Kong BOSH Release v2.1.0

Improvements

• Now uses Ubuntu Bionic stemcells
• Fix potential issue with post-start Kong admin API setup, that could break whenever some plugins (other than the one for admin API) were configured in the Kong database.
• Allow configuring the headers that Kong should inject in client responses. Now if for security reasons you're unhappy with Kong exposing its version to the wild, you can shut it off, setting an empty array for the proxy.injected_headers property.
• Migrate the Admin API Basic-Auth plugin registration to use a standard, fixed UUID, that can possibly be customized for the very rare cases where it would conflict with some pre-existing database record, just as we do with other Admin API resources that are managed by this BOSH release.
• Add native support for BOSH DNS health checks using Kong /status endpoint (when the Kong admin API is enabled), or a TCP connection check on some Kong proxy port. Now BOSH DNS queries properly return healthy instances.
• Smoke tests better support the separated control-plane mode, as implemented by the separate-control-and-data-planes.yml ops file.
• Compiled releases are now built on top of the latest stemcell family v621.x
• Created bump automation with a dedicated Concourse pipeline, for using latest BPM and Postgres in the standard deployment manifest.
• Bumped BPM to v1.1.9 in the standard deployment manifest.
• Bumped the Postgres release to v43 in standard deployment manifest.
• Use new BOSH DNS feature to feed the BOSH DNS alias for Kong into the generated TLS certificate alternative names.

Breaking changes

• Now the Kong admin API must be exposed on a specific hostname (instead of being exposed on all hosts). The default hostname used is the default BOSH DNS address (with q-s0 query) of the Kong admin API instance group.
• Deployment manifest now require new BOSH links:
  • New BOSH link in kong job, named kong-admin.
  • BOSH link in konga job has been renamed kong-admin.
  • Smoke-tests now require both kong-proxy and kong-admin BOSH links.

Caveats

• The compilation process of this Release requires an access to the Internet. Kong CE dependencies, which are luarocks packages, are downloaded from loarocks.org. So, your compilation VMs will access the Internet.
• Smoke tests require an access to the Internet.
• When setting the proxy.injected_headers property to an empty array [], the Kong admin API still returns a Server: header. This header is not injected by the proxy, but served by the admin API and then re-transmitted through the proxy.

Deployment

releases:
- name:    gk-kong
  version: 2.1.0
  url:     https://github.com/gstackio/gk-kong-boshrelease/releases/download/v2.1.0/gk-kong-2.1.0.tgz
  sha1:    5a02dbebe3e35cc1df5d94b1a2fa7018641be335

Kong BOSH Release v2.0.0

Improvements

• Bumped to Kong v1.0.4 (changelog)
• The custom redirect plugin has been rewritted to conform to the Kong v1.x.x Plugin Development Kit. When the plugin is installed, it will be covered by smoke tests.
• The redirect plugin now restricts the status_code config field to the 300..399 range only.
• The redirect plugin now provides default messages when both the message and body config fields are left unspecified. (Such responses appear as a JSON payload, in the 3xx response body.)
• Removed stale Konga blob, leading to 2MB smaller release .tgz file.
• Bumped BPM to v1.1.5 in the standard deployment manifest.
• Bumped stemcell family to v621.x for compiled releases.

Breaking Changes

• Kong v1.0.4 has a number of breaking changes, compared to v0.15.0. See the v1.0.0 changelog for more information.
• The kong.yml deployment manifest is renamed gk-kong.yml to match the BOSH Release name

Caveats

• The admin API is exposed on all hosts under the path specified by admin.service.route_path (defaulting to /admin-api). It can be surprising on some enterprise API host, the /admin-api path is actually the Kong admin API.
• The compilation process of this Release requires an access to the Internet. Kong CE dependencies, which are luarocks packages, are downloaded from loarocks.org. So, your compilation VMs will access the Internet.
• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    gk-kong
  version: 2.0.0
  url:     https://github.com/gstackio/gk-kong-boshrelease/releases/download/v2.0.0/gk-kong-2.0.0.tgz
  sha1:    01a50bb7b2fdeb91330a06ad02764b15a9280ccb

Kong BOSH Release v1.3.0

Improvements

• Bumped Kong to version 0.15.0, compiled with OpenSSL version 1.1.1d.
  • Notice: this release builds OpenResty v1.13.6.2 with latest Kong patches v1.4.0 as of 2019-09-16, so the CVEs fixed in Kong v1.0.4 (released on 2019-08-16) are already back-ported here.
• Bumped Konga UI to version 0.14.4
• Improved smoke tests, now covering a new Route+Service test case.
• Fixed the admin.basic_auth.password property being mandatory even when the admin API was disabled. Now on instance groups where the admin API is disabled, this property is no more required.
• Compiled releases are now built on top of the latest stemcell family v456.x
• Bumped dependencies in default deployment manifest:
  • Postgres release to v39
  • BPM release to v1.1.3
  • os-conf release to v21.0.0
• Added a disable-tls.yml ops-file, as HTTP-only is a supported use-case, and added a testflight in CI for this setup.

