conflict with the enterprise features.

From an API Gateway perspective, today’s KrakenD functionality will be in its whole open-sourced. Of course, more Enterprise-only features will come in the future, but the ones we have today we believe they must be open-sourced and unrestricted.

In the meantime, we keep giving paid support (also for the open source), consultancy, and expert development, as this model has been working well for us.

So, what exactly is open-sourced?

Unlike Netflix, we won’t be releasing all episodes in the first season. Instead, we will progressively release the enterprise components in our KrakenD Github page when they are core features or on its separate repository if they are not essential functionality of a pure API Gateway.

Many components and middleware will be going out, and time will bring even more. Here is a preview (non-limited) of functionalities that we will be releasing soon, do not take this sample as an accurate roadmap:

  • Rate limit ( published!)
  • Circuit breaker ( published!)
  • OAuth2 client credentials grant
  • Metrics proxy and router
  • Security router
    • Restrict connections by host
    • HTTP Strict Transport Security (HSTS)
    • Clickjacking protection
    • HTTP Public Key Pinning (HPKP)
    • MIME-Sniffing prevention
    • Cross-site scripting (XSS) protection
    • Cross-origin resource sharing (CORS)
  • cmd package
  • JSON Web Tokens (JWT) and JSON Object Signing and Encryption (JOSE)
  • Custom caching headers

Summing up

We had crossed thoughts for a long time and had a lot of internal debate. With this change, you might even think we are shooting ourselves in the foot. Maybe. But we are confident that this is better for the community and the product and its satellite middlewares as they will grow faster this way.

We will announce via Twitter when we publish new components, but make sure at least to star (thanks!!!) the project. Even better if you also watch it to get the notifications, and super if you decide to fork it and contribute.

Thanks for watching! :)

 Stay up to date with KrakenD releases and important updates