Kong Gateway
Kong Gateway is a cloud-native API gateway designed to manage and secure API traffic in hybrid and multi-cloud environments, particularly for microservices and distributed architectures.
| Category | API Security |
|---|---|
| Last Commit | 1 year ago |
| Last page update | 19 days ago |
| Pricing Details | Open Source version available; Enterprise version with advanced features is available on a subscription basis. |
| Target Audience | Developers and organizations managing APIs in complex environments. |
Kong Gateway addresses the complex challenge of managing and securing API traffic in hybrid and multi-cloud environments, particularly in microservices and distributed architectures. At its core, Kong Gateway is a lightweight, fast, and flexible cloud-native API gateway built on the NGINX engine, capable of handling over 50,000 transactions per second per node.
The technical architecture of Kong Gateway involves a control plane and multiple data planes. The control plane, which can be managed through Kong Konnect or self-managed, centralizes the configuration and management of the gateway. Requests from API clients flow into the data planes, where they are modified and managed according to the configurations set in the control plane before being forwarded to upstream services. This setup allows for end-to-end automation, leveraging declarative configuration and integration with CI/CD pipelines to streamline API lifecycle management.
Operationally, Kong Gateway is highly extensible and deployment-agnostic, supporting various environments including on-prem, cloud, Kubernetes, and serverless configurations. It offers a range of plugins for security, authentication, transformation, and analytics, which can be customized using the Plugin Development Kit. The Kong Ingress Controller enables native integration with Kubernetes, facilitating traffic management and transformations across clusters without downtime.
Key operational considerations include the flexibility to configure Kong Gateway with or without a database and the ability to deploy in hybrid or cloud-hosted modes. The Enterprise version of Kong Gateway adds advanced features such as fine-grained security policies, support for third-party secrets managers, and Role-Based Access Control (RBAC), which are crucial for large-scale and highly regulated environments. However, this added functionality comes with increased complexity and potential performance impacts, particularly in terms of configuration updates and resource scaling.
Technically, Kong Gateway 3.7 introduces several performance and security enhancements, including a new context propagation module, improved cache key generation, and enhanced security features such as support for JWT-secured authorization frameworks and Mutual TLS with OAuth 2.0 DPoP. These updates aim to improve throughput by up to 7% and enhance security measures against authorization request attacks.