Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.2.x (latest)
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (2.1-2.5)
  • Older OSS versions (2.1-2.5)
  • Archive (pre-2.1)
    • Overview of Kong Gateway
      • Version Support Policy
      • Supported Installation Options
      • Supported Linux Distributions
    • Stability
    • Release Notes
      • Services
        • Overview
        • Configure Routes with Expressions
      • Upstreams
      • Plugins
      • Routing Traffic
      • Load Balancing
      • Health Checks and Circuit Breakers
      • Kong Performance Testing
    • Glossary
    • Get Kong
    • Services and Routes
    • Rate Limiting
    • Proxy Caching
    • Key Authentication
    • Load-Balancing
      • Overview
        • Overview
        • Deploy Kong Gateway in Hybrid mode
      • DB-less Deployment
      • Traditional
      • Overview
        • Helm
        • OpenShift with Helm
        • kubectl apply
        • Kubernetes Deployment Options
        • Using docker run
        • Build your own Docker images
        • Amazon Linux
        • Debian
        • Red Hat
        • Ubuntu
      • Running Kong as a non-root user
      • Securing the Admin API
      • Using systemd
      • Start Kong Gateway Securely
      • Programatically Creating Admins
      • Enabling RBAC
      • Overview
      • Download your License
      • Deploy Enterprise License
      • Using the License API
      • Monitor Licenses Usage
      • Default Ports
      • DNS Considerations
      • Network and Firewall
      • CP/DP Communication through a Forward Proxy
    • Kong Configuration File
    • Environment Variables
    • Serving a Website and APIs from Kong
      • Overview
      • Prometheus
      • StatsD
      • Datadog
      • Overview
      • Writing a Custom Trace Exporter
      • Tracing API Reference
    • Resource Sizing Guidelines
    • Security Update Process
    • Blue-Green Deployments
    • Canary Deployments
    • Clustering Reference
      • Log Reference
      • Dynamic log level updates
      • Customize Gateway Logs
      • Upgrade Kong Gateway 3.1.x
      • Migrate from OSS to Enterprise
    • Overview
      • Overview
      • Metrics
      • Analytics with InfluxDB
      • Analytics with Prometheus
      • Estimate Analytics Storage in PostgreSQL
      • Overview
      • Getting Started
      • Advanced Usage
        • Overview
        • Environment Variables
        • AWS Secrets Manager
        • Google Secrets Manager
        • Hashicorp Vault
        • Securing the Database with AWS Secrets Manager
      • Reference Format
      • Overview
      • Get Started with Dynamic Plugin Ordering
      • Overview
      • Enable the Dev Portal
      • Publish an OpenAPI Spec
      • Structure and File Types
      • Themes Files
      • Working with Templates
      • Using the Editor
        • Basic Auth
        • Key Auth
        • OIDC
        • Sessions
        • Adding Custom Registration Fields
        • Manage Developers
        • Developer Roles and Content Permissions
        • Authorization Provider Strategy
        • Enable Application Registration
        • Enable Key Authentication for Application Registration
          • External OAuth2 Support
          • Set up Okta and Kong for External Oauth
          • Set up Azure AD and Kong for External Authentication
        • Manage Applications
        • Theme Editing
        • Migrating Templates Between Workspaces
        • Markdown Rendering Module
        • Customizing Portal Emails
        • Adding and Using JavaScript Assets
        • Single Page App in Dev Portal
        • Alternate OpenAPI Renderer
      • SMTP
      • Workspaces
      • Helpers CLI
      • Portal API Documentation
    • Audit Logging
    • Keyring and Data Encryption
    • Workspaces
    • Consumer Groups
    • Event Hooks
    • FIPS 140-2
    • Overview
    • Enable Kong Manager
      • Services and Routes
      • Rate Limiting
      • Proxy Caching
      • Authentication with Consumers
      • Load Balancing
      • Overview
      • Create a Super Admin
      • Workspaces and Teams
      • Reset Passwords and RBAC Tokens
      • Basic Auth
        • Configure LDAP
        • LDAP Service Directory Mapping
        • Configure OIDC
        • OIDC Authenticated Group Mapping
      • Sessions
        • Overview
        • Enable RBAC
        • Add a Role and Permissions
        • Create a User
        • Create an Admin
    • Networking Configuration
    • Workspaces
    • Create Consumer Groups
    • Sending Email
    • Overview
    • File Structure
    • Implementing Custom Logic
    • Plugin Configuration
    • Accessing the Data Store
    • Storing Custom Entities
    • Caching Custom Entities
    • Extending the Admin API
    • Writing Tests
    • (un)Installing your Plugin
      • Overview
      • kong.client
      • kong.client.tls
      • kong.cluster
      • kong.ctx
      • kong.ip
      • kong.jwe
      • kong.log
      • kong.nginx
      • kong.node
      • kong.request
      • kong.response
      • kong.router
      • kong.service
      • kong.service.request
      • kong.service.response
      • kong.table
      • kong.tracing
      • kong.vault
      • kong.websocket.client
      • kong.websocket.upstream
      • Go
      • Javascript
      • Python
      • Running Plugins in Containers
      • External Plugin Performance
    • Overview
        • Overview
        • OpenID Connect with Curity
        • OpenID Connect with Azure AD
        • OpenID Connect with Google
        • OpenID Connect with Okta
        • OpenID Connect with Auth0
        • OpenID Connect with Cognito
      • Authentication Reference
      • Allow Multiple Authentication Plugins
    • Rate Limiting Plugin
      • Add a Body Value
    • GraphQL
      • gRPC Plugins
      • Configure a gRPC service
    • Overview
    • Information Routes
    • Health Routes
    • Tags
    • Debug Routes
    • Services
    • Routes
    • Consumers
    • Plugins
    • Certificates
    • CA Certificates
    • SNIs
    • Upstreams
    • Targets
    • Vaults
    • Keys
    • Licenses
    • Workspaces
    • RBAC
    • Admins
    • Developers
    • Consumer Groups
    • Event Hooks
    • Keyring and Data Encryption
    • Audit Logs
    • kong.conf
    • Injecting Nginx Directives
    • CLI
    • File Permissions Reference
    • Key Management
    • Performance Testing Framework
    • Router Expressions Language
    • FAQ

