‹ Reports
The Dispatch

OSS Report: Kong/kong

Kong API Gateway Development Focuses on Bug Fixes and Testing Enhancements Amid Ongoing User Challenges

Kong, a high-performance API Gateway designed for managing microservices and traditional API traffic, has been actively addressing bug fixes and improving testing infrastructure, while users report ongoing issues with health checks and plugin functionality.

Recent Activity

Recent issues and pull requests (PRs) indicate a focus on resolving critical bugs and enhancing testing. Notable issues include problems with isolated namespaces (#13684), missing headers in rate limiting (#13682), and timeout errors in probes (#13680). These highlight challenges in service reliability and configuration management.

Development Team and Recent Contributions

  1. Aapo Talvensaari (bungle)

    • Fixed kong.db.targets:upsert error handling.
    • Bumped OpenSSL to 3.2.3 for security fixes.

  2. Chrono (chronolaw)

    • Refactored helper functions for better maintainability.

  3. Jun Ouyang (oowl)

    • Fixed request handling bugs in the balancer phase.

  4. Wangchong Zhou (fffonion)

    • Improved build system features, including cross-compilation support.

  5. Andy Zhang (AndyZhang0707)

    • Assembled changelogs for recent versions.

  6. Marco Palladino (subnetmarco)

    • Updated Luarocks repositories for CI reliability.

  7. Keery Nie (windmgc)

    • Enhanced vault secret rotation mechanisms.

  8. Robin Xiang (liverpool8056)

    • Refined plugin schemas and protocol handling.

  9. Thijs Schreijer (Tieske)

    • Adjusted logging levels in the PDK.

  10. Jack Tysoe (tysoekong)

    • Worked on AI-related plugin compatibility.

Of Note

The project is maintaining a balance between addressing user-reported issues and enhancing internal processes, reflecting its maturity and commitment to quality assurance.

Quantified Reports

Quantify Issues



Recent GitHub Issues Activity

Timespan Opened Closed Comments Labeled Milestones
7 Days 7 6 4 4 1
30 Days 21 17 63 11 1
90 Days 61 59 359 23 1
1 Year 230 200 1280 62 2
All Time 4401 4366 - - -

Like all software activity quantification, these numbers are imperfect but sometimes useful. Comments, Labels, and Milestones refer to those issues opened in the timespan in question.

Quantify commits



Quantified Commit Activity Over 30 Days

Developer Avatar Branches PRs Commits Files Changes
Chrono 4 18/15/0 27 40 8443
Andy Zhang 3 6/6/0 8 177 3944
Jun Ouyang 4 4/1/0 22 34 1548
Datong Sun 1 0/0/0 5 14 1460
Isa Farnik 2 3/2/1 5 15 1159
Aapo Talvensaari 6 12/11/1 19 51 868
Qi (ADD-SP) 1 1/0/0 1 71 671
Kong Team Gateway Bot (team-gateway-bot) 1 25/23/2 8 48 671
Mikołaj Nowak 3 3/2/0 4 9 566
Keery Nie 4 4/4/1 8 12 553
Caio Ramos Casimiro (casimiro) 1 1/0/0 1 7 521
Wangchong Zhou 3 4/2/1 10 31 477
Murillo 1 1/2/0 2 8 302
Xiaoyan Rao 3 2/1/0 3 13 215
Niklaus Schen 3 4/4/1 7 12 108
Jack Tysoe 1 2/2/0 2 9 104
Brent Yarger 1 1/1/0 1 18 90
Zhefeng C. 3 4/3/0 5 6 81
Yufu Zhao (ms2008) 1 1/0/0 4 5 41
Robin Xiang 4 4/1/0 6 14 35
kurt (tzssangglass) 1 1/0/0 1 3 33
Michael Martin 2 3/3/0 4 7 28
Makito (sumimakito) 1 1/1/0 1 5 27
Marco Palladino 2 2/1/0 2 2 26
BrianChen 1 0/1/0 1 5 20
None (dependabot[bot]) 1 1/0/0 1 2 16
github-actions[bot] 1 1/1/0 1 4 16
saisatishkarra 2 1/2/0 3 1 14
Stephen Brown 1 0/0/0 3 4 10
Enrique García Cota (kikito) 1 4/3/0 1 2 8
Thijs Schreijer 1 1/1/0 1 2 7
Antoine Jacquemin 1 1/1/0 3 3 7
None (lena-larionova) 1 1/0/0 1 1 2
Yi Yang (Leopoldthecoder) 1 1/1/0 1 1 2
Andy Dawson (AD7six) 0 2/0/0 0 0 0
Samuele (samugi) 0 1/1/1 0 0 0
Yukinari Toyota (t-yuki) 0 1/0/0 0 0 0
Xiaochen Wang (chobits) 0 0/1/0 0 0 0
Zachary Hu (outsinre) 0 1/0/1 0 0 0
Andrew Kew (andrewgkew) 0 1/0/0 0 0 0
Xumin (StarlightIbuki) 0 2/0/2 0 0 0

