►
From YouTube: Improving Day-2 Operations with Kong Gateway
Description
Installing and configuring Kong Gateway is just the beginning. Once you’re in production there’s ongoing effort to keep your API Gateway online and make it’s configuration match what your business needs. Our recent Kong Gateway 3.4 and Kong Ingress Controller 2.11 releases are focused on operator efficiency, and contain a host of features that will make your life easier.
Join Veena and Michael as they walk you through some common failure modes of Kong Gateway and how our latest release helps you keep your API Gateway processing traffic 24/7.
A
It
hello
everyone
good
morning,
good
afternoon,
good
evening
from
wherever
you're
joining
us.
My
name
is
Dalia
and
I
work
as
a
community
manager
here
at
Kong
and
I'm
very
happy
to
welcome
all
of
you
to
our
August
user
call.
So
today
we
have
the
topic
improving
day.
Two
operations
with
con
Gateway
we
have
Michael
and
Dina
with
us
who
will
be
presenting
I
will
let
them
introduce
themselves.
A
Let's
take
all
of
the
questions
at
the
end,
you
will
see
a
q
a
function
at
the
bottom,
where
you
can
input
all
of
your
questions.
Please
put
them
there
instead
of
in
the
chat,
because
it's
easier
to
keep
track
in
the
Q
a
function
so
before
we
kick
it
off
with
a
presentation.
A
I
want
to
make
all
of
you
aware
that
next
to
API
Summit
this
year,
which
is
happening,
27
28th
of
September
we're
also
doing
our
annual
hackathon,
so
I
think
most
of
you
should
be
familiar
with
us
if
you
have
been
following
us
for
some
time
now,
but
this
is
our
third
annual
virtual
hackathon
that
we
do
a
long,
API
Summit.
So
this
year
it's
actually
pretty
interesting,
because
the
hackathon
will
be
focusing
on
API
Innovation
using
artificial
intelligence.
A
We
welcome
a
maximum
team
of
four.
There
will
be
a
lot
of
cool
prizes,
so
I
encourage
you
all
to
subscribe
and
to
stay
updated.
The
submissions
are
opening
August,
28th
and
we'll
run
for
a
month.
We
will
announce
the
winners
and,
on
the
last
day
or
on
the
second
day
of
API
Summit,
so
subscribe
stay
up
to
date
and
I
encourage
you
all
to
participate
because
the
awards
are
very
cool.
A
B
Let
me
share
it.
My
screen.
B
All
looking
good
right
good
morning,
everyone
good
evening,
good
afternoon
good
evening,
wherever
you're
joining
from.
Thank
you
for
joining
today.
My
name
is
Veena
rajaratna
I
am
a
product
manager
on
the
Gateway
team.
I
recently
joined
Kong
I've
been
here
less
than
two
months.
I
come
from.
Nginx
I
was
building
a
similar
API
management,
API
Gateway
Solutions
I'm
really
impressed
with
Kong
and
what
has
been
achieved
here
with
regards
to
API,
Gateway
and
API
management
and
excited
to
be
here
today.
B
B
They
had
an
LTS
release,
I
believe
the
build
was
2.8
and
if
you
have
not
really
transitioned
or
if
you're
considering
transition
from
2.x
series,
then
3.4
is,
is
the
right
version
to
a
transition
to
so
it
it
will
have
long
term
support
until
August
2026..
B
So
if,
if
you
need
more
information
to
make
that
informed
decision,
I
believe,
if
you
can,
you
know,
listen
to
the
previous
user,
calls
that
may
have
more
details
on
the
architectural
improvements
in
3.x
over
the
two
dot
X
Series,
all
right,
let's
jump
into
the
3.4
highlights,
as
this
call
suggests
right.
This
release
was
focused
mainly
on
improving
this
operational
efficiency
right,
so
making
it
easier
for
operations
day,
two
and
Beyond.
B
So
at
a
thematic
level,
we've
categorized
it
into
three
buckets,
which
is
one,
is
simplifying
API
management
enhancing
the
reliability.