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Set up Kong Vitals with InfluxDB
    • Install Kong Gateway
    • Pull the Kong Gateway Docker image
    • Start the database and Kong Gateway containers
    • Deploy a Kong Gateway license
    • Start an InfluxDB database
    • Configure Kong Gateway
  • Understanding Vitals data using InfluxDB measurements
  • Sizing an InfluxDB node/cluster for Vitals
  • Query frequency and precision
  • Managing the retention policy of the Kong database
Kong Gateway
3.1.x
  • Home
  • Kong Gateway
  • Kong Enterprise
  • Vitals
  • Vitals with InfluxDB
You are browsing documentation for an outdated version. See the latest documentation here.

Vitals with InfluxDB

Leveraging a time series database for Vitals data can improve request and Vitals performance in very-high traffic Kong Enterprise clusters (such as environments handling tens or hundreds of thousands of requests per second), without placing additional write load on the database backing the Kong cluster.

For information about using Kong Vitals with a database as the backend, refer to Kong Vitals.

Set up Kong Vitals with InfluxDB

Install Kong Gateway

If you already have a Kong Gateway instance, skip to deploying a license.

If you have not installed Kong Gateway, a Docker installation will work for the purposes of this guide.

Pull the Kong Gateway Docker image

  1. Pull the following Docker image.

     docker pull kong/kong-gateway:3.1.1.3-alpine
    

    Some older Kong Gateway images are not publicly accessible. If you need a specific patch version and can’t find it on Kong’s public Docker Hub page, contact Kong Support.

    You should now have your Kong Gateway image locally.

  2. Tag the image.

     docker tag kong/kong-gateway:3.1.1.3-alpine kong-ee
    

Start the database and Kong Gateway containers

  1. Create a custom network to allow the containers to discover and communicate with each other.

     docker network create kong-ee-net
    
  2. Start a PostgreSQL container:

     docker run -d --name kong-ee-database \
       --network=kong-ee-net \
       -p 5432:5432 \
       -e "POSTGRES_USER=kong" \
       -e "POSTGRES_DB=kong" \
       -e "POSTGRES_PASSWORD=kong" \
       postgres:9.6
    
  3. Prepare the Kong database:

    docker run --rm --network=kong-ee-net \
       -e "KONG_DATABASE=postgres" \
       -e "KONG_PG_HOST=kong-ee-database" \
       -e "KONG_PG_PASSWORD=kong" \
       -e "KONG_PASSWORD=
    {PASSWORD}
    " \ kong-ee kong migrations bootstrap
  4. Start the gateway with Kong Manager:

    Important: The settings below are intended for non-production use only, as they override the default admin_listen setting to listen for requests from any source. Do not use these settings in environments directly exposed to the internet.


