Set up a Kong Gateway Runtime on Linux
kong.conf, set up a runtime
Konnect Runtime Manager and
configure your Kong Gateway instance to accept configuration from
Konnect. The Runtime Manager keeps track of all runtimes
associated with the Konnect Cloud account.
Note: Kong does not host runtimes. You must install and host your own
- You have Runtime Admin or Organization Admin permissions in
In Konnect, from the left navigation menu, select Runtimes.
For the first runtime, the page opens to a Configure New Runtime form.
Once configured, this page lists all runtimes associated with the
Konnect Cloud account.
(Optional) If this is not the first runtime configuration, click
Configure New Runtime.
Open the tab that suits your environment: Quick Setup - Docker,
Linux, or Kubernetes.
Click Generate Certificate.
Three new fields appear: a certificate, a private key, and a root CA
certificate. The contents of these fields are unique to each
Save the contents of each field into a separate file in a safe location:
- Private key:
- Root CA Certificate:
If you navigate away from this page before saving all of the
certificate and key files, you will need to regenerate them.
Store the files on your runtime’s local filesystem.
Certificates expire after six months and must be renewed. See
Keep the configuration page open for the next section, as you’ll need to refer
back to it for the configuration parameters.
Configure the runtime
Next, configure a Kong Gateway runtime using the
certificate, the private key, and the remaining configuration details on the
Configure Runtime page.
Find the documentation for
and follow the instructions in Steps 1 and 2 only to download and install
Kong Gateway 22.214.171.124.
Do not start or create a database on this node.
Return to Konnect and copy the
codeblock in the Step 2. Configuration Parameters section.
Open your instance’s
kong.conf file. Add the parameters you just copied
to the file.
The result should look something like this, replacing placeholder values
with your own from Konnect:
role = data_plane
database = off
anonymous_reports = off
vitals_ttl_days = 732
cluster_mtls = pki
cluster_control_plane = <example.cp.konnect.foo>:443
cluster_server_name = <kong-cpoutlet-example.service>
cluster_telemetry_endpoint = <example.tp.konnect.foo>:443
cluster_telemetry_server_name = <kong-telemetry-example.service>
cluster_cert = /<path-to-file>/tls.crt
cluster_cert_key = /<path-to-file>/tls.key
lua_ssl_trusted_certificate = system,/<path-to-file>/ca.crt
See Parameters for
descriptions and the matching fields in Konnect.
Replace the values in
lua_ssl_trusted_certificate with the paths to your certificate and key
Restart Kong Gateway for the settings to take effect:
On the Configure New Runtime page, click Done to go to the Runtime
The Runtime Manager will include a new entry for your instance.
Access services using the proxy URL
Kong Gateway uses port
8000 for the proxy, taking incoming
traffic from consumers, and forwarding it to upstream services.
The default proxy URL is
http://localhost:8000. If you configured a different
localhost with your hostname. Use this URL, along with any
routes you set, to access your services.
For example, to access a service with the route