{"id":29877,"date":"2025-11-18T15:38:57","date_gmt":"2025-11-18T10:08:57","guid":{"rendered":"https:\/\/opstree.com\/blog\/?p=29877"},"modified":"2025-11-20T14:49:40","modified_gmt":"2025-11-20T09:19:40","slug":"kong-gateway-in-kubernetes","status":"publish","type":"post","link":"https:\/\/opstree.com\/blog\/2025\/11\/18\/kong-gateway-in-kubernetes\/","title":{"rendered":"A Complete Traffic Flow Guide to Using Kong Gateway in Kubernetes"},"content":{"rendered":"<h2 id=\"introduction\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Introduction<\/h2>\n<p id=\"3b3a\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">In today\u2019s cloud-native ecosystem, managing API traffic efficiently is crucial for application performance and security. As organizations migrate to microservices architectures on Kubernetes, the need for a robust API Gateway becomes paramount. Enter Kong Gateway \u2014 a powerful solution that acts as the intelligent traffic director for your Kubernetes cluster.<\/p>\n<p id=\"b6ed\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">Having worked with multiple API gateway solutions in production environments, I\u2019ve found Kong Gateway to be exceptionally well-suited for Kubernetes deployments. In this comprehensive guide, I\u2019ll walk you through how Kong Gateway orchestrates traffic flow within a <a href=\"https:\/\/opstree.com\/blog\/2022\/05\/17\/3-best-tools-to-manage-your-kubernetes-cluster\/\" target=\"_blank\" rel=\"noopener\">Kubernetes cluster<\/a>, using a real-world Grafana deployment as our example.<!--more--><\/p>\n<p id=\"e3fa\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">By the end of this article, you\u2019ll understand the complete journey of a request from your browser to a Kubernetes pod and back, with Kong Gateway managing every step of the process.<\/p>\n<p data-selectable-paragraph=\"\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-29885 size-full\" src=\"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/1_tlQTKTnbJO5QNpLy7kuyyQ.png\" alt=\"Kong Gateway in Kubernetes\" width=\"426\" height=\"872\" srcset=\"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/1_tlQTKTnbJO5QNpLy7kuyyQ.png 426w, https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/1_tlQTKTnbJO5QNpLy7kuyyQ-147x300.png 147w\" sizes=\"(max-width: 426px) 85vw, 426px\" \/><\/p>\n<p><!-- Simple Bullet Point Table of Contents --><\/p>\n<h2 style=\"border: 1px solid #ddd; padding: 15px; border-radius: 10px; background: #f9f9f9; font-family: Arial, sans-serif; max-width: 100%; margin: 20px auto;\">Table of Contents<\/h2>\n<ul style=\"padding-left: 20px; margin: 0; font-size: 16px; line-height: 1.8;\">\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#introduction\">Introduction<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#what-is-kong-gateway\">What is Kong Gateway?<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#key-capabilities\">Key Capabilities<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#installing-kong-kubernetes\">Installing Kong Gateway in Kubernetes<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#kong-architecture-kubernetes\">Kong Gateway Architecture in Kubernetes<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#complete-traffic-flow\">Complete Traffic Flow: Browser to Pod<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#practical-implementation-grafana\">Practical Implementation: Grafana with Kong<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#advanced-kong-features\">Advanced Kong Features for Production<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#monitoring-troubleshooting\">Monitoring and Troubleshooting<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#performance-optimization\">Performance Optimization<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#security-best-practices\">Security Best Practices<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#future-considerations\">Future Considerations<\/a><\/strong><\/li>\n<li><strong><a style=\"text-decoration: none; color: #0056b3;\" href=\"#conclusion\">Conclusion<\/a><\/strong><\/li>\n<\/ul>\n<h2 id=\"what-is-kong-gateway\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">What is Kong Gateway?