Caveats

• The admin API is exposed on all hosts under the path specified by admin.service.route_path (defaulting to /admin-api). It can be surprising on some enterprise API host, the /admin-api path is actually the Kong admin API.
• The compilation process of this Release requires an access to the Internet. Kong CE dependencies, which are luarocks packages, are downloaded from loarocks.org. So, your compilation VMs will access the Internet.
• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    gk-kong
  version: 1.3.0
  url:     https://github.com/gstackio/gk-kong-boshrelease/releases/download/v1.3.0/gk-kong-1.3.0.tgz
  sha1:    e00595b028fd9a479aef3c92664651ef8dd7d1f8

Kong BOSH Release v1.2.0

Features

• Add the Konga dashboard v0.13.0, with TLS support.
• Add a new redirect custom Kong plugin.

Improvements

• Improved smoke tests.
• Improved Kong config file template, in order to ease future upgrades.
• Potentially harmful newlines are now properly escaped, when injecting values into the Kong config file.
• Now when TLS is disabled, Kong doesn't listen on TLS ports anymore.

Caveats

• The admin API is exposed on all hosts under the path specified by admin.service.route_path (defaulting to /admin-api). It can be surprising on some enterprise API host, the /admin-api path is actually the Kong admin API.
• The compilation process of this Release requires an access to the Internet. Kong CE dependencies, which are luarocks packages, are downloaded from loarocks.org. So, your compilation VMs will access the Internet.
• Smoke tests require an access to the Internet.

Deployment

releases:
- name:    gk-kong
  version: 1.2.0
  url:     https://github.com/gstackio/gk-kong-boshrelease/releases/download/v1.2.0/gk-kong-1.2.0.tgz
  sha1:    6a2babe8b3b0547069ea62811a3ef96ec613beea

Kong BOSH Release v1.1.0

Features

• The admin API is now exposed on the proxy, under the /admin-api path by default, with a basic authentication. Disabling TLS on proxy is supported, though not recommended.
• Improved robustness of smoke tests.

Improvements

• Smoke tests now support being co-localized on kong instances, and only run on the bootstrap instance.

Caveats

• The admin API is exposed on all hosts under the path specified by admin.service.route_path (defaulting to /admin-api). It can be surprising on some enterprise API host, the /admin-api path is actually the Kong admin API.
• The compilation process of this Release requires an access to the Internet. Kong CE dependencies, which are luarocks packages, are downloaded from loarocks.org. So, your compilation VMs will access the Internet.
• Smoke tests require an access to the Internet.

Deployment

releases:
- name: gk-kong
  version: "1.1.0"
  url: https://github.com/gstackio/gk-kong-boshrelease/releases/download/v1.1.0/gk-kong-1.1.0.tgz
  sha1: b2a1b7fd1af0cd64719c51c95f0bab67306ff5e6

Kong BOSH Release v1.0.0

Features

• This BOSH Release ships a version 0.14.1 of Kong Community Edition (CE).
• A smoke-tests errand helps you test-drive your deployment, ensuring basic features of your Kong cluster.
• Horizontal scaling works out-of-the-box.
• Kong runs in a BPM containerization.
• TLS is supported and enabled by default. The default deployment manifest auto-generates the necessary CA and a single certificate.
• Xenial stemcells are supported.

Caveats

• The compilation process of this Release requires an access to the Internet. Kong CE dependencies, which are luarocks packages, are downloaded from loarocks.org. So, your compilation VMs will access the Internet.
• When scaling to more than one kong instance, smoke tests might not run happily.
• Smoke tests require an access to the Internet.
• Admin API is only exposed on 127.0.0.1, so you need to setup a Kong API Loopback manually in order to expose this admin API to remote users, and we strongly encourage you to setup some authentication mechanism.

Deployment

releases:
- name: gk-kong
  version: "1.0.0"
  url: https://github.com/gstackio/gk-kong-boshrelease/releases/download/v1.0.0/gk-kong-1.0.0.tgz
  sha1: 619d4eaf727f310fc99aade4c726a2fefd883951