Kong Configuration
Introduction
Kong is a powerful, open-source API Gateway that acts as a middleware between clients and your API services. Proper configuration of Kong is essential for leveraging its full potential in managing, securing, and optimizing your API traffic. This guide will walk you through the fundamentals of Kong configuration, from basic setup to advanced customization options.
Understanding Kong's Configuration Hierarchy
Kong uses a hierarchical configuration model that consists of several layers:
- Kong.conf - The main configuration file
- Environment variables - Overrides Kong.conf settings
- Admin API - Runtime configuration changes
- Declarative configuration - YAML/JSON files for DB-less mode
Let's visualize this hierarchy:
Basic Configuration Setup
The Kong.conf File
The kong.conf file is the primary method for configuring Kong. It contains settings that affect Kong's behavior, database connections, plugins, and more.
A typical Kong installation includes a kong.conf.default file which serves as a template. To create your own configuration:
# Copy the default config to create your custom config
cp /etc/kong/kong.conf.default /etc/kong/kong.conf
# Edit the configuration file
vim /etc/kong/kong.conf
Essential Configuration Parameters
Let's review some of the most important configuration parameters:
# Database configuration
database = postgres # Determines which database Kong uses (postgres, cassandra, or off for DB-less)
pg_host = 127.0.0.1 # PostgreSQL host
pg_port = 5432 # PostgreSQL port
pg_user = kong # PostgreSQL user
pg_password = kong # PostgreSQL password
pg_database = kong # PostgreSQL database name
# Network settings
proxy_listen = 0.0.0.0:8000, 0.0.0.0:8443 ssl # Address/port where Kong listens for incoming traffic
admin_listen = 127.0.0.1:8001, 127.0.0.1:8444 ssl # Address/port for Admin API
# Performance tuning
nginx_worker_processes = auto # Number of worker processes
Configuration Methods
Method 1: Using the kong.conf File
As shown above, you can directly edit the kong.conf file to configure Kong. After making changes, restart Kong to apply them:
# Restart Kong to apply configuration changes
kong restart
Method 2: Environment Variables
Every setting in kong.conf can be overridden with an environment variable. The naming convention is KONG_ followed by the uppercase configuration name with underscores:
# Set database configuration via environment variables
export KONG_DATABASE=postgres
export KONG_PG_HOST=db.example.com
export KONG_PG_USER=kong_user
export KONG_PG_PASSWORD=strong_password
# Start Kong with these environment variables
kong start
Method 3: Declarative Configuration (DB-less mode)
For simpler deployments or containerized environments, Kong supports DB-less mode using declarative configuration files in YAML or JSON format:
- First, set Kong to run in DB-less mode:
# In kong.conf or as environment variable
database = off
declarative_config = /path/to/kong.yml
- Create your
kong.ymlfile:
_format_version: "2.1"
_transform: true
services:
- name: example-service
url: http://example.com
routes:
- name: example-route
paths:
- /example
plugins:
- name: rate-limiting
config:
minute: 5
policy: local
- Load the configuration:
# Validate your declarative configuration
kong config parse kong.yml
# Start Kong with declarative configuration
kong start -c kong.conf
Working with the Admin API
Kong's Admin API provides a dynamic way to configure Kong at runtime without restarts. This is particularly useful for production environments where downtime should be minimized.
Basic Admin API Usage
# Create a new Service
curl -i -X POST http://localhost:8001/services \
--data name=example-service \
--data url=http://example.com
# Create a Route for this Service
curl -i -X POST http://localhost:8001/services/example-service/routes \
--data 'paths[]=/example' \
--data name=example-route
# Enable a plugin for the Service
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data name=rate-limiting \
--data config.minute=5 \
--data config.policy=local
Advanced Configuration Scenarios
Load Balancing Configuration
Kong can act as a load balancer for your upstream services. Here's how to configure load balancing:
# Create an upstream entity
curl -X POST http://localhost:8001/upstreams \
--data name=example-upstream
# Add targets to the upstream
curl -X POST http://localhost:8001/upstreams/example-upstream/targets \
--data target=service1.example.com:80 \
--data weight=100
curl -X POST http://localhost:8001/upstreams/example-upstream/targets \
--data target=service2.example.com:80 \
--data weight=50
# Create a service using the upstream
curl -X POST http://localhost:8001/services \
--data name=balanced-service \
--data host=example-upstream
In the example above, service1 will receive approximately twice as much traffic as service2 due to the weights assigned.
SSL Configuration
To configure SSL for your APIs:
# Add an SSL certificate
curl -i -X POST http://localhost:8001/certificates \
--form cert=@/path/to/cert.pem \
--form key=@/path/to/key.pem
# Assign the certificate to a specific SNI
curl -i -X POST http://localhost:8001/snis \
--data name=secure.example.com \
--data certificate.id=CERT_ID_FROM_PREVIOUS_RESPONSE
Plugin Configuration
Kong's functionality can be extended with plugins. Here's how to configure the rate-limiting plugin globally:
# Enable rate-limiting plugin globally
curl -i -X POST http://localhost:8001/plugins \
--data name=rate-limiting \
--data config.minute=60 \
--data config.hour=1000 \
--data config.policy=local
Multi-environment Configuration
For managing different environments (development, staging, production), use different configuration files:
# Development
kong start -c kong.dev.conf
# Production
kong start -c kong.prod.conf
Alternatively, use environment variables with a consistent base configuration file:
# Development
export KONG_PG_HOST=dev-db.example.com
kong start
# Production
export KONG_PG_HOST=prod-db.example.com
kong start
Best Practices for Kong Configuration
- Use version control for your configuration files to track changes
- Document your configurations with comments
- Start with minimal configuration and add features as needed
- Secure the Admin API by limiting access or using HTTPS
- Use declarative configuration for consistency across environments
- Implement proper monitoring to track Kong's performance
- Regular backups of your configuration
Troubleshooting Configuration Issues
Common Configuration Problems
- Kong won't start
Check the error logs:
tail -f /usr/local/kong/logs/error.log
Verify database connectivity:
psql -h 127.0.0.1 -U kong -d kong
- Admin API not responding
Verify the admin_listen configuration:
grep admin_listen /etc/kong/kong.conf
- Plugins not working
Check if the plugin is properly installed:
curl http://localhost:8001/plugins/available | grep plugin_name
Summary
Kong configuration is a powerful system that allows you to customize how your API Gateway operates. By understanding the configuration hierarchy, different configuration methods, and best practices, you can effectively deploy and manage Kong in various environments.
The key points to remember:
- Kong uses a hierarchical configuration system with
kong.confas the base - Environment variables can override configuration settings
- Admin API allows for runtime configuration changes
- Declarative configuration provides a DB-less option for simpler deployments
- Different configuration approaches suit different deployment scenarios
Additional Resources
Exercises
- Set up Kong in DB-less mode using a declarative configuration file
- Configure rate limiting for a specific service
- Implement SSL termination for your APIs
- Create a load-balanced upstream with multiple targets
- Configure Kong to use a different database connection
If you spot any mistakes on this website, please let me know at [email protected]. I’d greatly appreciate your feedback! :)