Kong Gateway Plugins in Konnect

Plugins let you extend Konnect functionality. You can choose from any number of bundled plugins in Konnect, or write your own custom plugins.

Plugin configuration

You can manage both bundled and custom plugins through the Gateway Manager.

You can scope a plugin to a specific Kong Gateway entity, or apply it globally within a control plane:

• A scoped plugin applies configuration only to a specific service, route, consumer, or consumer group.

• A global plugin applies to all services, routes, consumers, and consumer groups in a control plane.

In both cases, plugins are managed within a specific control plane. If you need a plugin to apply to multiple control planes, configure a plugin instance separately for each one, or create a control plane group.

Open the Plugins menu from within a control plane to access and manage its list of plugins:

Custom plugins

You can also apply your own custom plugins through the Gateway Manager.

The Konnect control plane only needs a Lua schema file. Using that schema, it creates a plugin configuration object in Konnect, which you can access via the Konnect UI or the custom plugins API. This means that Konnect only sees a custom plugin’s configuration options, and does not see any other data.

To run in Konnect, every custom plugin must meet the following requirements:

• General requirements:
  • Each custom plugin must have a unique name.
  • All plugin files must also be deployed to each Kong Gateway data plane node.
• File structure requirements:
  • Admin API extensions must not contain an api.lua file.
  • Custom plugin database tables must not contain a dao.lua file.
  • The plugin must not have a migration.lua file.
• Code and language requirements:
  • The schema for your custom plugin must be written in Lua.
  • Custom validation functions must be written in Lua and be self-contained within the schema.
  • The schema.lua file must not contain any require() statements.
  • Plugins that require third-party libraries must reference them in the handler.lua file.

Application registration plugins

Application registration is built into API Products. When you enable application registration on an API product version, Konnect also automatically enables two plugins in read-only mode: ACL, and either Key Auth or OpenID Connect. These plugins appear in the service’s plugin list, and you can view their configurations, but you can’t edit or delete them directly.

Plugin limitations

Some bundled Kong Gateway plugins are not available in Konnect, or have configuration requirements specific to Konnect.

• Rate limiting plugins default to the redis strategy, which you must provide your own Redis server for. You can also use local to apply rate limiting per individual data plane node.

• A small number of Kong Gateway plugins are not available in Konnect. See the plugin compatibility chart for the full list, as well as a breakdown of the pricing tiers that each plugin is available in, and for specific Konnect notes for each plugin.

More information

Kong bundled plugins

• Kong plugins in Konnect
• Kong plugin availability by tier

Custom plugins

• Add a custom plugin in Konnect
• Edit or delete custom plugins in Konnect
• Custom plugin schema endpoints (Control Plane Config API)
• Custom plugin template
• Plugin development guide
• PDK reference