<\/h2>\n<p id=\"4c92\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">Kong Gateway is an open-source, cloud-native API Gateway and ingress controller designed specifically for modern microservices architectures. Built on top of NGINX and OpenResty, Kong provides a lightweight yet powerful platform for managing API traffic.<\/p>\n<h2 id=\"key-capabilities\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Key Capabilities<\/h2>\n<h3 id=\"f401\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\"><strong class=\"nj gn\">Traffic Management<\/strong><\/h3>\n<ul class=\"\">\n<li id=\"fb0a\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Intelligent request routing based on paths, headers, and methods<\/li>\n<li id=\"ed17\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Load balancing across multiple service instances<\/li>\n<li id=\"b2b3\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Circuit breaker patterns for fault tolerance<\/li>\n<\/ul>\n<h3 id=\"efad\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\"><strong class=\"nj gn\">Security Features<\/strong><\/h3>\n<ul class=\"\">\n<li id=\"72d3\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Authentication and authorization (JWT, OAuth2, Basic Auth)<\/li>\n<li id=\"571b\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Rate limiting and DDoS protection<\/li>\n<li id=\"5765\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">SSL\/TLS termination and mTLS support<\/li>\n<\/ul>\n<h3 id=\"894a\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\"><strong class=\"nj gn\">Observability<\/strong><\/h3>\n<ul class=\"\">\n<li id=\"f089\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Comprehensive metrics and logging<\/li>\n<li id=\"98f7\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Distributed tracing support<\/li>\n<li id=\"44da\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Real-time monitoring and alerting<\/li>\n<\/ul>\n<h3 id=\"201c\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\"><strong class=\"nj gn\">Extensibility<\/strong><\/h3>\n<ul class=\"\">\n<li id=\"acd0\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Plugin-based architecture with 50+ official plugins<\/li>\n<li id=\"f25c\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Custom plugin development support<\/li>\n<li id=\"171d\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Seamless integration with existing tools<\/li>\n<\/ul>\n<div class=\"flex max-w-full flex-col grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"3c05b586-10b8-47d6-98ed-116af7fa92c4\" data-message-model-slug=\"gpt-5-1\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden first:pt-[1px]\">\n<div class=\"markdown prose dark:prose-invert w-full break-words light markdown-new-styling\">\n<p data-start=\"0\" data-end=\"163\" data-is-last-node=\"\" data-is-only-node=\"\">Enhance your Kubernetes operations with our <a href=\"https:\/\/opstree.com\/services\/devsecops-transformation-and-automation\/\" target=\"_blank\" rel=\"noopener\">DevSecOps Services<\/a>, delivering secure, automated, and scalable API management for modern cloud-native applications.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"installing-kong-kubernetes\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Installing Kong Gateway in Kubernetes<\/h2>\n<p id=\"2066\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">Before we dive into the architecture, let\u2019s start with a clean Kong installation. I\u2019ll show you multiple installation methods so you can choose what works best for your environment.