    If you need to expose the admin_listen port to the internet in a production environment,

    secure it with authentication.

    docker run -d --name kong-ee --network=kong-ee-net \
       -e "KONG_DATABASE=postgres" \
       -e "KONG_PG_HOST=kong-ee-database" \
       -e "KONG_PG_PASSWORD=kong" \
       -e "KONG_PROXY_ACCESS_LOG=/dev/stdout" \
       -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout" \
       -e "KONG_PROXY_ERROR_LOG=/dev/stderr" \
       -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" \
       -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
       -e "KONG_ADMIN_GUI_URL=http://
    {DNSorIP}
    :8002" \ -e "KONG_VITALS_STRATEGY=influxdb" \ -e "KONG_VITALS_TSDB_ADDRESS=influxdb:8086" \ -p 8000:8000 \ -p 8443:8443 \ -p 8001:8001 \ -p 8444:8444 \ -p 8002:8002 \ -p 8445:8445 \ -p 8003:8003 \ -p 8004:8004 \ kong-ee

    Note: For KONG_ADMIN_GUI_URL, replace DNSorIP with with the DNS name or IP of the Docker host. KONG_ADMIN_GUI_URL should have a protocol, for example, http://.

Deploy a Kong Gateway license

If you already have a Kong Enterprise license attached to your Kong Gateway instance, skip to starting an InfluxDB database.

You will not be able to access the Kong Vitals functionality without a valid Kong Enterprise license attached to your Kong Gateway instance.

You can deploy a license file in one of the following ways:

Method Supported deployment types
/licenses Admin API endpoint • Traditional database-backed deployment
• Hybrid mode deployment
File on the node filesystem
(license.json)
• Traditional database-backed deployment
• DB-less mode
Environment variable
(KONG_LICENSE_DATA)
• Traditional database-backed deployment
• DB-less mode
Environment variable
(KONG_LICENSE_PATH)
• Traditional database-backed deployment
• DB-less mode

The recommended method is using the Admin API.

Prerequisites

  • You have received a license.json file from Kong.
  • Kong Gateway is installed.

Deploy the license

Admin API
Filesystem
Environment variable (JSON)
Environment variable (file path)

You can use the Kong Admin API to distribute the license in any database-backed or hybrid mode deployment. We recommend using this method in most deployments.

In hybrid mode, apply the license to the control plane. The control plane distributes the license to its data plane nodes. This is the only method that applies the license to data planes automatically.

The license data must contain straight quotes to be considered valid JSON (' and ", not ’ or “).

POST the contents of the provided license.json license to your Kong Gateway instance:

Note: The following license is only an example. You must use the following format, but provide your own content.

cURL
HTTPie
$ curl -i -X POST http://<hostname>:8001/licenses \
  -d payload='{"license":{"payload":{"admin_seats":"1","customer":"Example Company, Inc","dataplanes":"1","license_creation_date":"2017-07-20","license_expiration_date":"2017-07-20","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU","product_subscription":"Konnect Enterprise","support_plan":"None"},"signature":"6985968131533a967fcc721244a979948b1066967f1e9cd65dbd8eeabe060fc32d894a2945f5e4a03c1cd2198c74e058ac63d28b045c2f1fcec95877bd790e1b","version":"1"}}'
$ http POST :8001/licenses \
  payload='{"license":{"payload":{"admin_seats":"1","customer":"Example Company, Inc","dataplanes":"1","license_creation_date":"2017-07-20","license_expiration_date":"2017-07-20","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU","product_subscription":"Konnect Enterprise","support_plan":"None"},"signature":"6985968131533a967fcc721244a979948b1066967f1e9cd65dbd8eeabe060fc32d894a2945f5e4a03c1cd2198c74e058ac63d28b045c2f1fcec95877bd790e1b","version":"1"}}'

