Merge branch 'master' into next

.gitignore

@@ -25,4 +25,4 @@ kong-build-tools
 bin/grpcurl
 
 *.so
-
+*.bak

.requirements

@@ -7,5 +7,5 @@ RESTY_LUAROCKS_VERSION=3.5.0
 RESTY_OPENSSL_VERSION=1.1.1i
 RESTY_PCRE_VERSION=8.44
 LIBYAML_VERSION=0.2.5
-KONG_GO_PLUGINSERVER_VERSION=v0.6.0
+KONG_GO_PLUGINSERVER_VERSION=v0.6.1
 KONG_BUILD_TOOLS_VERSION=4.13.0

CHANGELOG.md

@@ -1,6 +1,7 @@
 # Table of Contents
 
 
+- [2.3.0](#230)
 - [2.2.1](#221)
 - [2.2.0](#220)
 - [2.1.4](#214)
@@ -51,6 +52,155 @@
 - [0.9.9 and prior](#099---20170202)
 
 
+## [2.3.0]
+
+> Released 2021/01/08
+
+This is a new release of Kong, with no breaking changes with respect to the 2.x series,
+with **Control Plane/Data Plane version checks**, **UTF-8 names for Routes and Services**,
+and **a Plugin Servers**.
+
+
+### Distributions
+
+- :warning: Support for Centos 6 has been removed, as said distro entered
+  EOL on Nov 30.
+  [#6641](https://github.com/Kong/kong/pull/6641)
+
+### Dependencies
+
+- Bump kong-plugin-serverless-functions from 1.0 to 2.1.
+  [#6715](https://github.com/Kong/kong/pull/6715)
+- Bump lua-resty-dns-client from 5.1.0 to 5.2.0.
+  [#6711](https://github.com/Kong/kong/pull/6711)
+- Bump lua-resty-healthcheck from 1.3.0 to 1.4.0.
+  [#6711](https://github.com/Kong/kong/pull/6711)
+- Bump OpenSSL from 1.1.1h to 1.1.1i.
+  [#6639](https://github.com/Kong/kong/pull/6639)
+- Bump `kong-plugin-zipkin` from 1.1 to 1.2.
+  [#6576](https://github.com/Kong/kong/pull/6576)
+- Bump `kong-plugin-request-transformer` from 1.2 to 1.3.
+  [#6542](https://github.com/Kong/kong/pull/6542)
+
+### Additions
+
+##### Core
+
+- Introduce version checks between Control Plane and Data Plane nodes
+  in Hybrid Mode. Sync will be stopped if the major/minor version differ
+  or if installed plugin versions differ between Control Plane and Data
+  Plane nodes.
+  [#6612](https://github.com/Kong/kong/pull/6612)
+- Kong entities with a `name` field now support utf-8 characters.
+  [#6557](https://github.com/Kong/kong/pull/6557)
+- The certificates entity now has `cert_alt` and `key_alt` fields, used
+  to specify an alternative certificate and key pair.
+  [#6536](https://github.com/Kong/kong/pull/6536)
+- The go-pluginserver `stderr` and `stdout` are now written into Kong's
+  logs.
+  [#6503](https://github.com/Kong/kong/pull/6503)
+- Introduce support for multiple pluginservers. This feature is
+  backwards-compatible with the existing single Go pluginserver.
+  [#6600](https://github.com/Kong/kong/pull/6600)
+
+##### PDK
+
+- Introduce a `kong.node.get_hostname` method that returns current's
+  node host name.
+  [#6613](https://github.com/Kong/kong/pull/6613)
+- Introduce a `kong.cluster.get_id` method that returns a unique ID
+  for the current Kong cluster. If Kong is running in DB-less mode
+  without a cluster ID explicitly defined, then this method returns nil.
+  For Hybrid mode, all Control Planes and Data Planes belonging to the
+  same cluster returns the same cluster ID. For traditional database
+  based deployments, all Kong nodes pointing to the same database will
+  also return the same cluster ID.
+  [#6576](https://github.com/Kong/kong/pull/6576)
+- Introduce a `kong.log.set_serialize_value`, which allows for customizing
+  the output of `kong.log.serialize`.
+  [#6646](https://github.com/Kong/kong/pull/6646)
+
+##### Plugins
+
+- `http-log`: the plugin now has a `headers` configuration, so that
+  custom headers can be specified for the log request.
+  [#6449](https://github.com/Kong/kong/pull/6449)
+- `key-auth`: the plugin now has two additional boolean configurations:
+  * `key_in_header`: if `false`, the plugin will ignore keys passed as
+    headers.
+  * `key_in_query`: if `false`, the plugin will ignore keys passed as
+    query arguments.
+  Both default to `true`.
+  [#6590](https://github.com/Kong/kong/pull/6590)
