Ports and Network Requirements
Control plane ports
The Kong Konnect control plane uses the following port:
|Cluster communication port for configuration and telemetry data. The Kong Konnect control plane uses this port to listen for runtime node connections and to communicate with the runtime nodes.|
Kong’s hosted control plane expects traffic on this port, so the cluster port can’t be customized.
The cluster communication port must be accessible by all the data planes within the same cluster. This port is protected by mTLS to ensure end-to-end security and integrity.
Runtime instance ports
By default, Kong Gateway listens on the following ports:
||HTTP||Takes incoming HTTP traffic from consumers, and forwards it to upstream services.|
||HTTPS||Takes incoming HTTPS traffic from consumers, and forwards it to upstream services.|
Kong Gateway ports can be fully customized. Set them in
For Kubernetes or Docker deployments, map ports as needed. For example, if you
want to use port
3001 for the proxy, map
Runtime instances initiate the connection to the Konnect control plane. They require access through firewalls to communicate with the control plane.
To let a runtime instances request and receive configuration, and send telemetry data, add the following hostnames to the firewall allowlist:
cloud.konghq.com: The Konnect platform.
us.api.konghq.com: The Konnect API. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
RUNTIME_GROUP_ID.us.cp0.konghq.com: Handles configuration for a runtime group. Runtime instances connect to this host to receive configuration updates. This hostname is unique to each organization and runtime group.
RUNTIME_GROUP_ID.us.tp0.konghq.com: Gathers telemetry data for a runtime group. This hostname is unique to each organization and runtime group.
You can find the configuration and telemetry hostnames through the Runtime Manager:
- Open a runtime group.
- Click Add runtime instance.
Choose the Linux or Kubernetes tab and note the hostnames in the code block for the following parameters:
cluster_control_plane = example.us.cp0.konghq.com:443 cluster_server_name = example.us.cp0.konghq.com cluster_telemetry_endpoint = example.us.tp0.konghq.com:443 cluster_telemetry_server_name = example.us.tp0.konghq.com
Note: Visit https://ip-addresses.origin.konghq.com/ip-addresses.json for the list of IPs associated to regional hostnames. You can also subscribe to https://ip-addresses.origin.konghq.com/rss for updates.