In order to give you better service we use cookies. By continuing to use our website, you agree to the use of cookies as described in our Cookie Policy

Konnect Plus: Pay-as-you-go from startup friendly to enterprise scale. See Pricing →
Kong Logo
search
Docs
Kong Konnect Platform Konnect Platform Konnect Cloud Kong Gateway (Enterprise) Kong Mesh Plugin Hub
Open Source Kong Gateway (OSS) decK Kubernetes Ingress Controller Insomnia Kuma
Contribute to the docs Contribution guidelines
Support Community Kong U Demos & Labs
Get Started

Plugin Compatibility

Introduction

Each Kong Konnect tier gives you access to a subset of plugins:

  • Free tier: Open-source Kong plugins
  • Plus tier: Open-source and Plus-specific plugins
  • Enterprise tier: All Kong plugins

Network configuration options

Konnect can be configured in the following ways:

  • Kong-hosted cloud: Hybrid deployment. Nodes are split into control plane and data plane roles. Kong provides and hosts the control plane and a database with Konnect Cloud, and you provide the data plane nodes (no databases required).

  • Self-managed: Use any hosting service of your choice or host on-premises, with any of the following network configurations:

    • Classic: Every node is connected to a database. Refers to a classic deployment on any platform, including Kubernetes.
    • DB-less: Deployed without a database (available in Kong Gateway (OSS) 1.1 and Kong Gateway (Enterprise) 2.4 onward). Admin API is read-only, except for the /config endpoint. Refers to a DB-less deployment on any platform, including Kubernetes.
    • Hybrid mode: Nodes are split into control plane and data plane roles. The control plane coordinates configuration and propagates it to data plane nodes, so only control plane nodes require a database (available in Kong Gateway (OSS) 2.0 and Kong Gateway (Enterprise) 2.1 onward).

For details on the differences between deployment types, see Kong Deployment Options and Kong Gateway (Enterprise) for Kubernetes Deployment Options.

Plugin tiers and supported network configurations

Authentication

Plugin Free Plus Enterprise Supported network configuration Notes
Application Registration All Cannot be applied directly as a plugin with Konnect Cloud.
Basic Auth All --
HMAC Auth All --
JWT All --
JWT Signer All --
Key Auth All --
Key Auth Encrypted Self-managed classic, DB-less, and hybrid The time-to-live (ttl) does not work in hybrid mode. This setting determines the length of time a credential remains valid.
LDAP Auth All --
LDAP Auth Advanced All --
Mutual TLS All --
OAuth 2 Self-managed classic only This plugin can't be used in hybrid or DB-less modes. It needs to generate and delete tokens, and commit those changes to a database on the same node.
OAuth 2 Introspection All --
OpenID Connect All --
Session All --
Vault Auth Self-managed classic, DB-less, and hybrid --

Security

Plugin Free Plus Enterprise Supported network configuration Notes
Acme All --
Bot Detection All --
CORS All --
IP Restriction All --
OPA Self-managed classic, DB-less, and hybrid Available in Kong Gateway v2.4 and later.

Konnect Cloud does not support v2.4.

Traffic Control

Plugin Free Plus Enterprise Supported network configuration Notes
ACL All --
Canary All --
Forward Proxy All --
GraphQL Proxy Caching Advanced All --
GraphQL Rate Limiting Advanced All In DB-less and hybrid modes, the cluster config strategy is not supported. Use redis instead.
Proxy Caching All --
Proxy Caching Advanced All --
Rate Limiting All In DB-less and hybrid modes, the cluster config policy is not supported.

For DB-less mode, use one of redis or local; for hybrid mode, use redis, or local for data planes only.
Rate Limiting Advanced All In DB-less and hybrid modes, the cluster config strategy is not supported. Use redis instead.
Request Size Limiting Self-managed classic, DB-less, and hybrid --
Request Termination All --
Request Validator All --
Response Rate Limiting All In DB-less and hybrid modes, the cluster config policy is not supported.

For DB-less mode, use one of redis or local; for hybrid mode, use redis, or local for data planes only.
Route By Header All --
Mocking Self-managed classic, DB-less, and hybrid Available in Kong Gateway v2.4.

Konnect Cloud does not support v2.4.

Serverless

Plugin Free Plus Enterprise Supported network configuration Notes
AWS Lambda All --
Azure Functions All --
Serverless Functions Self-managed classic, DB-less, and hybrid --
OpenWhisk Self-managed classic, DB-less, and hybrid Not bundled with Kong Gateway.

Installed as a LuaRocks package.

Analytics and Monitoring

Plugin Free Plus Enterprise Supported network configuration Notes
Collector Self-managed classic, DB-less, and hybrid Not bundled with Kong Gateway.

Kong Immunity is not available in Konnect Cloud.
Datadog Self-managed classic, DB-less, and hybrid --
Prometheus All --
Zipkin Self-managed classic, DB-less, and hybrid --

Transformations

Plugin Free Plus Enterprise Supported network configuration Notes
Correlation ID All --
DeGraphQL All --
Exit Transformer Self-managed classic, DB-less, and hybrid --
gRPC Gateway All --
gRPC Web All --
Kafka Upstream All --
Request Transformer Self-managed classic, DB-less, and hybrid Disabled in Konnect Cloud due to RCE issue.
Request Transformer Advanced Self-managed classic, DB-less, and hybrid Disabled in Konnect Cloud due to RCE issue.
Response Transformer All --
Response Transformer Advanced Self-managed classic, DB-less, and hybrid Disabled in Konnect Cloud due to RCE issue.
Route Transformer Advanced All --

Logging

Plugin Free Plus Enterprise Supported network configuration Notes
File Log All --
HTTP Log All --
Kafka Log All --
Loggly All --
StatsD All --
StatsD Advanced All --
Syslog All --
TCP Log All --
UDP Log All --

Deployment

Deployment plugins are not bundled with any version of Konnect, and are simply tools to help you deploy Kong Gateway in various environments.

image