Skip to content
Kong Summit 2022: Where API Innovation Runs Wild  —Learn More →
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Konnect Cloud
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Kong Konnect Platform

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Request Demo
  • Kong Gateway
  • Konnect Cloud
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Kong Konnect Platform

  • Docs contribution guidelines
    • Overview of Konnect
    • Architecture
    • Network Resiliency and Availability
    • Port and Network Requirements
    • Compatibility
    • Release Notes
    • Overview
    • Access a Konnect Account
    • Set up a Runtime
    • Configure a Service
    • Implement and Test the Service
      • Publish and Consume Services
      • Register Applications
    • Import Kong Gateway Entities into Konnect Cloud
    • Overview
      • Konnect Services
      • Service Versions
      • Service Implementations
      • Manage Service Documentation
      • Overview
      • Configure a Plugin on a Service
      • Configure a Plugin on a Route
    • Overview
      • Overview
      • Manage Runtime Groups with UI
      • Manage Runtime Groups with decK
      • Install with Docker
      • Install on Kubernetes
      • Install on Linux
      • Upgrade a Runtime Instance to a New Version
      • Renew Certificates
      • Runtime Parameter Reference
      • Overview
      • Runtime Configuration
    • Troubleshoot
    • Overview
    • Access the Dev Portal
    • Sign Up for a Dev Portal Account
      • Manage Developer Access
      • Manage Application Registration Requests
      • Manage Application Connections
      • Auto Approve Dev and App Registrations
      • Application Overview
      • Enable and Disable App Registration
      • Create, Edit, and Delete an Application
      • Register an Application with a Service
      • Generate Credentials for an Application
    • Customize Dev Portal
    • Troubleshoot
    • Introduction to Vitals
    • Overview Dashboard
    • Analyze Services and Routes
    • Generate Reports
      • Manage a Konnect Account or Plan
      • Change to a Different Plan
      • Manage Payment Methods and Invoices
      • Overview
        • Overview
        • Manage Teams and Roles
        • Teams Reference
        • Roles Reference
      • Manage Users
      • Set up SSO with Okta
    • Account and Org Deactivation
    • Troubleshoot
    • Overview of Konnect
      • Access a Konnect Account
        • Manage a Konnect Account or Plan
        • Change to a Different Plan
        • Manage Payment Methods and Invoices
        • Manage Users and Roles
        • Set up SSO with Okta
      • Account and Org Deactivation
      • License Management
      • Port and Network Requirements
      • Network Resiliency and Availability
      • Migrate from Kong Gateway to Konnect Cloud
        • Set up a Runtime
        • Configure a Service
        • Implement and Test the Service
      • Manage Konnect Cloud with decK
      • Manage Services
        • Manage Service Documentation
        • Publish a Service to Dev Portal
        • Docker
        • Kubernetes
        • Linux
        • Runtime Parameter Reference
      • Upgrade a Runtime to a New Version
      • Renew Certificates
        • Developer Registration
        • Manage Developer Access
        • Auto Approve Dev and App Registrations
        • Application Overview
        • Create, Edit, and Delete an Application
        • Enable App Registration
        • Disable App Registration
        • Manage Application Registration Requests
        • Manage Application Connections
        • Register an Application with a Service
        • Generate Credentials for an Application
        • Appearance
        • Public Portal
        • Add a Custom Domain
      • Generating Vitals Reports
      • Configure a Plugin on a Service
      • Configure a Plugin on a Route
      • Configure Global or Consumer Plugins
    • Shared Config
      • Proxy Traffic

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Prerequisites
  • Import entity configuration
  • Migrate data planes
  • Post-migration tasks
Konnect Cloud
  • Home
  • Konnect Cloud
  • Getting started

Import Kong Gateway Entities into Konnect Cloud

If you are an existing Kong Gateway user looking to use Konnect as your cloud-hosted control plane, you can use decK to import your Kong Gateway entity configuration into a runtime group in your Konnect organization.

You can also use this guide to migrate from konnect.konghq.com to cloud.konghq.com.

Afterward, you must manually move over:

  • Dev Portal files, developer accounts, and applications
  • Application registrations
  • Convert roles and permissions into Konnect teams
  • Certificates
  • Custom plugins

You cannot import unsupported plugins.

Prerequisites

  • Konnect Cloud account credentials.
  • decK v1.12 or later installed.

Import entity configuration

Use deck to import entity configurations into a runtime group.

When you provide any Konnect flags, decK targets the cloud.konghq.com environment by default. If you want to target the konnect.konghq.com environment instead, use the --konnect-addr flag.