<\/p>\n<h3 id=\"978c\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Prerequisites<\/h3>\n<p id=\"3c09\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">Before installing Kong Gateway, ensure you have:<\/p>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"872c\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-meta\"># Kubernetes cluster (v1.19+)<\/span>\r\nkubectl version --<span class=\"hljs-built_in\">short<\/span><\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"66e3\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Helm 3.x installed\r\nhelm version --short<\/span><span id=\"84c4\" class=\"pj mk gm oq b qe qi qg m qh ox\" data-selectable-paragraph=\"\"># Sufficient cluster resources\r\nkubectl get nodes<\/span><\/pre>\n<h3 id=\"ac10\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Method 1: Helm Installation (Recommended)<\/h3>\n<p id=\"90d3\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">This is the quickest and most reliable way to install Kong in production environments.<\/p>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"14da\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-comment\"># Add Kong Helm repository<\/span>\r\nhelm repo add kong https:\/\/charts.konghq.com\r\nhelm repo update<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"c46b\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Create dedicated namespace\r\nkubectl create namespace kong<\/span><span id=\"d03f\" class=\"pj mk gm oq b qe qi qg m qh ox\" data-selectable-paragraph=\"\"># Install Kong with DB-less mode\r\nhelm install kong kong\/kong \\\r\n  --namespace kong \\\r\n  --set ingressController.enabled=true \\\r\n  --set image.repository=kong\/kong-gateway \\\r\n  --set image.tag=\"3.4\" \\\r\n  --set env.database=off \\\r\n  --set env.router_flavor=traditional \\\r\n  --set ingressController.installCRDs=false \\\r\n  --set serviceMonitor.enabled=true \\\r\n  --set serviceMonitor.labels.release=prometheus<\/span><\/pre>\n<h3 id=\"fc42\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Method 2: Kubectl Manifest Installation<\/h3>\n<p id=\"4cd7\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">For those who prefer direct YAML deployment:<\/p>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"2ca7\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-comment\"># Install Kong CRDs first<\/span>\r\nkubectl apply -f https:\/\/raw.githubusercontent.com\/Kong\/kubernetes-ingress-controller\/main\/config\/crd\/bases\/configuration.konghq.com_kongplugins.yaml<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"3820\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Deploy Kong Gateway\r\nkubectl apply -f - &lt;&lt;EOF\r\napiVersion: apps\/v1\r\nkind: Deployment\r\nmetadata:\r\n  name: kong-gateway\r\n  namespace: kong\r\n  labels:\r\n    app: kong-gateway\r\nspec:\r\n  replicas: 2\r\n  selector:\r\n    matchLabels:\r\n      app: kong-gateway\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: kong-gateway\r\n    spec:\r\n      containers:\r\n      - name: kong\r\n        image: kong\/kong-gateway:3.4\r\n        ports:\r\n        - containerPort: 8000\r\n          name: proxy\r\n        - containerPort: 8443\r\n          name: proxy-ssl\r\n        - containerPort: 8001\r\n          name: admin\r\n        - containerPort: 8444\r\n          name: admin-ssl\r\n        env:\r\n        - name: KONG_DATABASE\r\n          value: \"off\"\r\n        - name: KONG_DECLARATIVE_CONFIG\r\n          value: \"\/opt\/kong\/kong.yaml\"\r\n        - name: KONG_PROXY_ACCESS_LOG\r\n          value: \"\/dev\/stdout\"\r\n        - name: KONG_ADMIN_ACCESS_LOG\r\n          value: \"\/dev\/stdout\"\r\n        - name: KONG_PROXY_ERROR_LOG\r\n          value: \"\/dev\/stderr\"\r\n        - name: KONG_ADMIN_ERROR_LOG\r\n          value: \"\/dev\/stderr\"\r\n        - name: KONG_ADMIN_LISTEN\r\n          value: \"0.0.0.0:8001\"\r\n        livenessProbe:\r\n          httpGet:\r\n            path: \/status\r\n            port: 8001\r\n          initialDelaySeconds: 30\r\n        readinessProbe:\r\n          httpGet:\r\n            path: \/status\r\n            port: 8001\r\n          initialDelaySeconds: 10\r\n---\r\napiVersion: v1\r\nkind: Service\r\nmetadata:\r\n  name: kong-proxy\r\n  namespace: kong\r\nspec:\r\n  type: LoadBalancer\r\n  ports:\r\n  - port: 80\r\n    targetPort: 8000\r\n    name: http\r\n  - port: 443\r\n    targetPort: 8443\r\n    name: https\r\n  selector:\r\n    app: kong-gateway\r\n---\r\napiVersion: v1\r\nkind: Service\r\nmetadata:\r\n  