‹ Reports
The Dispatch

GitHub Repo Analysis: Kong/kong

Executive Summary

Kong is a high-performance, cloud-native API gateway designed to manage microservices and API traffic. It is maintained by Kong Inc. and is an open-source project under the Apache License 2.0. The project shows robust health with frequent updates, a large community involvement, and ongoing development in various areas like DNS configurations, database migrations, dynamic hooks, and proxy caching mechanisms.

Recent Activity

Team Members and Contributions

Recent Key Changes

Risks

  1. Dependency Management: Frequent updates to dependencies like bazelisk, protoc, resty.aws, which are critical for security and functionality but can introduce stability issues if not managed carefully (#13129, #13128).
  2. Backporting Practices: While essential for maintaining stability across versions, backporting (#13127) can divert resources from forward development and potentially introduce regressions if not handled meticulously.
  3. Major Version Bumps in Dependencies: The significant version update of protoc from 3.19.0 to 27.0 (#13128) could lead to compatibility issues or unexpected behavior due to breaking changes in such a core component.

Of Note

  1. Dynamic Hook Module Improvements: The focus on enhancing dynamic hooks by Qi indicates a push towards more robust and performant runtime modifications which are crucial for a gateway managing diverse and dynamic traffic patterns.
  2. Collaborative Development Culture: The strong pattern of co-authoring commits and peer reviews suggests a healthy team dynamic that fosters high code quality and innovation.
  3. Refactoring Efforts Across Modules: Continuous refactoring efforts by multiple team members like Chrono indicate a commitment to code quality and adaptability but also pose risks of introducing bugs if not thoroughly tested.

Quantified Commit Activity Over 14 Days

Developer Avatar Branches PRs Commits Files Changes
Enrique García Cota 2 2/2/0 2 1 1260
Chrono 4 12/11/2 21 107 1065
Wangchong Zhou (fffonion) 1 1/0/0 6 25 920
Niklaus Schen 3 4/2/0 5 63 743
Jack Tysoe (tysoekong) 1 1/0/0 7 6 600
Isa Farnik (curiositycasualty) 1 1/0/0 1 9 452
Jack Jack 1 0/0/0 1 4 444
Samuele 2 2/2/0 3 6 304
Aapo Talvensaari 11 13/3/0 13 33 242
Hans Hübner 2 1/1/0 2 4 192
Michael Martin (flrgh) 2 1/0/0 4 5 191
Vinicius Mignot 2 3/3/0 4 54 177
Qi 1 1/1/0 9 4 173
Keery Nie (windmgc) 1 1/0/0 1 8 125
Andy Zhang 2 2/2/0 2 47 122
Mikołaj Nowak (nowNick) 1 1/1/0 1 2 119
kurt (tzssangglass) 1 1/0/1 2 2 89
hulk 1 0/1/0 1 4 82
Joel Teixeira 1 0/0/0 1 7 79
Xiaochen Wang 2 3/2/0 8 8 63
Xumin 1 2/2/0 2 2 28
None (dependabot[bot]) 2 2/0/2 2 2 4
Guilherme Salazar 0 0/0/0 0 0 0
Zachary Hu (outsinre) 0 1/0/2 0 0 0
Jiayi Ding (dingjiayi) 0 3/0/2 0 0 0
None (DanielRailean) 0 1/0/0 0 0 0
Kong Team Gateway Bot (team-gateway-bot) 0 3/1/1 0 0 0

