Contents x
    Kong Konnect
    • 06 Nov 2024
    • 4 Minutes to read
    • Print
    • PDF
    Contents

    Kong Konnect

    • Updated on 06 Nov 2024
    • 4 Minutes to read
    • Print
    • PDF
    Article summary

    Kong Konnect is a powerful, cloud-native API management solution designed to simplify and secure the deployment of APIs and microservices. By integrating Kong Konnect with Traceable, organizations can enhance API security, gain end-to-end visibility, leverage advanced threat detection, and optimize API performance. Integrating Kong Konnect with Traceable enhances API security, providing traffic monitoring to detect threats like malicious calls and data exfiltration. It also offers end-to-end visibility into API interactions across environments and advanced machine-learning-based threat detection to identify sophisticated threats proactively.

    Before you begin

    Make a note of the following points before proceeding with deployment steps:

    • Access to Kong Konnect and Kong Gateway Deployment: Ensure Kong Konnect and Kong Gateway are set up.

    • Download Tools: You’ll need curl and luarocks.

    • Traceable Platform agent: Ensure the Traceable Platform agent (TPA) is installed. For more information, see Installation.

    • Traceable API Access: Ensure the Traceable Platform Agent (TPA) is reachable from Kong Gateway.

    • Namespace Details: If using Kubernetes, confirm the Kong namespace.

    Deployment steps

    Step 1: Download and Unpack the Traceable Kong Plugin

    1. Download the plugin from LuaRocks:

      curl -LO https://luarocks.org/manifests/traceableai/kong-plugin-traceable-2.1.0-1.src.rock

    2. Unpack the downloaded plugin:

      luarocks unpack kong-plugin-traceable-2.1.0-1.src.rock

    Step 2: Upload the Plugin Schema to Kong Konnect

    1. Navigate in Kong Konnect:

      • Gateway Manager[Select a Gateway]PluginsNew Plugin

    2. Select Custom Plugins tab → Create under Custom Plugin.

    3. Upload the schema.lua file from the Traceable plugin → Save.

    4. To enable and configure the plugin:

      • Go back to PluginsEnable on the Traceable plugin.

      • Configure the plugin options on the configuration page using the following settings:

    Field

    Description

    Global vs Scoped

    Global will apply to all services on the gateway, while Scoped allows granular control over which APIs send traffic to the Traceable plugin.

    Allow on Failure

    Only used in sync mode; will block a request if communication to TPA fails.

    Buffer Request Body

    Only used in async mode, to buffer the request body for async export.

    Ext Cap Endpoint

    TPA Host, which must be reachable from the Kong gateway.

    Mode

    • sync: Supports inline blocking; requires TME on the same Kong host.

    • async: Does not support blocking and is asynchronous.

    Timeout

    Connection timeout from Kong plugin to TPA, specified in milliseconds.

    Service Name

    Name that will appear in the Traceable UI.

    Step 3: Add the Plugin to Kong Gateway Deployment

    Option 1 — VM deployment

    If you are running Kong on virtual machines (VMs), you can install the plugin using the following LuaRocks command:

    luarocks install kong-plugin-traceable

    Option 2 — Custom Docker Images

    If using custom Kong Docker images, you can copy the kong plugin sound code and set the KONG_PLUGINS environment variable as shown below:

    FROM kong/kong-gateway:latest
USER root

# Copy the unpacked plugin
COPY kong-plugin-traceable-2.1.0-1/kong/plugins/traceable /usr/local/share/lua/5.1/kong/plugins/traceable
# Set KONG_PLUGINS to include traceable
ENV KONG_PLUGINS=bundled,traceable

USER kong
ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 8000 8443 8001 8444
STOPSIGNAL SIGQUIT
HEALTHCHECK --interval=10s --timeout=10s --retries=10 CMD kong health
CMD ["kong", "docker-start"]

    Option 3 — Official Docker Images (Volume Mount)

    If you are using the official Kong Docker images and do not build custom Kong images, you can add the Traceable plugin by attaching a volume and setting the required environment variables. Use the following configuration:

    version: "3.8"
services:
  kong:
    image: kong/kong-gateway:latest
    environment:
      - KONG_PLUGINS=bundled,traceable
      - KONG_LUA_PACKAGE_PATH=/opt/kong/plugins/traceable/?.lua;;
    volumes:
      - ./kong-plugin-traceable:/opt/kong/plugins/traceable

    Note

    The exact steps for adding the plugin may vary depending on the platform where your Kong containers are deployed. For platform-specific guidance, contact Traceable Support and discuss with your Customer Success representative to ensure proper configuration.

    Option 4 — Kubernetes with Helm

    If you are deploying Kong in Kubernetes with Helm, you can deploy the Traceable plugin source code as a ConfigMap.

    1. Download the Plugin:

      curl -LO https://luarocks.org/manifests/traceableai/kong-plugin-traceable-2.1.0-1.src.rock

    2. Unpack the Plugin:

      luarocks unpack kong-plugin-traceable-2.1.0-1.src.rock

    3. Create the ConfigMap Replace -n kong with your specific namespace if different:

      kubectl create configmap -n kong kong-plugin-traceable --from-file=./kong-plugin-traceable-2.1.0-1/kong-plugin-traceable-2.1.0/kong/plugins/traceable/

    4. Update the Helm values.yaml file for Kong:

      gateway:
  plugins:
    configMaps:
    - name: kong-plugin-traceable
      pluginName: traceable

    Option 5 — Kubernetes without Helm

    If you are deploying Kong in Kubernetes without Helm, you can apply a strategic deployment patch to add the plugin volume. Follow these steps:

    1. Download the Plugin:

      curl -LO https://luarocks.org/manifests/traceableai/kong-plugin-traceable-2.1.0-1.src.rock

    2. Unpack the Plugin:

      luarocks unpack kong-plugin-traceable-2.1.0-1.src.rock

    3. Create the ConfigMap Replace -n kong with your specific namespace if different:

      kubectl create configmap -n kong kong-plugin-traceable --from-file=./kong-plugin-traceable-2.1.0-1/kong-plugin-traceable-2.1.0/kong/plugins/traceable/

    4. Create a Deployment Patch File: Save the following YAML content in a file named kong-traceable-patch.yml. Replace <replace with your metadata name> and <replace with your namespace> with your actual deployment name and namespace:

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: <replace with your metadata name>
  namespace: <replace with your namespace>
spec:
  template:
    spec:
      containers:
      - name: proxy
        env:
        - name: KONG_PLUGINS
          value: bundled,traceable
        - name: KONG_LUA_PACKAGE_PATH
          value: "/opt/kong/plugins/traceable/?.lua;;"
        volumeMounts:
        - name: kong-plugin-traceable
          mountPath: /opt/kong/plugins/traceable
      volumes:
      - name: kong-plugin-traceable
        configMap:
          name: kong-plugin-traceable

    5. Apply the Deployment Patch: Apply the patch to your Kong deployment using the following command. Make sure to replace <replace with deployment name> with the actual name of your Kong deployment:

      kubectl patch deployments.apps --type strategic -n kong <replace with deployment name> --patch-file kong-traceable-patch.yml

    Note

    Since this patch only updates specific values, ensure that --type strategic is used to overwrite only the specified fields without affecting other parts of the deployment configuration.

    Was this article helpful?
    What's Next
    ©2023 Traceable Inc
    terms of services
    privacy policy
    oss disclosures