--- title: "Kong Konnect" slug: "kong-konnect" description: "Integrate Kong Konnect with Traceable to bolster your API security and gain end-to-end visibility across environments. This step-by-step guide provides detailed instructions for configuring the Traceable plugin on Kong Gateways, supporting various deployment options including Kubernetes, Docker, and virtual machines." updated: 2024-12-12T05:11:09Z published: 2024-12-12T05:11:09Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Kong Konnect Kong Konnect is a powerful, cloud-native API management solution designed to simplify and secure the deployment of APIs and microservices. By integrating Kong Konnect with Traceable, organizations can enhance API security, gain end-to-end visibility, leverage advanced threat detection, and optimize API performance. Integrating Kong Konnect with Traceable enhances API security, providing traffic monitoring to detect threats like malicious calls and data exfiltration. It also offers end-to-end visibility into API interactions across environments and advanced machine-learning-based threat detection to identify sophisticated threats proactively. --- ## Before you begin Make a note of the following points before proceeding with deployment steps: - **Access to Kong Konnect** and **Kong Gateway Deployment**: Ensure Kong Konnect and Kong Gateway are set up. - **Download Tools**: You’ll need `curl` and `luarocks`. - **Traceable Platform agent**: Ensure the Traceable Platform agent (TPA) is installed. For more information, see [Installation](/docs/installation). - **Traceable API Access**: Ensure the Traceable Platform Agent (TPA) is reachable from Kong Gateway. - **Namespace Details**: If using Kubernetes, confirm the Kong namespace. --- ## Deployment steps ### Step 1: Download and Unpack the Traceable Kong Plugin 1. Download the plugin from LuaRocks: ```bash curl -LO https://luarocks.org/manifests/traceableai/kong-plugin-traceable-2.1.2-1.src.rock ``` 2. Unpack the downloaded plugin: ```bash luarocks unpack kong-plugin-traceable-2.1.2-1.src.rock ``` --- ### Step 2: Upload the Plugin Schema to Kong Konnect 1. Navigate in Kong Konnect: - **Gateway Manager** → **[Select a Gateway]** → **Plugins** → **New Plugin** ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_kong_konnect_upload_plugin Schema__new_plugin.png) 2. Select **Custom Plugins** tab → **Create** under Custom Plugin. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_kong_konnect_upload_plugin Schema_new_create.png) 3. Upload the `schema.lua` file from the Traceable plugin → **Save**. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_kong_konnect_upload_plugin Schema_new_upload.png) 4. To enable and configure the plugin: - Go back to **Plugins** → **Enable** on the Traceable plugin. ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_kong_konnect_upload_plugin Schema_new_enable.png) - Configure the plugin options on the configuration page using the following settings: | Field | Description | | --- | --- | | Global vs Scoped | **Global** will apply to all services on the gateway, while **Scoped** allows granular control over which APIs send traffic to the Traceable plugin. | | Allow on Failure | Only used in `sync` mode; will block a request if communication to TPA fails. | | Buffer Request Body | Only used in `async` mode, to buffer the request body for async export. | | Ext Cap Endpoint | TPA Host, which must be reachable from the Kong gateway. | | Mode | - sync: Supports inline blocking; requires TME on the same Kong host. - async: Does not support blocking and is asynchronous. | | Timeout | Connection timeout from Kong plugin to TPA, specified in milliseconds. | | Service Name | Name that will appear in the Traceable UI. | ![](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_kong_konnect_upload_plugin Schema_new_configure.png) --- ### Step 3: Add the Plugin to Kong Gateway Deployment #### Option 1 — VM deployment If you are running Kong on virtual machines (VMs), you can install the plugin using the following LuaRocks command: ```bash luarocks install kong-plugin-traceable ``` --- #### Option 