That's
the
first
category.
Second,
there
are
improvements
and
enhancements
addressing
the
security
and
compliance
needs
and
the
third
one
is
posting
that
developer
productivity
and
efficiency.
B
So
in
the
this
is
at
the
high
level,
we
look
at
the
details
on
each
of
these
items
in
the
later
slides,
but
I
wanted
to
give
you.
You
know
the
Thematic
thematically
what
was
addressed
and
what's
the
key
highlights
of
3.4.
So
in
the
first
category
of
simplifying
the
API
management
we
introduce
again
the
3.4
is
in
LTS,
so
it's
a
good
build
to
be
migrating
to.
If,
if
you're
considering,
you
know
migrations
from
2.x
series,
there
is
deck
based
migration
support.
B
So
you
know
that's
again
simplifying
the
operations
and
we
introduced
a
feature
called
consumer
groups
in
the
3.3
release
of
con
Gateway
and
what
you
know
what
3.4
addresses
is
that
it
extended
the
consumer
groups
to
other
plugins
in
3.4,
so
we'll
get
into
the
details
in
the
slides
below
in
the
security
and
the
compliance
category,
we
improved
the
secrets
management
right.
So
the
support
for
rotation
rotating
the
secrets
there
is
Improvement
to
the
IP
restriction
plugin.
B
You
can
now
restrict
traffic
based
on
the
TCP
traffic,
so
if
you
have
TCP
applications,
you
can
restrict
traffic
based
on
ipe
addresses
or
a
block
of
IP
addresses,
and
the
Kafka
log
plugin
also
had
some
improvements
to
to
the
login
capabilities
and,
in
the
last
category,
the
enhancing
the
productivity
for
developers
very
excited
to
announce
the
basm
support
and
gateways.
So
this
is
a
much
awaited
feature
wherein
you
know
you
can
create
vas
and
filters
as
opposed
to
Lua
filters
and
create
custom
filters
for
for
for
running
in
the
Gateway.
B
In
the
first
category
that
simplifying
the
API
management
and
reliability,
so
if
you
recall,
consumer
groups
was
introduced
for
a
reason
right,
so
Kong
Gateway
treats
consumers
as
first
class
entity
right,
so
you
could
create
plugins
to
execute
on
consumers.
So
what
this
ended
up
doing
was
that
add
the
customers
sites.
We
had
a
lot
of
plugins
created,
and
you
know,
if
not
hundreds
thousands
of
plugins
because
of
this
per
consumer
approach.
B
What
this
led
to
was
the
performance
of
The
Gateway
right,
so
it
has
to
constantly
rebuild
that
execution
Logic
for
the
plugins,
manage
the
routing
tables
and
routing
rules,
so
the
performance
kind
of
took
a
hit
when
you
know,
as
the
number
of
this
per
consumer
plugins
exceeded,
so
consumer
groups
was
introduced
to
address
this
issue.
The
idea
is,
you
can
logically
group
consumers
into
a
group.
B
For
example,
let's
say
you
have
three
tiers
gold,
silver
bronze,
and
you
know
you
want
a
rate
limit
according
to
the
tiers
three
tiers,
so
you
could
group
those
consumers
into
these
three
different
groups
and
apply
the
rate
limit
plugin
on
our
groups
right,
so
that
you
only
have
to
manage
three
groups,
not
like
hundreds
of
hundreds
of
plugins,
so
you're
managing
plug.
It's
the
number
of
plugins
comes
down.
It
makes
it
makes
the
Gateway
perform
better
and
there's
you
know
drastically
reduces
the
overhead
operational
overhead
on
managing
n
number
of
plugins.
B
So
in
this
release,
the
consumer
group
support
has
been
extended
to
four
more
plugins
to
two
categories,
but
both
basic
and
advanced
plugins
of
request,
Transformer
category
and
the
response
Transformer.
So
there's
additional
support
in
these
plugins
now
to
to
support
consumer
groups.
So
really
this
is
focused
on
mitigating
the
risk
associated.
You
know
it's
harder
to
make
propagate
changes.