PRs: created by that dev and opened/merged/closed-unmerged during the period

Detailed Reports

Report On: Fetch issues



Recent Activity Analysis

The Kong API Gateway repository has seen a steady stream of activity, with 35 open issues currently logged. Notably, several issues have been created or updated recently, indicating ongoing engagement from the community and potential areas of concern that require attention. A recurring theme is the interaction between Kong and upstream services, particularly regarding health checks, connection stability, and plugin functionality.

Several issues highlight critical bugs or unexpected behaviors, such as the handling of JWT tokens, health check configurations, and memory management. The presence of multiple issues related to health checks suggests that users are experiencing significant challenges in ensuring reliable service availability.

Issue Details

Most Recent Issues:

  1. Issue #13684: "validations.kong.konghq.com" denied the request: consumer already exists error in isolated namespaces

    • Priority: High
    • Status: Open
    • Created: 1 day ago
    • Update: N/A

  2. Issue #13682: [response-ratelimiting] Missing upstream usage headers in Kong 3.8

    • Priority: Medium
    • Status: Open
    • Created: 2 days ago
    • Update: N/A

  3. Issue #13680: Timeout in liveness / readiness probes leading to outage

    • Priority: High
    • Status: Open
    • Created: 3 days ago
    • Update: N/A

  4. Issue #13666: ai-proxy nil error with bedrock misconfiguration

    • Priority: Medium
    • Status: Open
    • Created: 5 days ago
    • Update: N/A

  5. Issue #13657: Inconsistent TLS Verify behavior between Nginx and Kong Service level TLS configuration

    • Priority: Medium
    • Status: Open
    • Created: 7 days ago
    • Update: N/A

Analysis of Notable Issues

  • The issue regarding the consumer already existing in isolated namespaces (#13684) indicates a potential flaw in how Kong handles unique keys across different namespaces, which could lead to deployment complications in multi-tenant environments.

  • The missing upstream usage headers in the response rate limiting plugin (#13682) points to a regression in functionality that could affect clients relying on these headers for rate limiting metrics.

  • The timeout issue related to liveness/readiness probes (#13680) raises concerns about service reliability during database connectivity issues, which could lead to unnecessary pod restarts and service downtime.

  • The nil error with the ai-proxy plugin (#13666) suggests a lack of proper error handling when configuration parameters are missing, which could hinder user experience and lead to confusion during setup.

  • Inconsistent TLS verification behavior (#13657) indicates potential security risks if configurations do not behave as expected across different environments.

Conclusion

The recent activity within the Kong GitHub repository reflects ongoing challenges faced by users, particularly around health checks, plugin behavior, and configuration management. These issues highlight areas where improvements can be made to enhance reliability and user experience.

Report On: Fetch pull requests



Overview

The analysis of the provided pull requests (PRs) for the Kong API Gateway project reveals a diverse range of contributions, including bug fixes, feature enhancements, documentation updates, and dependency management. The PRs cover various aspects of the project, from core functionalities like load balancing and vault management to improvements in testing infrastructure and CI/CD processes.

Summary of Pull Requests

  1. PR #13690: Assembles changelogs for versions 3.7.1 and 3.8.0 into CHANGELOG.md, ensuring that all changes are properly documented for users.
  2. PR #13689: Similar to PR #13690, this PR focuses on assembling the changelog specifically for version 3.8.0.
  3. PR #13688: Addresses an issue with OpenSSL 3.2.3 affecting CI verification manifests, ensuring that builds are correctly validated against the intended configurations.
  4. PR #13678: Points to GitHub-hosted LuaRocks distributions instead of the official site to avoid CI failures due to downtime on luarocks.org.
  5. PR #13673, PR #13670, PR #13669: These PRs involve backporting fixes related to vault entity caching behavior across different versions of Kong, ensuring consistent behavior regardless of the deployment configuration.
  6. PR #13665, PR #13662, PR #13651: Focus on refactoring and improving helper functions used in tests, enhancing the maintainability and clarity of test code.

