Skip to content
|
search
Kong Konnect

Set up a Kong Gateway Runtime on Linux

Using kong.conf, set up a runtime instance through the Konnect Runtime Manager and configure your Kong Gateway instance to accept configuration from Konnect. The Runtime Manager keeps track of all runtime instances associated with the Kong Konnect account.

Note: Kong does not host runtimes. You must install and host your own runtime instances.

Generate certificates

  1. In Konnect, select runtimes icon Runtime Manager.

  2. Select a runtime group.

  3. Click Create Runtime Instance.

  4. Click the tile for either Linux or Kubernetes.

    For an advanced Docker setup using custom configuration values, use either tile. Don’t use the MacOS, Windows, or Linux (Docker) tiles.

  5. Click Generate certificate.

    Two new fields appear: a cluster certificate and a certificate key. The contents of these fields are unique to each runtime configuration.

  6. Save the contents of each field into a separate file in a safe location:

    • Cluster certificate: tls.crt
    • Certificate key: tls.key

    If you navigate away from this page before saving all of the certificate and key files, you will need to regenerate them.

  7. Store the files on the local filesystem of the runtime instance.

Note: The certificates generated by Konnect have a ten year expiration date by default. If you bring your own certificates, make sure to monitor the expiration date. To rotate certificates, see Renew Certificates.

Configure the runtime

Configure a Kong Gateway runtime instance using the certificate, the private key, and the remaining configuration details on the runtime instance configuration page:

  1. Find the documentation for your platform, and follow the instructions in steps 1 and 2 only to download and install Kong Gateway .

    You should not deploy a Kong Gateway database on this node as Konnect provides a hosted control plane with its own database.

  2. Return to Konnect and copy the code block in the Configuration Parameters section.

  3. Open your instance’s kong.conf file. Add the parameters you just copied to the file.

    The result should look like this, replacing placeholder values with your own from Konnect:

     role = data_plane
 database = off
 cluster_mtls = pki
 cluster_control_plane = {EXAMPLE.CP.KONNECT.FOO}:443
 cluster_server_name = {KONG-CPOUTLET-EXAMPLE.SERVICE}
 cluster_telemetry_endpoint = {EXAMPLE.TP.KONNECT.FOO}:443
 cluster_telemetry_server_name = {KONG-TELEMETRY-EXAMPLE.SERVICE}
 cluster_cert = /{PATH_TO_FILE}/tls.crt
 cluster_cert_key = /{PATH_TO_FILE}/tls.key
 lua_ssl_trusted_certificate = system
 konnect_mode = on
 vitals = off

    See Parameters for descriptions and the matching fields in Konnect.

  4. Replace the values in cluster_cert and cluster_cert_key with the paths to your certificate and key files.

  5. Restart Kong Gateway for the settings to take effect:

     kong restart

  6. In Konnect, click Done to go to the Runtime Instances overview, where you will see a new entry for your instance.

Access services using the proxy URL

Kong Gateway uses port 8000 for the proxy, taking incoming traffic from consumers, and forwarding it to upstream services.

The default proxy URL is http://localhost:8000. If you configured a different host, replace localhost with your hostname. Use this URL, along with any routes you set, to access your services.

For example, to access a service with the route /mock, use http://localhost:8000/mock, or http://example-host:8000/mock.