Result:

{
  "created_at": 1500508800,
  "id": "30b4edb7-0847-4f65-af90-efbed8b0161f",
  "payload": "{\"license\":{\"payload\":{\"admin_seats\":\"1\",\"customer\":\"Example Company, Inc\",\"dataplanes\":\"1\",\"license_creation_date\":\"2017-07-20\",\"license_expiration_date\":\"2017-07-20\",\"license_key\":\"00141000017ODj3AAG_a1V41000004wT0OEAU\",\"product_subscription\":\"Konnect Enterprise\",\"support_plan\":\"None\"},\"signature\":\"6985968131533a967fcc721244a979948b1066967f1e9cd65dbd8eeabe060fc32d894a2945f5e4a03c1cd2198c74e058ac63d28b045c2f1fcec95877bd790e1b\",\"version\":\"1\"}}",
  "updated_at": 1500508800
}

For more detail and options, see the Admin API licenses endpoint reference.

You can provide a license file to Kong Gateway in any database-backed or DB-less deployment. This method is not recommended for use in hybrid mode, as you have to maintain the license on each node manually.

The license data must contain straight quotes to be considered valid JSON (' and ", not ’ or “).

  1. Securely copy the license.json file to your home directory on the filesystem where you have installed Kong Gateway.

     $ scp license.json <system_username>@<server>:~
    
  2. Then, copy the license file again, this time to the /etc/kong directory:

     $ scp license.json /etc/kong/license.json
    

    Kong Gateway will look for a valid license in this location.

You can use the KONG_LICENSE_DATA environment variable to apply a license to Kong Gateway in any database-backed or DB-less deployment. This method is not recommended for use in hybrid mode, as you have to maintain the license on each node manually.

The license data must contain straight quotes to be considered valid JSON (' and ", not ’ or “).

  1. Export the license key to a variable by running the following command, substituting your own license key.

    Note: The following license is only an example. You must use the following format, but provide your own content.

     $ export KONG_LICENSE_DATA='{"license":{"signature":"LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEdudVBHIHYyCgpvd0did012TXdDSFdzMTVuUWw3dHhLK01wOTJTR0tLWVc3UU16WTBTVTVNc2toSVREWk1OTFEzVExJek1MY3dTCjA0ek1UVk1OREEwc2pRM04wOHpNalZKVHpOTE1EWk9TVTFLTXpRMVRVNHpTRXMzTjA0d056VXdUTytKWUdNUTQKR05oWW1VQ21NWEJ4Q3NDc3lMQmorTVBmOFhyWmZkNkNqVnJidmkyLzZ6THhzcitBclZtcFZWdnN1K1NiKzFhbgozcjNCeUxCZzdZOVdFL2FYQXJ0NG5lcmVpa2tZS1ozMlNlbGQvMm5iYkRzcmdlWFQzek1BQUE9PQo9b1VnSgotLS0tLUVORCBQR1AgTUVTU0FHRS0tLS0tCg=","payload":{"customer":"Test Company Inc","license_creation_date":"2017-11-08","product_subscription":"Kong Enterprise","admin_seats":"5","support_plan":"None","license_expiration_date":"2017-11-10","license_key":"00141000017ODj3AAG_a1V41000004wT0OEAU"},"version":1}}'
    
  2. Include the license as part of the docker run command when starting a Kong Gateway container:

    Note: This is only a snippet. For a full working example, see the instructions to Install Kong Gateway on Docker.

     docker run -d --name kong-gateway \
      --network=kong-net \
      ...
      -e KONG_LICENSE_DATA \
      kong/kong-gateway:-alpine
    

You can use the KONG_LICENSE_PATH environment variable to apply a license to Kong Gateway in any database-backed or DB-less deployment. This method is not recommended for use in hybrid mode, as you have to maintain the license on each node manually.