+- `request-size-limiting`: add new configuration `require_content_length`,
+  which causes the plugin to ensure a valid `Content-Length` header exists
+  before reading the request body.
+  [#6660](https://github.com/Kong/kong/pull/6660)
+- `serverless-functions`: introduce a sandboxing capability, and it has been
+  *enabled* by default, where only Kong PDK, OpenResty `ngx` APIs, and Lua standard libraries are allowed.
+  [#32](https://github.com/Kong/kong-plugin-serverless-functions/pull/32/)
+
+##### Configuration
+
+- `client_max_body_size` and `client_body_buffer_size`, that previously
+  hardcoded to 10m, are now configurable through `nginx_admin_client_max_body_size` and `nginx_admin_client_body_buffer_size`.
+  [#6597](https://github.com/Kong/kong/pull/6597)
+- Kong-generated SSL privates keys now have `600` file system permission.
+  [#6509](https://github.com/Kong/kong/pull/6509)
+- Properties `ssl_cert`, `ssl_cert_key`, `admin_ssl_cert`,
+  `admin_ssl_cert_key`, `status_ssl_cert`, and `status_ssl_cert_key`
+  is now an array: previously, only an RSA certificate was generated
+  by default; with this change, an ECDSA is also generated. On
+  intermediate and modern cipher suites, the ECDSA certificate is set
+  as the default fallback certificate; on old cipher suite, the RSA
+  certificate remains as the default. On custom certificates, the first
+  certificate specified in the array is used.
+  [#6509](https://github.com/Kong/kong/pull/6509)
+- Kong now runs as a `kong` user if it exists; it said user does not exist
+  in the system, the `nobody` user is used, as before.
+  [#6421](https://github.com/Kong/kong/pull/6421)
+
+### Fixes
+
+##### Core
+
+- Fix issue where a Go plugin would fail to read kong.ctx.shared values set by Lua plugins.
+  [#6490](https://github.com/Kong/kong/pull/6490)
+- Properly trigger `dao:delete_by:post` hook.
+  [#6567](https://github.com/Kong/kong/pull/6567)
+- Fix issue where a route that supports both http and https (and has a hosts and snis match criteria) would fail to proxy http requests, as it does not contain an SNI.
+  [#6517](https://github.com/Kong/kong/pull/6517)
+- Fix issue where a `nil` request context would lead to errors `attempt to index local 'ctx'` being shown in the logs
+- Reduced the number of needed timers to active health check upstreams and to resolve hosts.
+- Schemas for full-schema validations are correctly cached now, avoiding memory
+  leaks when reloading declarative configurations. [#6713](https://github.com/Kong/kong/pull/6713)
+- The schema for the upstream entities now limits the highest configurable
+  number of successes and failures to 255, respecting the limits imposed by
+  lua-resty-healthcheck. [#6705](https://github.com/Kong/kong/pull/6705)
+- Certificates for database connections now are loaded in the right order
+  avoiding failures to connect to Postgres databases.
+  [#6650](https://github.com/Kong/kong/pull/6650)
+
+##### CLI
+
+- Fix issue where `kong reload -c <config>` would fail.
+  [#6664](https://github.com/Kong/kong/pull/6664)
+- Fix issue where the Kong configuration cache would get corrupted.
+  [#6664](https://github.com/Kong/kong/pull/6664)
+
+##### PDK
+
+- Ensure the log serializer encodes the `tries` field as an array when
+  empty, rather than an object.
+  [#6632](https://github.com/Kong/kong/pull/6632)
+
+##### Plugins
+
+- request-transformer plugin does not allow `null` in config anymore as they can
+  lead to runtime errors. [#6710](https://github.com/Kong/kong/pull/6710)
+
+[Back to TOC](#table-of-contents)
+
 ## [2.2.1]
 
 > Released 2020/12/01
@@ -87,6 +237,7 @@ strictly contains bugfixes. The are no new features or breaking changes.
 
 [Back to TOC](#table-of-contents)
 
+
 ## [2.2.0]
 
 > Released 2020/10/23
@@ -5575,6 +5726,7 @@ First version running with Cassandra.
 