Analysis of Pull Requests

Themes and Commonalities

  • Changelog Management: Several PRs (e.g., #13690, #13689) focus on ensuring that all changes across versions are accurately reflected in the project's changelog. This is crucial for transparency and helps users understand what has changed between releases.
  • Bug Fixes and Improvements: PRs like #13688 and those addressing vault caching behavior (#13673, #13670, #13669) highlight ongoing efforts to refine existing features and fix bugs that could impact user experience or system reliability.
  • Testing Enhancements: A number of PRs aim to improve testing infrastructure (#13665, #13662, #13651). This includes refactoring helper functions to make them more modular and easier to understand, which is vital for maintaining high-quality code as the project evolves.

Notable Aspects

  • The presence of multiple backporting efforts (#13673, #13670, #13669) indicates a commitment to maintaining consistency across different versions of Kong, which is important for users who may not upgrade immediately.
  • The focus on both functional improvements (like those in vault management) and developer experience enhancements (such as testing infrastructure improvements) suggests a balanced approach to project development that considers both end-user satisfaction and developer productivity.

Conclusion

The pull requests analyzed reflect a robust development process within the Kong API Gateway project, characterized by active maintenance, continuous improvement efforts, and a strong emphasis on quality assurance through enhanced testing practices. The project's ability to address both user-facing issues and internal development challenges is indicative of its maturity and the dedication of its contributors.

Report On: Fetch commits



Repo Commits Analysis

Development Team and Recent Activity

Team Members and Recent Contributions

  1. Aapo Talvensaari (bungle)

    • Commits: 19
    • Recent Work:
    • Fixed issues related to kong.db.targets:upsert error handling.
    • Bumped OpenSSL to version 3.2.3, addressing multiple CVEs.
    • Resolved issues with the PDK logging and caching mechanisms.
    • Contributed to various bug fixes and enhancements across multiple files.

  2. Andy Zhang (AndyZhang0707)

    • Commits: 8
    • Recent Work:
    • Assembled changelogs for versions 3.7.1 and 3.8.0.
    • Generated release notes and updated documentation.

  3. Chrono (chronolaw)

    • Commits: 27
    • Recent Work:
    • Conducted extensive refactoring of helper functions, improving organization and readability.
    • Separated various test helper functions into distinct modules for better maintainability.
    • Collaborated on several test cases and fixes related to internal logic.

  4. Marco Palladino (subnetmarco)

    • Commits: 2
    • Recent Work:
    • Updated Luarocks repositories for reliability in CI processes.

  5. Wangchong Zhou (fffonion)

    • Commits: 10
    • Recent Work:
    • Implemented multiple features in the build system, including cross-compilation support and library linking improvements.
    • Addressed build cache issues in release workflows.

  6. Jun Ouyang (oowl)

    • Commits: 22
    • Recent Work:
    • Fixed bugs related to request handling in the balancer phase.
    • Added tests for HTTP/2 functionality and improved error handling in the PDK.

  7. Keery Nie (windmgc)

    • Commits: 8
    • Recent Work:
    • Worked on vault-related functionalities, enhancing secret rotation mechanisms.
    • Addressed logging levels for vault operations.

  8. Robin Xiang (liverpool8056)

    • Commits: 6
    • Recent Work:
    • Refined plugin schemas and fixed issues related to protocol handling in several plugins.

  9. Thijs Schreijer (Tieske)

    • Commits: 1
    • Recent Work:
    • Made adjustments to logging levels in the PDK.

  10. Jack Tysoe (tysoekong)

    • Commits: 2
    • Recent Work:
    • Worked on AI-related plugins, ensuring compatibility with new features.

Patterns and Themes

  • The team is actively engaged in both feature development and bug fixing, with a strong focus on improving existing functionalities, particularly around the PDK and vault systems.
  • There is a notable emphasis on refactoring code for better organization and maintainability, especially by Chrono.
  • Collaboration is evident, with multiple co-authored commits indicating teamwork across various tasks.
  • The integration of AI capabilities continues to be a significant area of development, as seen in contributions from multiple team members focused on AI plugins.
  • Regular updates to documentation and changelogs reflect a commitment to transparency and community engagement.

Conclusion

The development team is demonstrating high activity levels with a balanced focus on both new features and maintenance tasks. The collaborative environment fosters innovation while ensuring that existing functionalities are robust and well-documented.