name: kong-admin\r\n  namespace: kong\r\nspec:\r\n  ports:\r\n  - port: 8001\r\n    targetPort: 8001\r\n    name: admin\r\n  selector:\r\n    app: kong-gateway\r\nEOF<\/span><\/pre>\n<h3 id=\"48b2\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Method 3: Kong Operator Installation<\/h3>\n<p id=\"fa65\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">For advanced users who want GitOps-style management:<\/p>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"6f5f\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-comment\"># Install Kong Operator<\/span>\r\nkubectl apply -f https:\/\/github.com\/Kong\/kong-operator\/releases\/latest\/download\/kong-operator.yaml<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"edd6\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Deploy Kong Gateway via Operator\r\nkubectl apply -f - &lt;&lt;EOF\r\napiVersion: charts.konghq.com\/v1alpha1\r\nkind: Kong\r\nmetadata:\r\n  name: kong-gateway\r\n  namespace: kong\r\nspec:\r\n  values:\r\n    ingressController:\r\n      enabled: true\r\n    env:\r\n      database: off\r\n    image:\r\n      repository: kong\/kong-gateway\r\n      tag: \"3.4\"\r\nEOF<\/span><\/pre>\n<h3 id=\"64fc\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Installation Verification<\/h3>\n<p id=\"12b0\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">After installation, verify Kong is running properly:<\/p>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"8afa\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-comment\"># Check Kong pods status<\/span>\r\nkubectl get pods -n kong<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"f75b\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Expected output:\r\n# NAME                            READY   STATUS    RESTARTS   AGE\r\n# kong-gateway-xxxxxxxxxxxxxxxx   1\/1     Running   0          2m\r\n# kong-gateway-xxxxxxxxxxxxxxxx   1\/1     Running   0          2m<\/span><span id=\"d1c8\" class=\"pj mk gm oq b qe qi qg m qh ox\" data-selectable-paragraph=\"\"># Check Kong services\r\nkubectl get svc -n kong<\/span><span id=\"225f\" class=\"pj mk gm oq b qe qi qg m qh ox\" data-selectable-paragraph=\"\"># Test Kong Admin API\r\nkubectl port-forward -n kong svc\/kong-admin 8001:8001 &amp;\r\ncurl -i http:\/\/localhost:8001\/status<\/span><span id=\"ccba\" class=\"pj mk gm oq b qe qi qg m qh ox\" data-selectable-paragraph=\"\"># Expected response:\r\n# HTTP\/1.1 200 OK\r\n# {\r\n#   \"database\": {\r\n#     \"reachable\": true\r\n#   },\r\n#   \"server\": {\r\n#     \"connections_accepted\": 1,\r\n#     \"connections_active\": 1,\r\n#     \"connections_handled\": 1,\r\n#     \"connections_reading\": 0,\r\n#     \"connections_waiting\": 0,\r\n#     \"connections_writing\": 1,\r\n#     \"total_requests\": 1\r\n#   }\r\n# }<\/span><\/pre>\n<h3 id=\"288f\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Post-Installation Configuration<\/h3>\n<h5 id=\"a6ff\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">1. Install Kong Ingress Controller CRDs<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"654e\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-comment\"># Install all Kong CRDs<\/span>\r\nkubectl apply -f https:\/\/raw.githubusercontent.com\/Kong\/kubernetes-ingress-controller\/main\/config\/crd\/bases\/configuration.konghq.com_kongplugins.yaml\r\nkubectl apply -f https:\/\/raw.githubusercontent.com\/Kong\/kubernetes-ingress-controller\/main\/config\/crd\/bases\/configuration.konghq.com_kongconsumers.yaml\r\nkubectl apply -f https:\/\/raw.githubusercontent.com\/Kong\/kubernetes-ingress-controller\/main\/config\/crd\/bases\/configuration.konghq.com_kongingresses.yaml<\/span><\/pre>\n<h5 id=\"64e4\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">2. Configure External Access<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"ce4c\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"># <span class=\"hljs-keyword\">Get<\/span> LoadBalancer IP (if <span class=\"hljs-keyword\">using<\/span> cloud provider)\r\nkubectl <span class=\"hljs-keyword\">get<\/span> svc kong<span class=\"hljs-operator\">-<\/span>proxy <span class=\"hljs-operator\">-<\/span>n kong<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"5663\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># For on-premise, use NodePort or configure Ingress\r\nkubectl patch svc kong-proxy -n kong -p '{\"spec\":{\"type\":\"NodePort\"}}'<\/span><\/pre>\n<h5 id=\"2b9e\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">3. Enable Kong Manager (Optional)<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"4cba\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-comment\"># Update Kong deployment to enable Manager<\/span>\r\nkubectl patch deployment kong-gateway -n kong -p '{\r\n  <span class=\"hljs-string\">\"spec\"<\/span>: {\r\n    <span class=\"hljs-string\">\"template\"<\/span>: {\r\n      <span class=\"hljs-string\">\"spec\"<\/span>: {\r\n        <span class=\"hljs-string\">\"containers\"<\/span>: [{\r\n          <span class=\"hljs-string\">\"name\"<\/span>: <span class=\"hljs-string\">\"kong\"<\/span>,\r\n          <span class=\"hljs-string\">\"env\"<\/span>: [\r\n            {\r\n              <span class=\"hljs-string\">\"name\"<\/span>: <span class=\"hljs-string\">\"KONG_ADMIN_GUI_URL\"<\/span>,\r\n              <span class=\"hljs-string\">\"value\"<\/span>: <span class=\"hljs-string\">\"http:\/\/localhost:8002\"<\/span>\r\n            },\r\n            {\r\n              <span class=\"hljs-string\">\"name\"<\/span>: <span class=\"hljs-string\">\"KONG_ADMIN_LISTEN\"<\/span>,\r\n              <span class=\"hljs-string\">\"value\"<\/span>: <span class=\"hljs-string\">\"0.0.0.0:8001, 0.0.0.0:8444 ssl\"<\/span>\r\n            }\r\n          ]\r\n        }]\r\n      }\r\n    }\r\n  }\r\n}'<\/span><\/pre>\n<p><strong>[ Also Read: <a href=\"https:\/\/opstree.com\/blog\/2025\/10\/28\/ingress-solution-with-envoy-proxy-on-kubernetes\/\">Building a High-Availability Ingress Solution with Envoy Proxy on Kubernetes<\/a> ]<\/strong><\/p>\n<h2 id=\"kong-architecture-kubernetes\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Kong Gateway Architecture in Kubernetes<\/h2>\n<p id=\"4b36\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">Now that Kong is installed, let\u2019s understand how it works within your Kubernetes cluster.<\/p>\n<h3 id=\"3f0d\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Core Components<\/h3>\n<ol class=\"\">\n<li id=\"f792\" class=\"nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Kong Gateway Pods<\/strong>: The main data plane handling traffic processing<\/li>\n<li id=\"8688\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Kong Ingress Controller<\/strong>: Manages configuration and communicates with Kubernetes API<\/li>\n<li id=\"8621\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Kong Admin API<\/strong>: Provides programmatic access to Kong configuration<\/li>\n<li id=\"6839\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Kong Manager<\/strong>: Web-based GUI for configuration management (Enterprise feature)<\/li>\n<\/ol>\n<h3 id=\"5a5c\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Deployment Modes<\/h3>\n<h5 id=\"1b09\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\"><strong class=\"nj gn\">DB-less Mode (Recommended for Kubernetes)<\/strong><\/h5>\n<ul class=\"\">\n<li id=\"5c3d\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Configuration stored as Kubernetes CRDs<\/li>\n<li id=\"5133\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Faster startup and better <a href=\"https:\/\/opstree.com\/services\/cloud-engineering-services\/\" target=\"_blank\" rel=\"noopener\">cloud-native integration<\/a><\/li>\n<li id=\"19fd\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">No database dependency<\/li>\n<li id=\"c443\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Perfect for GitOps workflows<\/li>\n<\/ul>\n<h5 id=\"fcbc\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\"><strong class=\"nj gn\">Traditional Mode<\/strong><\/h5>\n<ul class=\"\">\n<li id=\"9387\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Configuration stored in external database<\/li>\n<li id=\"19d7\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Better