Any plugins supported in a self-managed hybrid mode
deployment are also accessible through ServiceHub or the Shared Config page.
Kong plugins in Konnect Cloud
You can configure a plugin in Konnect Cloud by scoping it to an object,
or applying it globally.
A scoped plugin applies configuration only to a specific service, route,
or consumer. You can configure plugins on
routes through ServiceHub, and on
consumers through the Shared Config page.
If you want to apply a plugin globally – that is, to all services,
routes, and consumers in a cluster – set it up through the
Shared Config page.
Functionality differences from self-managed Kong Gateway
Application registration is built into the ServiceHub.
Enabling it on a service
also enables two plugins in read-only mode: ACL, and one of Key Auth or OpenID
Connect. These plugins appear in the service’s plugin list, and you can view their
configurations, but you can’t edit or delete them directly.
Rate limiting plugins default to the
redis strategy, for which you must
provide your own Redis server. You can also use
local to apply rate limiting
per individual data plane.
The following plugins are not available with Konnect Cloud:
- OAuth2 Authentication
- OAuth2 Introspection
- Apache OpenWhisk
- Vault Auth
See the plugin compatibility chart
for a full comparison of plans and network configurations that each plugin
Currently, there is no way to add a custom plugin
directly through the Konnect Cloud application. Contact Kong
Support to get them manually added to your organization.
Custom plugins must not have the following:
- Admin API extensions: No
- Custom plugin database tables: No
- Custom function validations: No function definitions in
- Code that runs on the control plane in the plugin handler:
- No Lua code outside of the top-level functions
- Third-party library dependencies: No
require() calls to modules that are
not bundled by default with Kong Konnect
If your plugin meets these requirements and you want to use it in
Konnect Cloud, contact Kong Support.