News KrakenD v2.9.2 and v2.9.3 security releases

Community Documentation

Document updated on Feb 6, 2025

Checking dependencies of plugins

The Go plugin system requires you to compile the main application and its plugins using the same ecosystem. This means that KrakenD and your plugins must use the same Go version, the same version of any imported libraries, the same system architecture, and the same GLIBC/MUSL libraries. Therefore, knowing in advance that you are using libraries that are incompatible with KrakenD when writing custom plugins is key.

The krakend check-plugin command helps you validate the part of the dependencies used by your plugins, which will determine whether the plugin is compatible. Go programs define their dependencies in their go.sum file, and this is all you need to check the compatibility.

Usage of the check command

The command compares your plugin’s go.sum file with the libraries initially used to compile the running binary. A detailed list will be shown if there are any incompatibilities between your plugin and KrakenD.

If you integrate this command as part of your CI/CD pipeline or Dockerfile build, it will exit with a status code 0 when your plugin’s libraries are compatible with KrakenD and with a status code 1 when they are not.

The krakend check-plugin command accepts the following options:

Usage of KrakenD check 

$krakend check-plugin -h

╓▄█                          ▄▄▌                               ╓██████▄µ
▐███  ▄███╨▐███▄██H╗██████▄  ║██▌ ,▄███╨ ▄██████▄  ▓██▌█████▄  ███▀╙╙▀▀███╕
▐███▄███▀  ▐█████▀"╙▀▀"╙▀███ ║███▄███┘  ███▀""▀███ ████▀╙▀███H ███     ╙███
▐██████▌   ▐███⌐  ,▄████████M║██████▄  ║██████████M███▌   ███H ███     ,███
▐███╨▀███µ ▐███   ███▌  ,███M║███╙▀███  ███▄```▄▄` ███▌   ███H ███,,,╓▄███▀
▐███  ╙███▄▐███   ╙█████████M║██▌  ╙███▄`▀███████╨ ███▌   ███H █████████▀
                     ``                     `'`

Version: 2.9.3

Checks your plugin dependencies are compatible and proposes commands to update your dependencies.

Usage:
  krakend 2.9.3 [flags]

Examples:
 krakend 2.9.3 -g 1.19.0 -s ./go.sum -f

Flags:
  -f, --format        Shows fix commands to update your dependencies
  -g, --go string     The version of the go compiler used for your plugin (default "1.22.11")
  -h, --help          help for check-plugin
  -l, --libc string   Version of the libc library used
  -s, --sum string    Path to the go.sum file to analyze (default "./go.sum")

Flags

Use krakend check-plugin in combination with the following flags:

  • -f or --format to let KrakenD suggest you about the go get commands you should launch.
  • -s or --sum to specify the path to the go.sum file of your plugin.
  • -g or --go to specify the Go version you are using to compile the plugin
  • -l or --libc to specify the libc version installed in the system. The libc version must have the prefix MUSL-, GLIBC-, and DARWIN-. For instance, a plugin in Mac Monterrey might use DARWIN-12.2.1, an Alpine container will need something like MUSL-1.2.2, and a Linux box will have GLIBC-2.32. To know your glibc version execute the Find GLIBC script. When there are incompatibilities because the operating system is different, but the libraries (glibc or musl) are in the exact same version, it is safe to ignore them.

The example below shows an example of a plugin that uses several libraries that are incompatible with KrakenD:

Checking a failing plugin example 

$krakend check-plugin --go 1.17.7 --libc MUSL-1.2.2 --sum ../plugin-tools/go.sum
15 incompatibility(ies) found...
go
    have: 1.17.0
    want: 1.16.4
libc
    have: MUSL-1.2.2
    want: GLIBC-2.31
github.com/gin-gonic/gin
    have: v1.6.3
    want: v1.7.7
github.com/go-playground/locales
    have: v0.13.0
    want: v0.14.0
github.com/go-playground/universal-translator
    have: v0.17.0
    want: v0.18.0
github.com/go-playground/validator/v10
    have: v10.2.0
    want: v10.9.0
github.com/golang/protobuf
    have: v1.3.3
    want: v1.5.2
github.com/json-iterator/go
    have: v1.1.9
    want: v1.1.12
github.com/leodido/go-urn
    have: v1.2.0
    want: v1.2.1
github.com/mattn/go-isatty
    have: v0.0.12
    want: v0.0.14
github.com/modern-go/concurrent
    have: v0.0.0-20180228061459-e0a39a4cb421
    want: v0.0.0-20180306012644-bacd9c7ef1dd
github.com/modern-go/reflect2
    have: v0.0.0-20180701023420-4b7aa43c6742
    want: v1.0.2
github.com/ugorji/go/codec
    have: v1.1.7
    want: v1.2.6
golang.org/x/sys
    have: v0.0.0-20200116001909-b77594299b42
    want: v0.0.0-20211004093028-2c5d950f24ef
golang.org/x/text
    have: v0.3.2
    want: v0.3.7

Fixing plugin dependencies

A quick attempt to fix your dependencies is to run the command with the -f flag, which will suggest a series of go get commands that you can execute to solve the incompatibilities. For instance:

Fixing dependencies 

$krakend check-plugin -s ~/Downloads/go.sum -f
12 incompatibility(ies) found...
go get cloud.google.com/go/[email protected]
go get github.com/census-instrumentation/[email protected]
go get github.com/google/[email protected]+incompatible
go get github.com/googleapis/gax-go/[email protected]
go get github.com/hashicorp/[email protected]
go get golang.org/x/[email protected]
go get golang.org/x/[email protected]
go get golang.org/x/[email protected]
go get golang.org/x/[email protected]
go get google.golang.org/[email protected]
go get google.golang.org/[email protected]
go get google.golang.org/[email protected]

Copy and paste your terminal’s go get commands to update the dependencies. The commands are in alphabetical order.

You might need to use the -f several times and use go mod tidy as well.

Contribute to KrakenD Documentation. Improve this page »

Unresolved issues?

The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.

See all support channels