for complex, multi-environment setups<\/li>\n<li id=\"e89f\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Supports advanced features like Kong Manager<\/li>\n<li id=\"9b8e\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Required for Enterprise features<\/li>\n<\/ul>\n<h2 id=\"complete-traffic-flow\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Complete Traffic Flow: Browser to Pod<\/h2>\n<p id=\"3517\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">Let\u2019s trace a complete request journey using our Grafana example. This real-world scenario demonstrates how Kong Gateway seamlessly integrates with Kubernetes networking.<\/p>\n<h3 id=\"d0b5\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Step-by-Step Request Flow<\/h3>\n<h5 id=\"7382\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">1. User Initiates Request<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"173c\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-keyword\">User<\/span> Browser \u2192 grafana.k8s.xyz.dev<\/span><\/pre>\n<p id=\"b5d9\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">The user enters the Grafana URL in their browser, triggering the DNS resolution process.<\/p>\n<h5 id=\"4bb8\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">2. DNS Resolution<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"8108\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">DNS Query:<\/span> <span class=\"hljs-string\">grafana.k8s.xyz.dev<\/span>\r\n<span class=\"hljs-attr\">DNS Response:<\/span> <span class=\"hljs-number\">192.168<\/span><span class=\"hljs-string\">.x.x<\/span> <span class=\"hljs-string\">\u2705<\/span><\/span><\/pre>\n<p id=\"1a3c\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">The DNS server resolves the domain to the external load balancer IP address.<\/p>\n<h5 id=\"f898\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">3. External Load Balancer Processing<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"ca69\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\">External <span class=\"hljs-title.function\">LB<\/span> <span class=\"hljs-params\">(Envoy Proxy)<\/span>: <span class=\"hljs-number\">192.168<\/span>.x.x\r\n\u251c\u2500\u2500 SSL <span class=\"hljs-title.function\">Termination<\/span> <span class=\"hljs-params\">(<span class=\"hljs-keyword\">if<\/span> configured)<\/span>\r\n\u251c\u2500\u2500 Initial traffic filtering\r\n\u2514\u2500\u2500 Forward to Kong Gateway Service<\/span><\/pre>\n<p id=\"afc6\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">The external load balancer (Envoy Proxy in this case) receives the request and forwards it to the Kong Gateway service within the Kubernetes cluster.<\/p>\n<h5 id=\"3f09\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">4. Kong Gateway Ingress Processing<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"e435\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-type\">Kong<\/span> <span class=\"hljs-type\">Gateway<\/span> <span class=\"hljs-type\">Service<\/span>: <span class=\"hljs-number\">192.168<\/span>.x.x\r\n<span class=\"hljs-operator\">\u251c\u2500\u2500<\/span> <span class=\"hljs-type\">Ingress<\/span> rule matching\r\n<span class=\"hljs-operator\">\u251c\u2500\u2500<\/span> <span class=\"hljs-type\">Authentication<\/span> (<span class=\"hljs-keyword\">if<\/span> <span class=\"hljs-keyword\">required<\/span>)\r\n<span class=\"hljs-operator\">\u251c\u2500\u2500<\/span> <span class=\"hljs-type\">Rate<\/span> limiting checks\r\n<span class=\"hljs-operator\">\u251c\u2500\u2500<\/span> <span class=\"hljs-type\">Plugin<\/span> execution\r\n<span class=\"hljs-operator\">\u2514\u2500\u2500<\/span> <span class=\"hljs-type\">Route<\/span> to target service<\/span><\/pre>\n<p id=\"5f86\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">Kong Gateway analyzes the request against configured ingress rules and applies any relevant policies or transformations.