Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
    • Overview of Konnect
    • Architecture
    • Network Resiliency and Availability
    • Port and Network Requirements
    • Compatibility
    • Stages of Software Availability
    • Release Notes
      • Control Plane Upgrades FAQ
      • Supported Installation Options
    • Overview
    • Access a Konnect Account
    • Set up a Runtime
    • Configure a Service
    • Implement and Test the Service
      • Publish and Consume Services
      • Register Applications
    • Import Kong Gateway Entities into Konnect
    • Overview
      • Overview
      • Dashboard
      • Manage Runtime Groups with UI
      • Manage Runtime Groups with decK
      • Installation Options
      • Install with Docker
      • Install on Kubernetes
      • Install on Linux
      • Install on AWS
      • Install on Azure
      • Upgrade a Runtime Instance to a New Version
      • Renew Certificates
      • Runtime Parameter Reference
    • Create Consumer Groups
      • Overview
      • Set Up and Use a Vault in Konnect
    • Kong Gateway Configuration in Konnect
    • Plugin Ordering Reference
    • Troubleshoot
    • Overview
    • Manage Service Documentation
      • Overview
      • Configure a Plugin on a Service
      • Configure a Plugin on a Route
    • Overview
    • Access the Dev Portal
    • Sign Up for a Dev Portal Account
      • Manage Developer Access
      • Manage Application Registration Requests
      • Manage Application Connections
      • Auto Approve Dev and App Registrations
      • Azure OIDC
      • Application Overview
      • Enable and Disable App Registration
        • Overview
        • Okta
        • Curity
        • Auth0
      • Create, Edit, and Delete an Application
      • Register an Application with a Service
      • Generate Credentials for an Application
    • Customize Dev Portal
    • Troubleshoot
    • Introduction to Analytics
    • Summary Dashboard
    • Analyze Services and Routes
    • Generate Reports
    • Troubleshoot
      • Manage a Konnect Account or Plan
      • Change to a Different Plan
      • Manage Payment Methods and Invoices
      • Overview
        • Overview
        • Manage Teams
        • Teams Reference
        • Roles Reference
      • Manage Users
      • Manage System Accounts
      • Set up SSO with OIDC
      • Set up SSO with Okta
      • Login Sessions Reference
    • Account and Org Deactivation
    • Troubleshoot
    • Overview
      • API Documentation
      • Identity Integration Guide
      • API Documentation
      • API Documentation
      • Portal RBAC Guide
      • Overview
      • Nodes
      • Data Plane Certificiates
        • Services
        • Routes
        • Consumers
        • Plugins
        • Upstreams
        • Certificates
        • CA Certificates
        • SNIs
        • Targets
        • Vaults
      • API Spec
      • Filtering
    • Labels

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Control plane ports
  • Runtime instance ports
  • Hostnames
Kong Konnect
  • Home
  • Kong Konnect
  • Ports and Network Requirements

Ports and Network Requirements

Control plane ports

The Kong Konnect control plane uses the following port:

Port Protocol Description
443 TCP
HTTPS
Cluster communication port for configuration and telemetry data. The Kong Konnect control plane uses this port to listen for runtime node connections and to communicate with the runtime nodes.

Kong’s hosted control plane expects traffic on this port, so the cluster port can’t be customized.

The cluster communication port must be accessible by all the data planes within the same cluster. This port is protected by mTLS to ensure end-to-end security and integrity.

Runtime instance ports

By default, Kong Gateway listens on the following ports:

Port Protocol Description
8000 HTTP Takes incoming HTTP traffic from consumers, and forwards it to upstream services.
8443 HTTPS Takes incoming HTTPS traffic from consumers, and forwards it to upstream services.

Kong Gateway ports can be fully customized. Set them in kong.conf.

For Kubernetes or Docker deployments, map ports as needed. For example, if you want to use port 3001 for the proxy, map 3001:8000.

Hostnames

Runtime instances initiate the connection to the Konnect control plane. They require access through firewalls to communicate with the control plane.

To let a runtime instances request and receive configuration, and send telemetry data, add the following hostnames to the firewall allowlist:

  • cloud.konghq.com: The Konnect platform.
  • us.api.konghq.com: The Konnect API. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
  • RUNTIME_GROUP_ID.us.cp0.konghq.com: Handles configuration for a runtime group. Runtime instances connect to this host to receive configuration updates. This hostname is unique to each organization and runtime group.
  • RUNTIME_GROUP_ID.us.tp0.konghq.com: Gathers telemetry data for a runtime group. This hostname is unique to each organization and runtime group.

You can find the configuration and telemetry hostnames through the Runtime Manager:

  1. Open a runtime group.
  2. Click Add runtime instance.
  3. Choose the Linux or Kubernetes tab and note the hostnames in the code block for the following parameters:

     cluster_control_plane = example.us.cp0.konghq.com:443
     cluster_server_name = example.us.cp0.konghq.com
     cluster_telemetry_endpoint = example.us.tp0.konghq.com:443
     cluster_telemetry_server_name = example.us.tp0.konghq.com
    

Note: Visit https://ip-addresses.origin.konghq.com/ip-addresses.json for the list of IPs associated to regional hostnames. You can also subscribe to https://ip-addresses.origin.konghq.com/rss for updates.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023