PRs: created by that dev and opened/merged/closed-unmerged during the period

Quantified Reports

Quantify commits



Quantified Commit Activity Over 14 Days

Developer Avatar Branches PRs Commits Files Changes
Enrique García Cota 2 2/2/0 2 1 1260
Chrono 4 12/11/2 21 107 1065
Wangchong Zhou (fffonion) 1 1/0/0 6 25 920
Niklaus Schen 3 4/2/0 5 63 743
Jack Tysoe (tysoekong) 1 1/0/0 7 6 600
Isa Farnik (curiositycasualty) 1 1/0/0 1 9 452
Jack Jack 1 0/0/0 1 4 444
Samuele 2 2/2/0 3 6 304
Aapo Talvensaari 11 13/3/0 13 33 242
Hans Hübner 2 1/1/0 2 4 192
Michael Martin (flrgh) 2 1/0/0 4 5 191
Vinicius Mignot 2 3/3/0 4 54 177
Qi 1 1/1/0 9 4 173
Keery Nie (windmgc) 1 1/0/0 1 8 125
Andy Zhang 2 2/2/0 2 47 122
Mikołaj Nowak (nowNick) 1 1/1/0 1 2 119
kurt (tzssangglass) 1 1/0/1 2 2 89
hulk 1 0/1/0 1 4 82
Joel Teixeira 1 0/0/0 1 7 79
Xiaochen Wang 2 3/2/0 8 8 63
Xumin 1 2/2/0 2 2 28
None (dependabot[bot]) 2 2/0/2 2 2 4
Guilherme Salazar 0 0/0/0 0 0 0
Zachary Hu (outsinre) 0 1/0/2 0 0 0
Jiayi Ding (dingjiayi) 0 3/0/2 0 0 0
None (DanielRailean) 0 1/0/0 0 0 0
Kong Team Gateway Bot (team-gateway-bot) 0 3/1/1 0 0 0

PRs: created by that dev and opened/merged/closed-unmerged during the period

Detailed Reports

Report On: Fetch commits



Kong API Gateway Project Overview

Kong is a high-performance, cloud-native API gateway known for its extensibility through plugins. It serves as a central layer for orchestrating microservices or conventional API traffic, providing functionality such as proxying, routing, load balancing, health checking, and authentication. Kong supports various deployment models and runs natively on Kubernetes through its official Kubernetes Ingress Controller.

The project is managed by Kong Inc. and is open-source under the Apache License 2.0. It is developed in Lua and can be extended with plugins written in Lua, Go, or JavaScript. The project is hosted on GitHub with a vibrant community contributing to its development.

Current State and Trajectory

Kong is actively maintained with frequent updates and contributions from both the community and Kong Inc. developers. The project has a large number of forks (4,710) and stars (37,931), indicating a strong community interest and usage. It has over 10,479 commits and 295 branches, showing active development and feature expansion.

Recent Development Activities

Team Members and Their Contributions

  1. Aapo Talvensaari (bungle) - Active in multiple areas including dependencies, configuration, and Docker-related scripts.
  2. Xiaochen Wang (chobits) - Focused on DNS configurations and testing.
  3. Niklaus Schen (Water-Melon) - Works on database migrations and testing frameworks.
  4. Chrono (chronolaw) - Involved in refactoring efforts across various modules of the project.
  5. Joel Teixeira (joelact) - Contributed to proxy-cache changes.
  6. Samuele (samugi) - Engaged in plugin development and community management.
  7. Enrique García Cota (kikito) - Updates copyright information.
  8. Hans Hübner (hanshuebner) - Works on debugging tools and Docker configurations.
  9. Qi (ADD-SP) - Focuses on dynamic hook updates.
  10. hulk (git-hulk) - Involved in router transformations.

Recent Key Changes

  • DNS Configuration Enhancements: Xiaochen Wang made significant contributions to DNS settings to avoid server failures.
  • Database Migrations: Niklaus Schen has been active in updating database migration scripts to ensure smooth transitions between versions.
  • Dynamic Hook Updates: Qi has been working extensively on improving the dynamic hook module for better performance and reliability.
  • Proxy Cache Enhancements: Joel Teixeira introduced changes to the proxy-cache schema to handle age parameters more effectively.

Collaboration Patterns

The team shows a strong collaboration pattern, often co-authoring commits and reviewing each other's work. This collaborative environment helps in maintaining high code quality and consistency across the project.

Conclusions

The Kong API Gateway project is robust with active developments and contributions from a diverse group of developers. The project's adaptability to modern cloud environments, coupled with strong community support and frequent updates, positions it well for continued growth and usage in managing API traffic effectively.

Overall, the development team is highly active, with recent efforts focused on enhancing DNS configurations, refining database migrations, updating dynamic hooks, and improving proxy caching mechanisms among other areas. This ongoing development ensures that Kong remains at the forefront of API management technology.

Report On: Fetch issues



GitHub Issues Analysis

Recent Activity Analysis

The recent activity in the Kong/kong repository shows a significant number of open issues, particularly concerning dependency updates and chore tasks. Notably, there are several issues related to bumping versions of dependencies like bazelisk, protoc, resty.aws, and others. These updates are critical as they often include bug fixes, security patches, or new features that can enhance the functionality or security of the project.