If
you
had
thousands
of
plugins
right
so
now
it
may
take.
You
have
a
fewer
number
of
plugins
and
change
management
becomes
easier,
so
decreasing
that
operational
overhead
as
well.
B
So
that's
one
of
the
key
features
and
the
second
one
is
the
one
that
I
talked
about
earlier,
which
is
a
long-term
support.
So
3.4
is
the
LTS
version.
It
will
have
support
and
security
upgrades
and
patches,
for
you
know
up
until
August
of
2026,
so
that
really
makes
it
Enterprise
grade,
and
you
know
the
Enterprises
are
looking
for
LTS
bills.
B
Right
in
the
second
category,
the
security
and
compliance
bucket,
so
we
introduced
Secrets
rotation
right,
so
Secrets
Management
in
Kong
was
introduced
some
time
back,
I
don't
know
very
well,
but
what
it
does
is
it
integrates
with
back-ends
like
Vault,
hashicot,
Walter,
AWS,
Secrets
manager,
gcp
Secrets
manager
to
really
centralize
your
secrets,
management
right.
So
organizations
have
you
know,
mandates
today
that
they
have
to
adhere
to.
You
know
securely,
store
the
secrets
and
adhere
to
policies
and
have
life
cycle
policies
around
these
secrets.
How
often
the
secrets
are
rotated?
B
What's
the
duration,
that
the
secret
is
valid
for
things
like
that
right,
so
to
really
adhere
to
that
Enterprise
standard.
We
need
to
support
Secrets
rotation,
so
Secrets
can
be
rotated
periodically
or
if
you
know
on
demand,
you
know
if,
if
the
security
team
sees
just
wants
to
do
that
right
on
demand
due
to
a
breach
or
something
so
there
3.4
version,
starting
with
the
3.4
version
of
Kong
Secrets,
can
be
rotated
periodically
either
by
setting
a
TTL
either
it.
You
know
to
support
these
life
cycle
policies
that
various
organizations
may
have.
B
You
want
to
set
the
TTL
on
a
per
secret
basis,
or
you
know,
at
a
high
level,
such
as
a
World
level,
so
conch
supports
both
methods.
You
can
set
a
TTL
on
a
secret
or
set
it
at
a
vault
level
and
have
those
Secrets
rotated
and
adhere
to
those
Enterprise
policies,
or
it
can
be
rotated
on
demand
as
well
or
on
failures
right.
So
this
really
elevates
that
Secrets
lifecycle
management
makes
that
Enterprise,
ready
and
Enterprise
grade
feature
for
organizations.
B
B
So
if
you
have
database
servers
or
media
servers
or
any
other
TCP
based
applications,
now
the
the
IP
restriction
plugin
can
block
based
the
block
the
TCP
traffic
as
well
right,
so
access
can
be
allowed
or
denied
based
on
an
IP
address
or
a
list
of
IP
addresses,
and
this
feature
really
closes
the
Gap
that
existed
because
the
IP
restriction
already
supported
HTTP
blocking
the
HTTP
traffic
or
the
grpc
traffic,
and
it
was
missing
the
TCP.
So
this
really
closes
that
Gap
and
the
quick
benefit
of
this
IP
restriction.
Is
you
you
can?
B
B
Foreign
and
in
the
last
category
of
the
boosting
their
developer
productivity,
this
is
the
much
awaited
feature
from
con
gateways,
so
the
support
for
vasm
in
the
gateways
that's
going
beta
in
3.4.
So,
as
you
may
already
be,
you
know
familiar
with
wasm,
so
it
really
helps.
B
Or
you
know
you
can
really
extend
the
Gateway
capabilities
using
filters
right,
so
you
might
have
come
across
a
situation
where
you
need
to
write
custom
logic,
though
out
of
the
box,
plugins
may
not
be
sufficient
and
you
need
to
address
some
proprietary
logic
that
you
know
you
have
to
write
a
filter
for
previously.
That
was
the
Lua
filters.
There
was
a
learning
curve,
so
we
did
not
really
meet
the
customers
where
they
were
so.
