Composable business. APIOps. Hyperautomation. Open policy agent. These are among the themes we’re expecting to hear a lot more of in 2022. Here are 12 key developments we’re beginning to see in the world of digital transformation, APIs and the cloud.

In this episode of Kongcast, I spoke with Jason Yee, director of advocacy at Gremlin, about the concept of chaos engineering, why even the best engineers can’t control everything, and tools and tactics to help build app resiliency. Check out the transcript and video from our conversation below, and be sure to subscribe to get email alerts for the latest new episodes.

Before exposing your company’s APIs, your highest priority should be to assure the security, governance and reliability of those APIs. To do so, you’ll need to use an API gateway as a single secure entry point for API consumers rather than allowing direct access to APIs. Kong Gateway can help manage the full lifecycle of services and APIs as well as secure and govern the access to those APIs within an API platform.

For the modern enterprise, the focus on customer obsession—an endeavor shown by research to bring better revenue growth and customer retention—requires connectivity across all of an organization’s resources. Back in the day, the Enterprise Service Bus (ESB) was the primary provider of connectivity for a service-oriented architecture (SOA).

This year, we hosted our inaugural Kong Summit Hackathon. This virtual competition engaged our open source community and offered recognition and prizes for hacks in various categories. The community delivered with ingenious plugins, hacks and documentation. This blog post highlights our Kong Gateway plugin winner, Narendra Patel. Narendra is a senior DevOps engineer at Egnyte with close to 10 years of experience as a developer, DevOps engineer, SRE and in RPA (robotics process automation).

Let’s boldly go where no one has gone before. Get ready, Star Trek fans! Jean-Luc Picard will be representing our microservice. Once we have Jean-Luc in our ship (microservice in production), what happens on day 2? We still need to add authorization, load balancing, rate limiting, etc. With an API gateway, like Kong Gateway, you don’t have to know how to do this because a set of program components, called plugins, allow you to implement this without any problem.

Today, we are welcoming another noteworthy advancement of the Kong Gateway – the general availability of version 2.7! Both Kong Gateway and Kong Gateway OSS version 2.7 downloads are available on your favorite distribution channels. This release of the Kong Gateway includes a number of important features that serve as a foundation for addressing three key areas.

If you’ve been online at all this week, chances are that you’ve heard about the Log4Shell zero-day (CVE-2021-44228) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target’s machines. I know the first question that you all have is: “Is Kong affected by Log4Shell?” Let’s start with the good news: No Kong products are affected by this Log4J vulnerability.

In this episode of Kongcast, I spoke with Scott Lowe, principal field engineer at Kong, about what a service mesh does and when to use it, among other common mesh-related questions. Check out the transcript and video from our conversation below, and be sure to subscribe to get email alerts for the latest new episodes.

This blog was co-created by Ricardo Ferreira (Elastic) and Viktor Gamov (Kong). We love our microservices, but without a proper observability (O11y) strategy, they can quickly become cold, dark places cluttered with broken or unknown features. O11y is one of those technologies deemed created by causation: the only reason it exists is that other technologies pushed for it. There wouldn’t be need for O11y if, for example, our technologies haven’t gotten so complex across the years.

As more companies invest in a cloud native infrastructure, they’re choosing to prioritize their applications as microservices—architecting them into distinct servers. Each component is responsible for one (and only one) feature. For example, you might have Server A responsible for handling billing logic, Server B for handling user interaction and Server C for handling third-party user interactions.

At Kong, we run performance testing in CI in every commit or pull request that has a potential performance impact, as well as on each release. Thanks to the performance testing framework and its integration with Github Actions, we can easily get basic metrics like RPS and latency. Also, flame graphs to pinpoint the significant part that draws down performance. With that workflow in place, we figured one of the most significant parts of Kong’s hotpath is Nginx variable accesses.

As part of the Kong Gateway 2.6 release, we shipped a brand new jq plugin for anyone with an enterprise license to use. It’s like we combined the request and response transformer plugins to form a single, more powerful plugin—supercharging the way we work with request and response bodies. If you’re not familiar with jq, it’s a JSON processing language that allows you to manipulate any JSON document and transform it however you need.

The Neosec platform integrates with Kong Gateway Enterprise to provide automated and continuous API discovery, API risk posture alerting and API protection through behavioral analytics and response automation. And it does all that while being out of band, using the logs shipped from Kong to Neosec.

For those who aren’t familiar with Insomnia, it’s Kong’s API testing, design and debugging platform. Insomnia’s product vision is to optimize API development by simplifying and automating a developer’s workflows. APIOps plays a key role in this vision, optimizing API development by simplifying and automating developers’ workflows.