Kong Gateway Plugins in Konnect
Plugins let you extend Konnect functionality. You can choose from any number of bundled plugins in Konnect, or write your own custom plugins.
Plugin configuration
You can manage both bundled and custom plugins through the Gateway Manager.
You can scope a plugin to a specific Kong Gateway entity, or apply it globally within a control plane:
-
A scoped plugin applies configuration only to a specific service, route, consumer, or consumer group.
-
A global plugin applies to all services, routes, consumers, and consumer groups in a control plane.
In both cases, plugins are managed within a specific control plane. If you need a plugin to apply to multiple control planes, configure a plugin instance separately for each one, or create a control plane group.
Open the Plugins menu from within a control plane to access and manage its list of plugins:
Custom plugins
You can also apply your own custom plugins through the Gateway Manager.
The Konnect control plane only needs a Lua schema file. Using that schema, it creates a plugin configuration object in Konnect, which you can access via the Konnect UI or the custom plugins API. This means that Konnect only sees a custom plugin’s configuration options, and does not see any other data.
Note: Custom plugins are not supported in Dedicated Cloud Gateways.
To run in Konnect, every custom plugin must meet the following requirements:
-
General requirements:
- Each custom plugin must have a unique name.
- All plugin files must also be deployed to each Kong Gateway data plane node.
-
File structure requirements:
- The plugin must not contain an
api.lua
file as Admin API extensions are not supported. - The plugin must not contain the
dao.lua
ormigrations.lua
files as custom data entities are not supported.
- The plugin must not contain an
-
Code and language requirements:
- The schema for your custom plugin must be written in Lua.
- Custom validation functions must be written in Lua and be self-contained within the
schema.lua
file. - The
schema.lua
file must not contain anyrequire()
statements. - Plugins that require third-party libraries must reference them in the
handler.lua
file.
Application registration plugins
Application registration is built into API Products. When you enable application registration on an API product version, Konnect also automatically enables two plugins in read-only mode: ACL, and either Key Auth or OpenID Connect. These plugins appear in the service’s plugin list, and you can view their configurations, but you can’t edit or delete them directly.
Plugin limitations
Some bundled Kong Gateway plugins are not available in Konnect, or have configuration requirements specific to Konnect.
-
Rate limiting plugins default to the
redis
strategy, which you must provide your own Redis server for. You can also uselocal
to apply rate limiting per individual data plane node. -
A small number of Kong Gateway plugins are not available in Konnect. See the plugin compatibility chart for the full list, as well as a breakdown of the pricing tiers that each plugin is available in, and for specific Konnect notes for each plugin.