B
What
this
wasm
support
brings
is
the
ability
to
write
filters
in
the
language
of
your
choice
right,
so
you
can
write
filters
in
Rust
and
go
we
start
with
rust
and
go.
Those
two
are
the
two
verified
languages
that
we
support
and
more
would
come
in
as
the
sdks
become
available
and
and
the
other
Advantage
is.
You
could
build
this
filter
ecosystem
right
or
the
plug-in
ecosystem?
You
write
it
once
and
you
may
reuse
this
filter
in
other.
You
know
gateways
or
mesh
on
y
proxies.
B
You
know
you're
not
having
to
write
it
again
and
again,
so
there's
that
reusability
aspect
as
well
with
the
filters
right.
So
a
lot
of
organizations
use
multiple
vendors
and
you
want
to
manage.
You
want
to
build
that
ecosystem
extension
ecosystem
that
can
work
across
those.
B
The
third
advantage
of
vasum
again
is
besides
you
know,
making
it
powerful
and
performant
plugins
you.
You
can
also
build
custom
logic
by
chaining
the
filters
right,
so
you
can.
Your
filters
can
be
purpose-built
and
small,
but
to
achieve
some
custom
logic,
you
can
chain
filters,
and
or
you
know
so,
the
filter
runs
in
some
logical
order,
so
that
is
some
an
improvement
over
the
lower
filters,
lower
plugins
and
really
this
boost
the
developer
productivity.
B
They're
writing
filters
in
the
language
that
they
are
familiar
with,
and
in
3.4
the
vassim
3.4
ships
with
the
Vasa
module
right.
So
all
batteries
included.
There
is
no
assembly,
there's
no
dependencies.
You
can
use
it
right
out
of
the
box
once
you
have
your
development
environment
set
up
to
build
those
plug
filters,
and
if
you
decide
it's
not
for
you,
this
doesn't
change
anything.
It's
it's
not
it's!
It's
an
option
right,
so
it's
on
not
on
by
default,
so
it
doesn't
impact
any
the
Gateway
performance.
C
All
right,
it's
my
turn
to
see
the
stage.
Thank
you
for
that
informative
up
there
Vina
good
morning
afternoon
and
evening,
everyone
I'm,
Michael
and
I'm
here
to
talk
to
you
about
Kong,
Ingress
controller
2.11.,.
C
And
we
had
three
main
themes
for
the
release
and
the
primary
one
was
robustness.
We
also
took
a
look
at
some
of
the
con
Gateway
features
that
Vina
just
spoke
about
and
made
sure
that
you
can
use
them
in
the
kubernetes
world
and
then
finally,
we
continue
to
invest
in
the
kubernetes
Gateway
API.
C
The
theme
of
this
call
is
about
day
two
operations
and
that's.
What
kick
211
really
focuses
on
installing
kick
is
easy
help
install
Kong
Ingress,
but
actually
keeping
it
running
once
you've
installed
and
configured
all
your
routes
slightly
harder
now.
The
first
thing
I
want
to
cover
are
some
new
Prometheus
metrics
that
we've
added
in
Kick
2.9
and
2.10.
C
We
added
kubernetes
events,
so
if
you
do
coupon
control,
get
events
and
then
there's
a
con
configuration
apply
a
field
event
that
will
tell
you
what
is
wrong
when
you're
a
conch
configuration
is
invalid,
it
could
be
a
an
invalid,
regular
expression
in
a
root.
It
could
be
the
same
plugin
attached
to
a
service
multiple
times.
Those
events
will
tell
you
exactly
what
went
wrong.
C
Thus
we
started
using
those
in
production.
We
realized
that
we
actually
needed
to
be
alerted
when
something
was
wrong,
so
that
we
could
go
and
inspect
the
events.
So
we
upgrade
the
dog
from
atheist
metrics
to
show
when
the
last
successful
configuration
push.
Time
was
so
if
that
goes
above
a
certain
threshold
that
you
define
you
can
get
alerted
because
something's
wrong,
we
can't
push
new
configs
anymore.