Include the license as part of the docker run command when starting a Kong Gateway container. Mount the path to the file on your local filesystem to a directory in the Docker container, making the file visible from the container:

Note: This is only a snippet. For a full working example, see the instructions to Install Kong Gateway on Docker.

docker run -d --name kong-gateway \
 --network=kong-net \
 ...
 -v "$(pwd)/kong-license/:/kong-license/" \
 -e "KONG_LICENSE_PATH=/kong-license/license.json" \
 kong/kong-gateway:-alpine

Start an InfluxDB database

Production-ready InfluxDB installations should be deployed as a separate effort, but for proof-of-concept testing, running a local InfluxDB instance is possible with Docker:

docker run -p 8086:8086 \
  --network=<YOUR_NETWORK_NAME> \
  --name influxdb \
  -e INFLUXDB_DB=kong \
  influxdb:1.8.4-alpine

You must use InfluxDB 1.8.4-alpine because InfluxDB 2.0 will not work.

Writing Vitals data to InfluxDB requires that the kong database is created, this is done using the INFLUXDB_DB variable.

Configure Kong Gateway

Note: If you used the configuration in Installing Kong Gateway on Docker, then you do not need to complete this step.

In addition to enabling Kong Vitals, Kong Gateway must be configured to use InfluxDB as the backing strategy for Vitals. The InfluxDB host and port must also be defined:

echo "KONG_VITALS_STRATEGY=influxdb KONG_VITALS_TSDB_ADDRESS=influxdb:8086 kong reload exit" \
| docker exec -i kong-ee /bin/sh

Note: In Hybrid Mode, configure vitals_strategy and vitals_tsdb_address on both the control plane and all data planes.

Understanding Vitals data using InfluxDB measurements

Kong Vitals records metrics in two InfluxDB measurements:

  1. kong_request: Contains field values for request latencies and HTTP, and tags for various Kong entities associated with the requests (for example, the Route and Service in question).
  2. kong_datastore_cache: Contains points about cache hits and misses.

To display the measurement schemas on your InfluxDB instance running in Docker:

  1. Open command line in your InfluxDB Docker container.

     docker exec -it influxdb /bin/sh
    
  2. Log in to the InfluxDB CLI.

     influx -precision rfc3339
    
  3. Enter the InfluxQL query for returning a list of tag keys associated with the specified database.

     > SHOW TAG KEYS ON kong
    

    Example result:

     name: kong_request
     tagKey
     ------
     consumer
     hostname
     route
     service
     status_f
     wid
     workspace
    
     name: kong_datastore_cache
     tagKey
     ------
     hostname
     wid
    
  4. Enter the InfluxQL query for returning the field keys and the data type of their field values.

     > SHOW FIELD KEYS ON kong
    

    Example result:

     name: kong_request
     fieldKey	         fieldType
     --------	         ---------
     kong_latency       integer
     proxy_latency      integer
     request_latency    integer
     status             integer
    
     name: kong_datastore_cache
     fieldKey  fieldType
     --------  ---------
    
     hits      integer
     misses    integer
    

The tag wid is used to differentiate the unique worker ID per host, to avoid duplicate metrics shipped at the same point in time.

As demonstrated above, the series cardinality of the kong_request measurement varies based on the cardinality of the Kong cluster configuration - a greater number of Service/Route/Consumer/Workspace combinations handled by Kong results in a greater series cardinality as written by Vitals.

Sizing an InfluxDB node/cluster for Vitals

Consult the InfluxDB sizing guidelines for reference on appropriately sizing an InfluxDB node/cluster.

Note: The query behavior when reading Vitals data falls under the “moderate” load category as defined by the InfluxDB sizing guidelines. Several GROUP BY statements and functions are used to generate the Vitals API responses, which can require significant CPU resources to execute when hundreds of thousands or millions of data points are present.

Query frequency and precision

Kong buffers Vitals metrics and writes InfluxDB points in batches to improve throughput in InfluxDB and reduce overhead in the Kong proxy path. Each Kong worker process flushes its buffer of metrics every 5 seconds or 5000 data points, whichever comes first.

Metrics points are written with microsecond (u) precision. To comply with the Vitals API, measurement values are read back grouped by second.

Note: Because of limitations in the OpenResty API, writing values with microsecond precision requires an additional syscall per request.

Managing the retention policy of the Kong database

Vitals InfluxDB data points are not downsampled or managed by a retention policy through Kong. InfluxDB operators are encouraged to manually manage the retention policy of the kong database to reduce the disk space and memory needed to manage Vitals data points.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023