Kong Gateway
High-performance API Gateway and service connectivity platform. Integrates microservices, serverless, and legacy workloads. Extensible with plugin ecosystem.
Server
Kong Gateway
Overview
Kong Gateway is a high-performance, cloud-native API Gateway and service connectivity platform that acts as a central layer for managing microservices, serverless, and legacy workloads. Known for its exceptional performance and extensibility through a rich plugin ecosystem, Kong serves as the "front door" for all API traffic, providing advanced routing, load balancing, security, and monitoring capabilities. With support for both traditional and cloud-native architectures, Kong has established itself as the leading API Gateway solution for Fortune 500 companies and modern enterprises seeking scalable, flexible API management.
Details
Kong Gateway 2025 edition continues to lead the API Gateway market with its proven architecture and comprehensive feature set. Built on NGINX and OpenResty, Kong delivers exceptional performance while maintaining ease of use and operational simplicity. The platform supports both database-backed and database-less (DB-less) deployment modes, enabling flexible deployment strategies across on-premises, cloud, and hybrid environments. Kong's plugin architecture provides unparalleled extensibility with over 80+ plugins covering authentication, security, traffic control, analytics, and transformations. The platform seamlessly integrates with Kubernetes via Kong Ingress Controller and supports advanced deployment patterns including hybrid mode for enterprise-scale implementations.
Key Features
- High-Performance Routing: Advanced routing capabilities with sub-millisecond latency
- Rich Plugin Ecosystem: 80+ plugins for authentication, security, rate limiting, and analytics
- Multiple Deployment Modes: Database-backed, DB-less, and hybrid deployment options
- Kubernetes-Native: Full Kubernetes integration with ingress controller support
- Service Mesh Ready: Integration with Istio and other service mesh platforms
- Enterprise Security: OAuth2, JWT, mTLS, and custom authentication mechanisms
Advantages and Disadvantages
Advantages
- Industry-leading performance with horizontal scaling capabilities and enterprise-grade reliability
- Extensive plugin ecosystem covering virtually all API Gateway requirements with active community contributions
- Flexible deployment options supporting traditional VM, container, and Kubernetes environments
- Strong enterprise adoption with proven track record in high-traffic production environments
- Comprehensive documentation and strong community support with regular updates and maintenance
- Hybrid and multi-cloud deployment capabilities with centralized management and monitoring
Disadvantages
- Learning curve for advanced plugin development and custom configuration requirements
- Enterprise features require Kong Enterprise subscription for full commercial support
- Database dependency in traditional mode can introduce complexity for some deployment scenarios
- Resource consumption can be higher compared to lightweight alternatives for simple use cases
- Plugin compatibility considerations when upgrading between major versions
- Advanced features like service mesh integration may require additional operational expertise
Reference Links
Code Examples
Installation and Basic Setup
# Docker installation (for development)
docker run -d --name kong \
--network=kong-net \
-e "KONG_DATABASE=off" \
-e "KONG_DECLARATIVE_CONFIG=/kong/declarative/kong.yml" \
-e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
-e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
-e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
-e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
-p 8000:8000 \
-p 8443:8443 \
-p 8001:8001 \
-p 8444:8444 \
kong:latest
# Kubernetes installation using Helm
helm repo add kong https://charts.konghq.com
helm repo update
helm install kong kong/kong --namespace kong --create-namespace
# Verify installation
curl -i http://localhost:8001/
Service and Route Configuration
# Create a service
curl -i -X POST http://localhost:8001/services/ \
--data "name=example-service" \
--data "url=http://httpbin.org"
# Create a route for the service
curl -i -X POST http://localhost:8001/services/example-service/routes \
--data "hosts[]=example.com" \
--data "paths[]=/api"
# Test the route
curl -i -X GET http://localhost:8000/api/get \
--header "Host: example.com"
# Add rate limiting plugin
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=rate-limiting" \
--data "config.minute=100" \
--data "config.hour=1000"
# Add JWT authentication
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=jwt"
# List all services
curl -i http://localhost:8001/services/
# List all routes
curl -i http://localhost:8001/routes/
Kubernetes Ingress Controller Configuration