Several issues indicate ongoing discussions about potential bugs or enhancements. For instance, Issue #13128 discusses whether to upgrade protoc and the implications of keeping it unupgraded. This issue highlights a common theme in software development projects where dependency management can lead to debates on stability versus having the latest features.

Issue #13127 involves a backporting task, which is crucial for maintaining older stable versions of the software while incorporating important fixes from newer releases. This ensures that users who are not on the latest version still benefit from critical updates.

Issue Details

Most Recently Created Issues:

  1. Issue #13129: Bumping bazelisk from 1.19.0 to 1.20.0.

    • Priority: Medium
    • Status: Open
    • Created: 0 days ago

  2. Issue #13128: Bumping protoc from 3.19.0 to 27.0.

    • Priority: Medium
    • Status: Open
    • Created: 0 days ago

  3. Issue #13127: Backporting fix to release/3.7.x regarding plugin fields.

    • Priority: High
    • Status: Open
    • Created: 0 days ago

  4. Issue #13126: Bumping resty.aws from 1.4.1 to 1.5.0.

    • Priority: Medium
    • Status: Open
    • Created: 0 days ago

  5. Issue #13125: Bumping luacheck from 1.1.2 to 1.2.0.

    • Priority: Low
    • Status: Open
    • Created: 0 days ago

Most Recently Updated Issues:

  • Issue #13129, Issue #13128, Issue #13127, Issue #13126, Issue #13125
    • These issues were all created and updated recently, reflecting active discussions and decisions being made regarding dependency management and backporting fixes.

Conclusion

The repository is actively managed with frequent updates on dependencies and careful consideration of backporting fixes to maintain stability across different versions of the software. The discussions around these updates are crucial for balancing stability with new features and bug fixes, ensuring that all users have a robust and secure experience regardless of their version.

Report On: Fetch pull requests



Analysis of Open and Recently Closed Pull Requests

Open Pull Requests

  1. PR #13129: chore(deps): bump bazelisk from 1.19.0 to 1.20.0

    • Status: Open
    • Summary: This PR updates Bazelisk to a new version with various improvements and bug fixes.
    • Notable Changes: Support for BAZELISK_NOJDK in the Go version, retry enhancements, and a fixed display bug in the download progress bar.
    • Potential Issues: None identified from the PR description.

  2. PR #13128: chore(deps): bump protoc from 3.19.0 to 27.0

    • Status: Open
    • Summary: Updates the Protocol Buffers compiler to a significantly newer version.
    • Notable Changes: Major version bump which could introduce breaking changes or new features.
    • Potential Issues: Discussion indicates uncertainty about the necessity and safety of this update.

  3. PR #13127: [backport -> release/3.7.x] fix(plugins): add realm to removed fields

    • Status: Open
    • Summary: Backports a fix to an older release branch to address an issue with plugin configuration compatibility.
    • Potential Issues: None identified, straightforward backport.

  4. PR #13126: chore(deps): bump resty.aws from 1.4.1 to 1.5.0

    • Status: Open
    • Summary: Updates a dependency related to AWS API interactions.
    • Notable Changes: Features and fixes related to AWS API response handling.
    • Potential Issues: None identified from the PR description.

  5. PR #13125: chore(deps): bump luacheck from 1.1.2 to 1.2.0

    • Status: Open
    • Summary: Updates the Lua static analysis tool with new features and performance improvements.
    • Potential Issues: None identified, seems like a routine dependency update.

Recently Closed Pull Requests

  1. PR #13130: tests(integration): 09-config-compat_spec accessing undefined variable utils

    • Status: Closed (Merged)
    • Summary: Fixes an issue in integration tests related to an undefined variable.
    • Resolution: The problem was quickly identified and corrected.

  2. PR #13122: chore(.requirements): fix comments on brotli

    • Status: Closed (Merged)
    • Summary: Corrects comments in the requirements file regarding Brotli versions.
    • Resolution: Minor documentation fix, merged without issues.

  3. PR #13097: chore(deps): bump resty-events from 0.2.0 to 0.2.1

    • Status: Closed (Merged)
    • Summary: Dependency update for lua-resty-events to address potential deadlock issues.
    • Resolution: Update aimed at improving stability, merged smoothly.