  1. Make sure that decK can connect to your Konnect account:

     deck ping \
       --konnect-runtime-group-name default \
       --konnect-email {YOUR_EMAIL} \
       --konnect-password {YOUR_PASSWORD}
    

    If the connection is successful, the terminal displays the full name of the user associated with the account:

     Successfully Konnected as Some Name (Org Name)!
    

    You can also use decK with Konnect more securely by storing your password in a file, then either calling it with --konnect-password-file /path/{FILENAME}.txt, or adding it to your decK configuration file under the konnect-password option along with your email:

     konnect-password: {YOUR_PASSWORD}
     konnect-email: {YOUR_EMAIL}
    

    The default location for this file is $HOME/.deck.yaml. You can target a different configuration file with the --config /path/{FILENAME}.yaml flag, if needed.

    The following steps all use a .deck.yaml file to store the Konnect credentials instead of flags.

  2. Export configuration:

    From Kong Gateway
    From konnect.konghq.com

    Run deck dump:

    deck dump
    

    Run deck dump and point decK at the konnect.konghq.com environment:

    deck dump \
       --konnect-addr https://konnect.konghq.com \
       --konnect-email {YOUR_EMAIL} \
       --konnect-password {YOUR_PASSWORD}
    

    This command outputs Kong Gateway’s object configuration into kong.yaml by default. You can also set --output-file /path/{FILENAME}.yaml to set a custom filename or location.

  3. Open the file. If you have any of the following in your configuration, remove it:

    • Any _workspace entries: There are no workspaces in Konnect. For a similar concept, see runtime groups.

    • Configuration for the Portal App Registration plugin: App registration is supported in Konnect, but not through a plugin, and decK does not manage it.

    • Any other unsupported plugins:

      • OAuth2 Authentication
      • Apache OpenWhisk
      • Vault Auth
      • DeGraphQL
      • GraphQL Rate Limiting Advanced
      • Key Authentication Encrypted
  4. Preview the import with the deck diff command, pointing to the runtime group that you want to target:

     deck diff --konnect-runtime-group-name default
    

    If you’re not using the default kong.yaml file, specify the filename and path with --state /path/{FILENAME}.yaml.

  5. If you’re satisfied with the preview, run deck sync:

     deck sync --konnect-runtime-group-name default
    

    If you don’t specify the --konnect-runtime-group-name flag, decK targets the default runtime group. If you have more than one runtime group in your organization, we recommend always setting this flag to avoid accidentally pushing configuration to the wrong group.

  6. Log in to your Konnect Cloud account.

  7. From the left navigation menu, open Runtime Manager, then open the runtime group you just updated.

  8. Look through the configuration details of any imported entities to make sure they were migrated successfully.

Migrate data planes

You can keep any data plane nodes that are:

  • Running Kong Gateway (Enterprise, include free mode)
  • Are at least version 2.5 or higher

Turn any self-managed nodes into cloud data plane nodes by registering them through the Runtime Manager and adjusting their configurations, or power down the old instances and create new data plane nodes through Konnect Cloud.

  1. Follow the runtime setup guide for your preferred deployment type.

  2. Once you have created or converted the data plane nodes, kong stop your old Gateway runtimes, then shut them down.

  3. If any of the old nodes have connected PostgreSQL or Cassandra instances, you can shut them down now.

Post-migration tasks

See the following docs to set up any additional things you may need:

  • Dev Portal files: You can migrate API specs and markdown service descriptions into Service Hub using the Konnect Cloud GUI. Each Konnect service accepts one markdown description file, and each service version accepts one API spec. See Dev Portal Service Documentation.

  • Dev Portal applications and developers: If you have developers or applications registered through the Portal, those developers need to create new accounts in Konnect Cloud and register their applications in the new location.
    • Create Dev Portal accounts
    • Enable application registration: App registration in Konnect Cloud works through a different mechanism than in self-managed Kong Gateway. Enable app registration on each service that requires it.
    • Publish services to the Dev Portal: The Dev Portal is automatically enabled on a Konnect Cloud org (Plus or Enterprise tier). Publish your services to the Dev Portal.
  • Prepare custom plugins for migration: Custom plugins are supported in Konnect Cloud, but with limitations. As long as your plugins fit the criteria, or if you can adjust them to do so, contact Kong Support to get the plugin manually added to your account.
  • Review and set up teams and roles: Konnect Cloud groups and roles don’t map directly to Kong Gateway teams and roles. Set up teams to mirror your Kong Gateway groups, then invite users to your org and assign them to a team on invite.
Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2022