We've
also
got
a
metric
for
how
many
block
resources
there
are.
So
how
many
kubernetes
resources
we
couldn't
translate
into
a
conch
configuration
object.
C
Now
kicks
211
standout
feature
in
my
opinion,
is
less
non-good
configuration
which
allows
you
to
scale
out
your
data
planes,
even
if
you
have
a
broken
configuration
on
your
kubernetes
API
server.
So
we're
just
talking
about
how
you
can
be
alerted
when
there
is
a
block
on
config
well
in
Kick,
2.10
and
before.
C
If
there
was
a
broken
config
and
your
pods
restarted
or
you
scaled
out.
Those
new
pods
would
not
receive
a
config
in
Kick
2.11
with
last
non-code
config
and
those
data
planes
will
get
the
last
Norm
because
config
now
like,
if
you
have
a
broken
configuration
on
your
kubernetes
API
server,
like
that's
a
strange
sentence,
but
it
does
happen
more
than
you
think,
because
Imagine
This
engineering
team
X
manages
the
product
catalog
service
and
they've
applied
a
rare,
limiting
plugin
to
the
service.
C
Now
team
y
looks
after
partners,
and
they
want
to
give
that
partner
a
higher
rate
limit,
so
they
attach
a
red
limit,
plugin
against
the
service
and
the
partners
consumer
group.
Now
this
will
work
fine,
except
for
the
fact
that
team
either
manages
Partners.
They
forgot
to
associate
the
plugin
with
the
consumer
group,
and
now
we
have
two
real,
limiting
plugins
targeting
the
same
service
and
you
have
a
broken
configuration
when
your
kubernetes
API
server
until
team
one
realizes
and
fixes
its
configuration
to
Target
a
service
and
the
consumer.
C
C
C
C
We
can
then
use
that
team
Dev
consumer
group
to
attach
any
plugins.
We
need
request
Transformer
response,
Transformer,
any
plugins
consumer
groups
supports
now.
The
advantage
to
this
is
when
team
dev
has
100
consumers,
a
thousand
consumers,
10
000
consumers,
you
need
to
add
I,
remove
a
plugin
instead
of
going
to
all
10
000
of
those
consumers
and
patching
them
to
remove
the
the
plugin
annotation.
All
you
have
to
do
is
patch
that
consumer
group
resource
and
all
of
the
consumers
will
be
updated
instantly.
C
C
So
these
four
things
should
help
you
in
your
day-to
operations,
with
con
Gateway
and
conking
dress,
controller
and
being
able
to
configure
consumer
groups
for
management
of
plug-in
configs.
The
Gateway
API
is
familiar.
C
It's
vendor
agnostic,
so
that
if
you're
used
to
configuring
routes
with
one
Gateway,
it
will
work
with
another
status.
Ready
is
available
in
both
the
Gateway
and
kick
and
last
number.
Last
but
not
least,
and
that's
not
good
configuration
for
when
you
do-
have
a
broken
config
but
still
needs
proxy
traffic.
C
A
A
B
Yes,
that's
right
so
basm
is
who
has
some
support
in
both
OSS
and
Enterprise
Edition,
so
the
team
plans
to
go
ga
with
vasim
soon,
so
any
feedback
is
appreciated.
You
know
did
be
looking
forward
to
it.
So,
yes,
it's
available
in
the
OSS
as
well.
A
I
think
you
did
you
both
did
cool
well,
no
one
has
any
questions.
Yeah
I,
don't
think
so
cool
thanks
everyone
for
attending.
We
hope
to
see
you
at
our
next
events.
Don't
forget.
We
have
our
API
Summit
at
the
end
of
September,
27
28,
so
make
sure
you
attend.
We
have
a
ton
of
interesting
sessions
so
subscribe
and
it
will
be
virtual.
So
we
can't
wait
to
see
you
there
and
with
that
I
wish
you
good
evening
good
day.
Whatever
your
best
and
I'll
see
you
soon
bye.
Everyone
thanks.