<\/p>\n<h5 id=\"0b1a\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">5. Kubernetes Service Discovery<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"5719\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">Target Service:<\/span> <span class=\"hljs-string\">grafana-service:3000<\/span>\r\n<span class=\"hljs-string\">\u251c\u2500\u2500<\/span> <span class=\"hljs-string\">Service<\/span> <span class=\"hljs-string\">endpoint<\/span> <span class=\"hljs-string\">lookup<\/span>\r\n<span class=\"hljs-string\">\u251c\u2500\u2500<\/span> <span class=\"hljs-string\">Load<\/span> <span class=\"hljs-string\">balancing<\/span> <span class=\"hljs-string\">algorithm<\/span>\r\n<span class=\"hljs-string\">\u2514\u2500\u2500<\/span> <span class=\"hljs-string\">Pod<\/span> <span class=\"hljs-string\">selection<\/span><\/span><\/pre>\n<p id=\"96a4\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">Kong forwards the request to the Grafana service, which then selects an available pod based on the configured load balancing strategy.<\/p>\n<h5 id=\"0c0c\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">6. Pod Processing and Response<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"90fa\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\">Grafana Pod: <span class=\"hljs-number\">192.168<\/span>.x.x:<span class=\"hljs-number\">3000<\/span>\r\n\u251c\u2500\u2500 Application processing\r\n\u251c\u2500\u2500 Generate response\r\n\u2514\u2500\u2500 Return through the same <span class=\"hljs-built_in\">path<\/span><\/span><\/pre>\n<p id=\"439b\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">The selected Grafana pod processes the request and sends the response back through the entire chain.<\/p>\n<h2 id=\"practical-implementation-grafana\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Practical Implementation: Grafana with Kong<\/h2>\n<p id=\"3181\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">Let\u2019s implement a real example to solidify these concepts. Here\u2019s how to expose Grafana through Kong Gateway in your Kubernetes cluster.<\/p>\n<h3 id=\"334e\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">1. Deploy Grafana Service<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"89a4\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">apps\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">Deployment<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana<\/span>\r\n  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">monitoring<\/span>\r\n<span class=\"hljs-attr\">spec:<\/span>\r\n  <span class=\"hljs-attr\">replicas:<\/span> <span class=\"hljs-number\">2<\/span>\r\n  <span class=\"hljs-attr\">selector:<\/span>\r\n    <span class=\"hljs-attr\">matchLabels:<\/span>\r\n      <span class=\"hljs-attr\">app:<\/span> <span class=\"hljs-string\">grafana<\/span>\r\n  <span class=\"hljs-attr\">template:<\/span>\r\n    <span class=\"hljs-attr\">metadata:<\/span>\r\n      <span class=\"hljs-attr\">labels:<\/span>\r\n        <span class=\"hljs-attr\">app:<\/span> <span class=\"hljs-string\">grafana<\/span>\r\n    <span class=\"hljs-attr\">spec:<\/span>\r\n      <span class=\"hljs-attr\">containers:<\/span>\r\n      <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana<\/span>\r\n        <span class=\"hljs-attr\">image:<\/span> <span class=\"hljs-string\">grafana\/grafana:latest<\/span>\r\n        <span class=\"hljs-attr\">ports:<\/span>\r\n        <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">containerPort:<\/span> <span class=\"hljs-number\">3000<\/span>\r\n        <span class=\"hljs-attr\">env:<\/span>\r\n        <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">GF_SERVER_ROOT_URL<\/span>\r\n          <span class=\"hljs-attr\">value:<\/span> <span class=\"hljs-string\">\"https:\/\/grafana.k8s.opstree.dev\"<\/span>\r\n<span class=\"hljs-meta\">---<\/span>\r\n<span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">Service<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-service<\/span>\r\n  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">monitoring<\/span>\r\n<span class=\"hljs-attr\">spec:<\/span>\r\n  <span class=\"hljs-attr\">selector:<\/span>\r\n    <span class=\"hljs-attr\">app:<\/span> <span class=\"hljs-string\">grafana<\/span>\r\n  <span