  4. PR #13095: tests(hybrid): reset schema for correct bootstrap

    • Status: Closed (Merged)
    • Summary: Adjusts test setup to ensure correct schema reset during hybrid mode testing.
    • Resolution: Enhances test reliability, merged after review.

  5. PR #13094: docs(changelog): typofix for #13021

    • Status: Closed (Merged)
    • Summary: Corrects a typo in the changelog related to a previous pull request.
    • *Resolution: Minor documentation fix, merged without issues.

Summary

  • The open PRs mostly involve dependency updates, which are routine but essential for maintaining project health and integrating improvements or security fixes.
  • The recently closed PRs show a healthy mix of quick fixes and documentation updates, indicating active maintenance and attention to detail in project management.
  • No significant issues or controversial changes were noted in the reviewed PRs, suggesting a stable development cycle currently for Kong/kong repository.

Report On: Fetch Files For Assessment



Analysis of Source Code Files

kong/cache/warmup.lua

  • Purpose: Manages the warming up of DNS entries and caches entities from the database during worker initialization.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • The code is well-structured with clear separation of concerns, such as DNS warming and caching entities.
    • Use of local variables for functions and modules improves performance by reducing lookup times.
    • Error handling is present but could be more descriptive in terms of the actions taken upon encountering errors.
    • Logging is adequately used to trace the warm-up process which is helpful for debugging.

kong/conf_loader/listeners.lua

  • Purpose: Handles the parsing and configuration of Kong's listeners from the configuration file.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • Functions are well-documented with comments explaining the purpose and return values.
    • The use of assertions helps ensure that the configuration values meet expected formats, enhancing robustness.
    • The modular design aids in maintainability, allowing easy updates to listener configurations or parsing logic.

kong/db/dao/targets.lua

  • Purpose: Data Access Object (DAO) for targets, handling database operations related to upstream targets.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • Functions are clearly defined for CRUD operations on target entities.
    • Error handling includes both logging and returning detailed error messages, which aids in troubleshooting.
    • The code leverages utility functions effectively, such as IP normalization and formatting.

kong/db/schema/entities/targets.lua

  • Purpose: Defines the schema for target entities in Kong's database.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • The schema definition is concise and leverages custom validators to ensure data integrity.
    • Utilizes foreign key constraints and other database features to maintain relational integrity.
    • The custom validation function enhances security by ensuring that targets are either valid hostnames or IP addresses.

kong/db/schema/entities/upstreams.lua

  • Purpose: Defines the schema for upstream entities in Kong's database.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • Comprehensive schema that includes detailed fields with descriptions and validation rules.
    • Uses custom validators for complex fields such as hash settings, ensuring configurations are correct before database insertion.
    • The schema supports advanced upstream configurations like health checks and load balancing methods.

kong/db/schema/typedefs.lua

  • Purpose: Provides type definitions used across various schemas in Kong's database models.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • Centralizes type definitions, promoting DRY principles and making it easier to manage data types used across multiple schemas.
    • Includes detailed custom validators for complex types like IP addresses or CIDRs, improving data integrity.

kong/pdk/ip.lua

  • Purpose: Provides a Public Development Kit (PDK) module for IP address handling within plugins.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • Offers a simple interface for plugin developers to check if an IP is trusted, enhancing plugin security features.
    • Efficiently handles trusted IPs using resty.ipmatcher, optimizing performance for IP matching operations.

kong/router/utils.lua

  • Purpose: Contains utility functions supporting Kong's routing mechanisms.
  • Refactoring: Updated references from kong.tools.utils to kong.tools.ip.
  • Quality:
    • Functions are well-documented with clear descriptions of their purposes and parameters.
    • Implements robust error checking and handling, ensuring that routing utilities behave predictably under various conditions.

spec/01-unit/05-utils_spec.lua

  • Purpose: Unit tests for utility functions in Kong, ensuring they behave as expected.
  • Changes: Significant changes were made related to refactoring of utility functions, likely adjusting tests to align with updated function signatures or behaviors due to refactoring.
  • Quality:
    • Comprehensive tests covering various scenarios ensure that utility functions meet all specified requirements.
    • Uses mocking appropriately to isolate tests, focusing on functionality rather than dependencies.