Ports and Network Requirements
Control plane ports
The Konnect Cloud control plane uses the following port:
Port | Protocol | Description |
---|---|---|
443 |
TCP HTTPS |
Cluster communication port for configuration and telemetry data. The Konnect Cloud control plane uses this port to listen for runtime node connections and to communicate with the runtime nodes. |
Kong’s hosted control plane expects traffic on this port, so the cluster port can’t be customized.
The cluster communication port must be accessible by all the data planes within the same cluster. This port is protected by mTLS to ensure end-to-end security and integrity.
Runtime instance ports
By default, Kong Gateway listens on the following ports:
Port | Protocol | Description |
---|---|---|
8000 |
HTTP | Takes incoming HTTP traffic from consumers, and forwards it to upstream services. |
8443 |
HTTPS | Takes incoming HTTPS traffic from consumers, and forwards it to upstream services. |
Kong Gateway ports can be fully customized. Set them in kong.conf
.
For Kubernetes or Docker deployments, map ports as needed. For example, if you
want to use port 3001
for the proxy, map 3001:8000
.
Hostnames
Add the following hostnames to the allowlist to give the Konnect control plane access through the firewall:
cloud.konghq.com
: The Konnect platform.us.api.konghq.com
: The Konnect API. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.RUNTIME_GROUP_ID.us.cp0.konghq.com
: Handles configuration for a runtime group. Runtime instances connect to this host to receive configuration updates. This hostname is unique to each organization and runtime group.RUNTIME_GROUP_ID.us.tp0.konghq.com
: Gathers telemetry data for a runtime group. This hostname is unique to each organization and runtime group.
You can find the configuration and telemetry hostnames through the Runtime Manager:
- Open a runtime group.
- Click Add runtime instance.
-
Choose the Linux or Kubernetes tab and note the hostnames in the code block for the following parameters:
cluster_control_plane = example.us.cp0.konghq.com:443 cluster_server_name = example.us.cp0.konghq.com cluster_telemetry_endpoint = example.us.tp0.konghq.com:443 cluster_telemetry_server_name = example.us.tp0.konghq.com