 [Back to TOC](#table-of-contents)
 
+[2.3.0]: https://github.com/Kong/kong/compare/2.2.0...2.3.0
 [2.2.1]: https://github.com/Kong/kong/compare/2.2.0...2.2.1
 [2.2.0]: https://github.com/Kong/kong/compare/2.1.3...2.2.0
 [2.1.4]: https://github.com/Kong/kong/compare/2.1.3...2.1.4

Jenkinsfile

@@ -335,7 +335,7 @@ pipeline {
                 allOf {
                     buildingTag()
                     not { triggeredBy 'TimerTrigger' }
-                    not { tag pattern: 'alpha|beta', comparator: "REGEXP" }
+                    tag pattern: '^\\d+\\.\\d+\\.\\d+$', comparator: "REGEXP"
                 }
             }
             parallel {

README.md

@@ -145,6 +145,9 @@ Guide](https://docs.konghq.com/latest/plugin-development/), or browse an
 online version of Kong's source code documentation in the [Plugin Development
 Kit (PDK) Reference](https://docs.konghq.com/latest/pdk/).
 
+For a quick start with custom plugin development, check out [Pongo](https://github.com/Kong/kong-pongo)
+and the [plugin template](https://github.com/Kong/kong-plugin) explained in detail below.
+
 #### Docker
 
 You can use Docker / docker-compose and a mounted volume to develop Kong by
@@ -159,6 +162,23 @@ as easily switching across versions, configurations and dependencies. It
 has support for running Kong in Hybrid (CP/DP) mode, testing migrations,
 running a Kong cluster, among other [features](https://github.com/Kong/gojira/blob/master/doc/manual.md).
 
+#### Kong Pongo
+
+[Pongo](https://github.com/Kong/kong-pongo) is another CLI like Gojira,
+but specific for plugin development. It is docker-compose based and will
+create local test environments including all dependencies. Core features
+are running tests, integrated linter, config initialization, CI support,
+and custom dependencies.
+
+#### Kong Plugin Template
+
+The [plugin template](https://github.com/Kong/kong-plugin) provides a basic
+plugin and is considered a best-practices plugin repository. When writing
+custom plugins we strongly suggest you start by using this repository as a
+starting point. It contains the proper file structures, configuration files,
+and CI setup to get up and running quickly. This repository seamlessly
+integrates with [Pongo](https://github.com/Kong/kong-pongo).
+
 #### Vagrant
 
 You can use a Vagrant box running Kong and Postgres that you can find at

UPGRADE.md

@@ -36,6 +36,158 @@ starts new workers, which take over from old workers before those old workers
 are terminated. In this way, Kong will serve new requests via the new
 configuration, without dropping existing in-flight connections.
 
