Edit this page
Report an issue
Configuration
This plugin is compatible with DB-less mode.
Compatible protocols
The AppSentinels plugin is compatible with the following protocols:
http, https
Parameters
Here's a list of all the parameters which can be used in this plugin's configuration:
-
name or plugin
string requiredThe name of the plugin, in this case
appsentinels.- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
name. - If using the KongPlugin object in Kubernetes, the field is
plugin.
- If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is
-
instance_name
stringAn optional custom name to identify an instance of the plugin, for example
appsentinels_my-service.The instance name shows up in Kong Manager and in Konnect, so it's useful when running the same plugin in multiple contexts, for example, on multiple services. You can also use it to access a specific plugin instance via the Kong Admin API.
An instance name must be unique within the following context:
- Within a workspace for Kong Gateway Enterprise
- Within a control plane or control plane group for Konnect
- Globally for Kong Gateway (OSS)
-
service.name or service.id
stringThe name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level
/pluginsendpoint. Not required if using/services/{serviceName|Id}/plugins. -
route.name or route.id
stringThe name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level
/pluginsendpoint. Not required if using/routes/{routeName|Id}/plugins. -
consumer.name or consumer.id
stringThe name or ID of the consumer the plugin targets. Set one of these parameters if adding the plugin to a consumer through the top-level
/pluginsendpoint. Not required if using/consumers/{consumerName|Id}/plugins. -
consumer_group.name or consumer_group.id
stringThe name or ID of the consumer group the plugin targets. If set, the plugin will activate only for requests where the specified group has been authenticated
/pluginsendpoint. Not required if using/consumer_groups/{consumerGroupName|Id}/plugins. -
enabled
boolean default:trueWhether this plugin will be applied.
-
config
record-
http_endpoint
string requiredURL of AppSentinels edge controller
-
method
string default:POSTMust be one of:POST,PUT,PATCHMethod for HTTP logging request to AppSentinels edge controllr
-
content_type
string default:application/jsonMust be one of:application/jsonContent-Type for HTTP logging request to AppSentinels edge controllr
-
timeout
number default:100Authz request timeout
-
log_timeout
number default:150Logging request timeout for response and transparent mode
-
connect_timeout
number default:1000HTTP Connect timeout to AppSentinels edge controller
-
stats_timeout
number default:5Stats message frequency in seconds to AppSentinels edge controller
-
keepalive
number default:60000HTTP Keepalive timeout for connections to AppSentinels edge controller
-
retry_count
integer default:0Number of retries for HTTP logging request in case of failure
-
queue_size
integer default:5Number of entries in the batched queue
-
queue_num
integer default:5Number of batched queues
-
queue_max_entries
integer default:10000Maximum number of entries in the batched queue
-
flush_timeout
number default:1Flush timeout for batched queue in seconds
-
no_self_signed
boolean default:falseEnable server (AppSentinels edge controller) cert verification
-
authz
boolean default:falseEnable authz/enforcement mode
-
authz_fail_allow
boolean default:trueEnable authz fail open for authz/enforcement mode
-
authz_fail_msg
string default:Unauthorized by AppsentinelsCustom authz fail message sent to client in authz/enforcement mode
-
path_requestlog
string default:/authSet request log path in authz/enforcement mode
-
path_responselog
string default:/nginxlogSet response log path in authz/enforcement mode
-
path_mergedlog
string default:/mergedlogSet merged log path in transparent mode
-
path_stats
string default:/nginxstatsSet stats request path
-
compress_logs
boolean default:trueEnable gzip compression for logs
-
unhealthy_threshold
integer default:3Number of failures to consider before declaring connection to AppSentinels edge controller as unhealthy
-
shaper_type
string default:linearShaping algorithm to use
-
shaper_max_stages
number default:180Maximum number of stages in shaper algorithm
-
shaper_base
number default:3Base for shaper steps, in number of logs
-
shaper_multiplier
number default:1Multiplier for shaper steps
-
shaper_step_duration
number default:1000Duration of each shaper step in milliseconds
-
shaper_fallback_rate
number default:1.25Shaper fallback rate in case of failures
-
shaper_idle_timeout
number default:60000Shaper idle timeout in milliseconds
-
console_error_supp_rate
number default:10Console error logging suppression rate
-
normalize_factor
number default:0Normalize factor for shaper
-
max_payload
number default:131072Maximum payload size in bytes, beyond which payload wont be logged
-
early_payload_threshold
number default:32768Payloads greater then this will be logged during access phase without holding in the memory
-
content_regex
string default:(json|form|xml|graphql)Regular expression to match content type for logging
-
force_read_client_payload
boolean default:falseForce read client payload to determine the size if content length isnt available in request headers
-
instance_name
string default:NAConfigure to identify Kong deployment instances
-
stats_send_timeout
number default:4000Stats send timeout in milliseconds
-
trace
boolean default:falseEnable plugin logging on console
-