Skip to content
2023 API Summit Hackathon: Experiment with AI for APIs (August 28 - September 27) Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Insomnia
      Collaborative API development platform
      Kuma
      Open-source distributed control plane with a bundled Envoy Proxy integration
      Docs Contribution Guidelines
      Want to help out, or found an issue in the docs and want to let us know?
  • API Specs
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
decK
1.10.x
  • Home icon
  • decK
  • Guides
  • Deduplicate Plugin Configuration
  • De-duplicate Plugin Configuration
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 1.27.x (latest)
  • 1.26.x
  • 1.25.x
  • 1.24.x
  • 1.23.x
  • 1.22.x
  • 1.21.x
  • 1.20.x
  • 1.19.x
  • 1.18.x
  • 1.17.x
  • 1.16.x
  • 1.15.x
  • 1.14.x
  • 1.13.x
  • 1.12.x
  • 1.11.x
  • 1.10.x
  • 1.9.x
  • 1.8.x
  • 1.7.x
  • pre-1.7
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Set up de-deduplicated plugin configuration
  • Overriding fields in plugin configs
You are browsing documentation for an outdated version. See the latest documentation here.

De-duplicate Plugin Configuration

In some use cases, you might want to create a number of plugins associated with different entities in Kong but with the same configuration. In such a case, if you change anything in the configuration of the plugin, you will have to repeat it for each instance of the plugin.

In other use cases, the plugin configuration could be decided by a different team, while the main Kong Gateway configuration is directly used by an API owner.

decK supports both of these use cases.

Set up de-deduplicated plugin configuration

Let’s take an example configuration file:

consumers:
- username: foo
  tags:
  - silver-tier
  plugins:
  - name: rate-limiting
    config:
      day: null
      fault_tolerant: true
      hide_client_headers: false
      hour: null
      limit_by: consumer
      minute: 10
      month: null
      policy: redis
      redis_database: 0
      redis_host: redis.common.svc
      redis_password: null
      redis_port: 6379
      redis_timeout: 2000
      second: null
      year: null
    enabled: true
    run_on: first
    protocols:
    - http
    - https
- username: bar
  tags:
  - silver-tier
  plugins:
  - name: rate-limiting
    config:
      day: null
      fault_tolerant: true
      hide_client_headers: false
      hour: null
      limit_by: consumer
      minute: 10
      month: null
      policy: redis
      redis_database: 0
      redis_host: redis.common.svc
      redis_password: null
      redis_port: 6379
      redis_timeout: 2000
      second: null
      year: null
    enabled: true
    run_on: first
    protocols:
    - http
    - https
- username: baz
  tags:
  - gold-tier
  plugins:
  - name: rate-limiting
    config:
      day: null
      fault_tolerant: true
      hide_client_headers: false
      hour: null
      limit_by: consumer
      minute: 20
      month: null
      policy: redis
      redis_database: 0
      redis_host: redis.common.svc
      redis_password: null
      redis_port: 6379
      redis_timeout: 2000
      second: null
      year: null
    enabled: true
    run_on: first
    protocols:
    - http
    - https
- username: fub
  tags:
  - gold-tier
  plugins:
  - name: rate-limiting
    config:
      day: null
      fault_tolerant: true
      hide_client_headers: false
      hour: null
      limit_by: consumer
      minute: 20
      month: null
      policy: redis
      redis_database: 0
      redis_host: redis.common.svc
      redis_password: null
      redis_port: 6379
      redis_timeout: 2000
      second: null
      year: null
    enabled: true
    run_on: first
    protocols:
    - http
    - https

Here, we have two groups of consumers:

  • silver-tier consumers who can access our APIs at 10 requests per minute
  • gold-tier consumers who can access our APIs at 20 requests per minute

Now, if we want to increase the rate limits or change the host of the Redis server, then we have to edit the configuration of each and every instance of the plugin.

To reduce this repetition, you can de-duplicate plugin configuration and reference it where we you need to use it. This works across multiple files as well.

The above file now becomes:

_plugin_configs:
  silver-tier-limit:
    day: null
    fault_tolerant: true
    hide_client_headers: false
    hour: null
    limit_by: consumer
    minute: 14
    month: null
    policy: redis
    redis_database: 0
    redis_host: redis.common.svc
    redis_password: null
    redis_port: 6379
    redis_timeout: 2000
    second: null
    year: null
  gold-tier-limit:
    day: null
    fault_tolerant: true
    hide_client_headers: false
    hour: null
    limit_by: consumer
    minute: 20
    month: null
    policy: redis
    redis_database: 0
    redis_host: redis.common.svc
    redis_password: null
    redis_port: 6379
    redis_timeout: 2000
    second: null
    year: null
consumers:
- username: foo
  tags:
  - silver-tier
  plugins:
  - name: rate-limiting
    _config: silver-tier-limit
    enabled: true
    protocols:
    - http
    - https
- username: bar
  tags:
  - silver-tier
  plugins:
  - name: rate-limiting
    _config: silver-tier-limit
    enabled: true
    protocols:
    - http
    - https
- username: baz
  tags:
  - gold-tier
  plugins:
  - name: rate-limiting
    _config: gold-tier-limit
    enabled: true
    protocols:
    - http
    - https
- username: fub
  tags:
  - gold-tier
  plugins:
  - name: rate-limiting
    _config: gold-tier-limit
    enabled: true
    protocols:
    - http
    - https

Now, you can edit plugin configuration in a single place and you can see its effect across multiple entities. Under the hood, decK takes the change and applies it to each entity which references the plugin configuration that has been changed. As always, use deck diff to inspect the changes before you apply those to your Kong clusters.

Overriding fields in plugin configs

Settings configured in _plugin_configs are applied to all plugins with the same tag. While those settings provide the baseline configuration, you can change specific fields as needed for the entities that consume them.

Specific values set for entities take precedence over values defined in _plugin_configs.

For example, say that consumer fub in the previous example is still in the gold-tier-limit, but needs a rate limit of 50 minutes instead of 20. You can change this value just for that specific consumer:

- username: fub
  tags:
  - gold-tier
  plugins:
  - name: rate-limiting
    _config: gold-tier-limit
    config:
      minute: 50
    enabled: true
    protocols:
    - http
    - https

Now compare the two gold tier consumers, baz and fub.

First check baz:

curl -i -X http://localhost:8001/consumers/baz/plugins

Find the minute configuration in the result. This consumer picks up the setting of the gold-tier-limit, which is minute: 20.

Now check fub:

curl -i -X http://localhost:8001/consumers/fub/plugins

Find the minute configuration in the result. This consumer has its own rate limit, minute: 50.

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023