+## Upgrade to `2.3.0`
+
+Kong adheres to [semantic versioning](https://semver.org/), which makes a
+distinction between "major", "minor", and "patch" versions. The upgrade path
+will be different depending on which previous version from which you are migrating.
+
+If you are migrating from 2.0.0, 2.1.x, or 2.2.x upgrading into 2.3.x is a minor upgrade,
+but read below for important instructions on database migration, especially
+for Cassandra users.
+
+If you are migrating from 1.x, upgrading into 2.3.x is a major upgrade,
+so, in addition, be aware of any [breaking changes](#breaking-changes-2.0.0)
+between the 1.x and 2.x series below, further detailed in the
+[CHANGELOG.md](https://github.com/Kong/kong/blob/2.0.0/CHANGELOG.md) document.
+
+
+#### 1. Dependencies
+
+If you are using the provided binary packages, all necessary dependencies
+for the gateway are bundled and you can skip this section.
+
+If you are building your dependencies by hand, there are changes since the
+previous release, so you will need to rebuild them with the latest patches.
+
+The required OpenResty version for kong 2.3.x is
+[1.17.8.2](https://openresty.org/en/changelog-1017008.html). This is more recent
+than the version in Kong 2.1.0 (which used `1.15.8.3`). In addition to an upgraded
+OpenResty, you will need the correct [OpenResty
+patches](https://github.com/Kong/kong-build-tools/tree/master/openresty-build-tools/openresty-patches)
+for this new version, including the latest release of
+[lua-kong-nginx-module](https://github.com/Kong/lua-kong-nginx-module).
+The [kong-build-tools](https://github.com/Kong/kong-build-tools)
+repository contains [openresty-build-tools](https://github.com/Kong/kong-build-tools/tree/master/openresty-build-tools),
+which allows you to build OpenResty with the necessary patches
+and modules easily.
+
+There is a new way to deploy Go using Plugin Servers. You can read more about it the [Go section of the docs](https://docs.konghq.com/2.3.x/go).
+
+#### 2. Template Changes
+
+There are **Changes in the Nginx configuration file**, between kong 2.0.0,
+2.1.0, 2.2.0 and 2.3.0.
+
+To view the configuration changes between versions, clone the
+[Kong repository](https://github.com/kong/kong) and run `git diff`
+on the configuration templates, using `-w` for greater readability.
+
+Here's how to see the differences between 2.0.0 and 2.3.0:
+
+```
+git clone https://github.com/kong/kong
+cd kong
+git diff -w 2.0.0 2.3.0 kong/templates/nginx_kong*.lua
+```
+
+To produce a patch file, use the following command:
+
+```
+git diff 2.0.0 2.3.0 kong/templates/nginx_kong*.lua > kong_config_changes.diff
+```
+
+#### 3. Suggested Upgrade Path
+
+##### Upgrade from `0.x` to `2.3.0`
+
+The lowest version that Kong 2.3.0 supports migrating from is 1.0.0.
+If you are migrating from a version lower than 0.14.1, you need to
+migrate to 0.14.1 first. Then, once you are migrating from 0.14.1,
+please migrate to 1.5.0 first.
+
+The steps for upgrading from 0.14.1 to 1.5.0 are the same as upgrading
+from 0.14.1 to Kong 1.0. Please follow the steps described in the
+"Migration Steps from 0.14" in the [Suggested Upgrade Path for Kong
+1.0](#kong-1-0-upgrade-path), with the addition of the `kong
+migrations migrate-apis` command, which you can use to migrate legacy
+`apis` configurations.
+
+Once you migrated to 1.5.0, you can follow the instructions in the section
+below to migrate to 2.3.0.
+
+##### Upgrade from `1.0.0` - `2.2.0` to `2.3.0`
+
+**Postgres**
+
+Kong 2.3.0 supports a no-downtime migration model. This means that while the
+migration is ongoing, you will have two Kong clusters running, sharing the
+same database. (This is sometimes called the Blue/Green migration model.)
+
+The migrations are designed so that the new version of Kong is able to use
+the database as it is migrated while the old Kong cluster keeps working until
+it is time to decommission it. For this reason, the migration is split into
+two steps, performed via commands `kong migrations up` (which does
+only non-destructive operations) and `kong migrations finish` (which puts the
+database in the final expected state for Kong 2.3.0).
+
+1. Download 2.3.0, and configure it to point to the same datastore
+   as your old (1.0 to 2.0) cluster. Run `kong migrations up`.
+2. Once that finishes running, both the old (pre-2.1) and new (2.3.0)
+   clusters can now run simultaneously. Start provisioning 2.3.0 nodes,
+   but do not use their Admin API yet. If you need to perform Admin API
+   requests, these should be made to the old cluster's nodes. The reason
+   is to prevent the new cluster from generating data that is not understood
+   by the old cluster.
+3. Gradually divert traffic away from your old nodes, and into
+   your 2.3.0 cluster. Monitor your traffic to make sure everything
+   is going smoothly.
+4. When your traffic is fully migrated to the 2.3.0 cluster,
+   decommission your old nodes.
+5. From your 2.3.0 cluster, run: `kong migrations finish`.
+   From this point on, it will not be possible to start
+   nodes in the old cluster pointing to the same datastore anymore. Only run
+   this command when you are confident that your migration
+   was successful. From now on, you can safely make Admin API
+   requests to your 2.3.0 nodes.
+
+**Cassandra**
+
+Due to internal changes, the table schemas used by Kong 2.3.0 on Cassandra
+are incompatible with those used by Kong 2.0.0. Migrating using the usual commands
+`kong migrations up` and `kong migrations finish` will require a small
+window of downtime, since the old and new versions cannot use the
+database at the same time. Alternatively, to keep your previous version fully
+operational while the new one initializes, you will need to transfer the
+data to a new keyspace via a database dump, as described below:
+
+1. Download 2.3.0, and configure it to point to a new keyspace.
+   Run `kong migrations bootstrap`.
+2. Once that finishes running, both the old (pre-2.1) and new (2.3.0)
+   clusters can now run simultaneously, but the new cluster does not
+   have any data yet.
+3. On the old cluster, run `kong config db_export`. This will create
+   a file `kong.yml` with a database dump.
+4. Transfer the file to the new cluster and run
+   `kong config db_import kong.yml`. This will load the data into the new cluster.
+5. Gradually divert traffic away from your old nodes, and into
+   your 2.3.0 cluster. Monitor your traffic to make sure everything
+   is going smoothly.
+6. When your traffic is fully migrated to the 2.3.0 cluster,
+   decommission your old nodes.
+
+##### Installing 2.3.0 on a Fresh Datastore
+
+The following commands should be used to prepare a new 2.3.0 cluster from a
+fresh datastore. By default the `kong` CLI tool will load the configuration
+from `/etc/kong/kong.conf`, but you can optionally use the flag `-c` to
+indicate the path to your configuration file:
+
+```
+$ kong migrations bootstrap [-c /path/to/your/kong.conf]
+$ kong start [-c /path/to/your/kong.conf]
+```
+
 ## Upgrade to `2.2.0`
 
 Kong adheres to [semantic versioning](https://semver.org/), which makes a