Set up a Kong Gateway Runtime on Linux
Using kong.conf
, set up a runtime
through the
Konnect Runtime Manager and
configure your Kong Gateway instance to accept configuration from
Konnect. The Runtime Manager keeps track of all runtimes
associated with the Konnect Cloud account.
Prerequisites
- You have Runtime Admin or Organization Admin permissions in Konnect Cloud.
Generate certificates
-
In Konnect, from the left navigation menu, select Runtimes.
For the first runtime, the page opens to a Configure New Runtime form.
Once configured, this page lists all runtimes associated with the Konnect Cloud account.
-
(Optional) If this is not the first runtime configuration, click Configure New Runtime.
-
Open the tab that suits your environment: Linux or Kubernetes.
For an advanced Docker setup, use either tab. Do not use the Quick Setup tab.
-
Click Generate Certificate.
Three new fields appear: a certificate, a private key, and a root CA certificate. The contents of these fields are unique to each runtime configuration.
-
Save the contents of each field into a separate file in a safe location:
- Certificate:
tls.crt
- Private key:
tls.key
- Root CA Certificate:
ca.crt
If you navigate away from this page before saving all of the certificate and key files, you will need to regenerate them.
- Certificate:
-
Store the files on your runtime’s local filesystem.
Important: Certificates expire every six (6) months and must be renewed. See Renew Certificates.
Keep the configuration page open for the next section, as you’ll need to refer back to it for the configuration parameters.
Configure the runtime
Next, configure a Kong Gateway runtime using the certificate, the private key, and the remaining configuration details on the Configure Runtime page.
-
Find the documentation for your platform, and follow the instructions in Steps 1 and 2 only to download and install Kong Gateway .
Do not start or create a database on this node. -
Return to Konnect and copy the codeblock in the Step 2. Configuration Parameters section.
-
Open your instance’s
kong.conf
file. Add the parameters you just copied to the file.The result should look something like this, replacing placeholder values with your own from Konnect:
role = data_plane database = off vitals_ttl_days = 732 cluster_mtls = pki cluster_control_plane = {EXAMPLE.CP.KONNECT.FOO}:443 cluster_server_name = {KONG-CPOUTLET-EXAMPLE.SERVICE} cluster_telemetry_endpoint = {EXAMPLE.TP.KONNECT.FOO}:443 cluster_telemetry_server_name = {KONG-TELEMETRY-EXAMPLE.SERVICE} cluster_cert = /{PATH_TO_FILE}/tls.crt cluster_ca_cert = /{PATH_TO_FILE}/ca.crt cluster_cert_key = /{PATH_TO_FILE}/tls.key
See Parameters for descriptions and the matching fields in Konnect.
-
Replace the values in
cluster_cert
,cluster_ca_cert
, andcluster_cert_key
with the paths to your certificate and key files. -
Restart Kong Gateway for the settings to take effect:
$ kong restart
-
On the Configure New Runtime page, click Done to go to the Runtime Manager overview.
The Runtime Manager will include a new entry for your instance.
Access services using the proxy URL
Kong Gateway uses port 8000
for the proxy, taking incoming
traffic from consumers, and forwarding it to upstream services.
The default proxy URL is http://localhost:8000
. If you configured a different
host, replace localhost
with your hostname. Use this URL, along with any
routes you set, to access your services.
For example, to access a service with the route /mock
, use
http://localhost:8000/mock
, or http://example-host:8000/mock
.