2 — Custom Docker Images If using custom Kong Docker images, you can copy the kong plugin sound code and set the `KONG_PLUGINS` environment variable as shown below: ```dockerfile FROM kong/kong-gateway:latest USER root # Copy the unpacked plugin COPY kong-plugin-traceable-2.1.2-1/kong/plugins/traceable /usr/local/share/lua/5.1/kong/plugins/traceable # Set KONG_PLUGINS to include traceable ENV KONG_PLUGINS=bundled,traceable USER kong ENTRYPOINT ["/entrypoint.sh"] EXPOSE 8000 8443 8001 8444 STOPSIGNAL SIGQUIT HEALTHCHECK --interval=10s --timeout=10s --retries=10 CMD kong health CMD ["kong", "docker-start"] ``` --- #### Option 3 — Official Docker Images (Volume Mount) If you are using the official Kong Docker images and do not build custom Kong images, you can add the Traceable plugin by attaching a volume and setting the required environment variables. Use the following configuration: ```yaml version: "3.8" services:  kong:    image: kong/kong-gateway:latest    environment:      - KONG_PLUGINS=bundled,traceable      - KONG_LUA_PACKAGE_PATH="/opt/?.lua;;"    volumes:      - ./kong-plugin-traceable:/opt/kong/plugins/traceable ``` > [!NOTE] > Note > > The exact steps for adding the plugin may vary depending on the platform where your Kong containers are deployed. For platform-specific guidance, contact Traceable Support and discuss with your Customer Success representative to ensure proper configuration. --- #### Option 4 — Kubernetes with Helm If you are deploying Kong in Kubernetes with Helm, you can deploy the Traceable plugin source code as a ConfigMap. 1. **Download the Plugin**: ```bash curl -LO https://luarocks.org/manifests/traceableai/kong-plugin-traceable-2.1.2-1.src.rock ``` 2. **Unpack the Plugin**: ```bash luarocks unpack kong-plugin-traceable-2.1.2-1.src.rock ``` 3. **Create the ConfigMap** Replace `-n kong` with your specific namespace if different: ```bash kubectl create configmap -n kong kong-plugin-traceable --from-file=./kong-plugin-traceable-2.1.2-1/kong-plugin-traceable-2.1.2/kong/plugins/traceable/ ``` 4. **Update the Helm**`values.yaml` file for Kong: ```yaml gateway:  plugins:    configMaps:    - name: kong-plugin-traceable      pluginName: traceable ``` --- #### Option 5 — Kubernetes without Helm If you are deploying Kong in Kubernetes without Helm, you can apply a strategic deployment patch to add the plugin volume. Follow these steps: 1. **Download the Plugin**: ```bash curl -LO https://luarocks.org/manifests/traceableai/kong-plugin-traceable-2.1.2-1.src.rock ``` 2. **Unpack the Plugin**: ```bash luarocks unpack kong-plugin-traceable-2.1.2-1.src.rock ``` 3. **Create the ConfigMap** Replace `-n kong` with your specific namespace if different: ```bash kubectl create configmap -n kong kong-plugin-traceable --from-file=./kong-plugin-traceable-2.1.2-1/kong-plugin-traceable-2.1.2/kong/plugins/traceable/ ``` 4. **Create a Deployment Patch File**: Save the following YAML content in a file named `kong-traceable-patch.yml`. Replace `<replace with your metadata name>` and `<replace with your namespace>` with your actual deployment name and namespace: ```yaml apiVersion: apps/v1 kind: Deployment metadata:  name:  namespace: spec:  template:    spec:      containers:      - name: proxy        env:        - name: KONG_PLUGINS          value: bundled,traceable        - name: KONG_LUA_PACKAGE_PATH          value: "/opt/?.lua;;"        volumeMounts:        - name: kong-plugin-traceable          mountPath: /opt/kong/plugins/traceable      volumes:      - name: kong-plugin-traceable        configMap:          name: kong-plugin-traceable ``` 5. **Apply the Deployment Patch**: Apply the patch to your Kong deployment using the following command. Make sure to replace `<replace with deployment name>` with the actual name of your Kong deployment: ```bash kubectl patch deployments.apps --type strategic -n kong --patch-file kong-traceable-patch.yml ``` > [!NOTE] > Note > > Since this patch only updates specific values, ensure that `--type strategic` is used to overwrite only the specified fields without affecting other parts of the deployment configuration.