# Kong Ingress Controller setup
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: demo-ingress
annotations:
kubernetes.io/ingress.class: kong
konghq.com/strip-path: "true"
konghq.com/preserve-host: "true"
spec:
rules:
- host: api.example.com
http:
paths:
- path: /v1
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80
---
# KongPlugin for rate limiting
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-plugin
config:
minute: 100
hour: 1000
policy: local
plugin: rate-limiting
---
# Apply plugin to service
apiVersion: v1
kind: Service
metadata:
name: example-service
annotations:
konghq.com/plugins: rate-limiting-plugin
spec:
selector:
app: example-app
ports:
- port: 80
targetPort: 8080
Advanced Plugin Configuration
# OAuth2 plugin configuration
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=oauth2" \
--data "config.scopes=read,write" \
--data "config.mandatory_scope=true" \
--data "config.enable_authorization_code=true"
# Request/Response transformation
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=request-transformer" \
--data "config.add.headers=X-Customer-ID:customer-123" \
--data "config.add.querystring=version:v2"
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=response-transformer" \
--data "config.add.headers=X-Server:Kong-Gateway" \
--data "config.remove.headers=X-Internal-Header"
# CORS configuration
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=cors" \
--data "config.origins=https://example.com,https://app.example.com" \
--data "config.methods=GET,POST,PUT,DELETE" \
--data "config.headers=Accept,Accept-Version,Content-Length,Content-Type,Date,X-Auth-Token" \
--data "config.exposed_headers=X-Auth-Token" \
--data "config.credentials=true" \
--data "config.max_age=3600"
# IP restriction
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=ip-restriction" \
--data "config.allow=192.168.1.0/24,10.0.0.0/8"
Database-less (Declarative) Configuration
# kong.yml - Declarative configuration file
_format_version: "3.0"
_transform: true
services:
- name: example-service
url: http://httpbin.org
routes:
- name: example-route
paths:
- /api
hosts:
- example.com
plugins:
- name: rate-limiting
config:
minute: 100
hour: 1000
- name: jwt
config:
secret_is_base64: false
- name: auth-service
url: http://auth.internal.com
routes:
- name: auth-route
paths:
- /auth
plugins:
- name: basic-auth
config:
hide_credentials: true
consumers:
- username: api-client
jwt_secrets:
- key: "my-key"
secret: "my-secret"
basic_auth_credentials:
- username: "client"
password: "secret"
plugins:
- name: cors
config:
origins:
- "https://example.com"
methods:
- GET
- POST
headers:
- Accept
- Content-Type
credentials: true
Custom Plugin Development
-- custom-plugin/handler.lua
local BasePlugin = require "kong.plugins.base_plugin"
local CustomHandler = BasePlugin:extend()
CustomHandler.PRIORITY = 1000
CustomHandler.VERSION = "1.0.0"
function CustomHandler:new()
CustomHandler.super.new(self, "custom-plugin")
end
function CustomHandler:access(conf)
CustomHandler.super.access(self)
-- Custom logic here
local custom_header = kong.request.get_header("X-Custom-Header")
if not custom_header then
return kong.response.exit(400, {
message = "Missing required X-Custom-Header"
})
end
-- Add custom header to upstream request
kong.service.request.set_header("X-Processed-By", "Kong-Custom-Plugin")
end
return CustomHandler
Load Balancing and Health Checks
# Create upstream with multiple targets
curl -i -X POST http://localhost:8001/upstreams \
--data "name=example-upstream" \
--data "algorithm=round-robin" \
--data "healthchecks.active.healthy.interval=5" \
--data "healthchecks.active.unhealthy.interval=5" \
--data "healthchecks.active.http_path=/health"
# Add targets to upstream
curl -i -X POST http://localhost:8001/upstreams/example-upstream/targets \
--data "target=192.168.1.10:8080" \
--data "weight=100"
curl -i -X POST http://localhost:8001/upstreams/example-upstream/targets \
--data "target=192.168.1.11:8080" \
--data "weight=100"
# Create service pointing to upstream
curl -i -X POST http://localhost:8001/services/ \
--data "name=load-balanced-service" \
--data "host=example-upstream"
# Monitor upstream health
curl -i http://localhost:8001/upstreams/example-upstream/health
Monitoring and Analytics
# Enable Prometheus plugin for metrics
curl -i -X POST http://localhost:8001/plugins \
--data "name=prometheus"
# Access metrics endpoint
curl http://localhost:8001/metrics
# Enable file-log plugin for detailed logging
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=file-log" \
--data "config.path=/tmp/kong-access.log"
# TCP log plugin for centralized logging
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=tcp-log" \
--data "config.host=logstash.example.com" \
--data "config.port=5000"
# HTTP log plugin for webhook logging
curl -i -X POST http://localhost:8001/services/example-service/plugins \
--data "name=http-log" \
--data "config.http_endpoint=https://analytics.example.com/api/logs"