class=\"hljs-attr\">ports:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">3000<\/span>\r\n    <span class=\"hljs-attr\">targetPort:<\/span> <span class=\"hljs-number\">3000<\/span>\r\n    <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">http<\/span><\/span><\/pre>\n<h3 id=\"a42b\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">2. Configure Kong Ingress<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"7bc9\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">networking.k8s.io\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">Ingress<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-ingress<\/span>\r\n  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">monitoring<\/span>\r\n  <span class=\"hljs-attr\">annotations:<\/span>\r\n    <span class=\"hljs-attr\">kubernetes.io\/ingress.class:<\/span> <span class=\"hljs-string\">kong<\/span>\r\n    <span class=\"hljs-attr\">konghq.com\/strip-path:<\/span> <span class=\"hljs-string\">\"true\"<\/span>\r\n    <span class=\"hljs-attr\">konghq.com\/preserve-host:<\/span> <span class=\"hljs-string\">\"true\"<\/span>\r\n<span class=\"hljs-attr\">spec:<\/span>\r\n  <span class=\"hljs-attr\">tls:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">hosts:<\/span>\r\n    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">grafana.k8s.opstree.dev<\/span>\r\n    <span class=\"hljs-attr\">secretName:<\/span> <span class=\"hljs-string\">grafana-tls<\/span>\r\n  <span class=\"hljs-attr\">rules:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">host:<\/span> <span class=\"hljs-string\">grafana.k8s.opstree.dev<\/span>\r\n    <span class=\"hljs-attr\">http:<\/span>\r\n      <span class=\"hljs-attr\">paths:<\/span>\r\n      <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">path:<\/span> <span class=\"hljs-string\">\/<\/span>\r\n        <span class=\"hljs-attr\">pathType:<\/span> <span class=\"hljs-string\">Prefix<\/span>\r\n        <span class=\"hljs-attr\">backend:<\/span>\r\n          <span class=\"hljs-attr\">service:<\/span>\r\n            <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-service<\/span>\r\n            <span class=\"hljs-attr\">port:<\/span>\r\n              <span class=\"hljs-attr\">number:<\/span> <span class=\"hljs-number\">3000<\/span><\/span><\/pre>\n<h3 id=\"47f8\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">3. Add Kong Plugins (Optional)<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"c9a2\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">configuration.konghq.com\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">KongPlugin<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-rate-limit<\/span>\r\n  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">monitoring<\/span>\r\n<span class=\"hljs-attr\">config:<\/span>\r\n  <span class=\"hljs-attr\">minute:<\/span> <span class=\"hljs-number\">100<\/span>\r\n  <span class=\"hljs-attr\">hour:<\/span> <span class=\"hljs-number\">1000<\/span>\r\n<span class=\"hljs-attr\">plugin:<\/span> <span class=\"hljs-string\">rate-limiting<\/span>\r\n<span class=\"hljs-meta\">---<\/span>\r\n<span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">configuration.konghq.com\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">KongPlugin<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-cors<\/span>\r\n  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">monitoring<\/span>\r\n<span class=\"hljs-attr\">config:<\/span>\r\n  <span class=\"hljs-attr\">origins:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">\"https:\/\/grafana.k8s.opstree.dev\"<\/span>\r\n  <span class=\"hljs-attr\">methods:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">GET<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">POST<\/span>\r\n  <span class=\"hljs-attr\">headers:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">Accept<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">Content-Type<\/span>\r\n<span class=\"hljs-attr\">plugin:<\/span> <span class=\"hljs-string\">cors<\/span><\/span><\/pre>\n<h3 id=\"2839\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">4. Apply Plugins to Ingress<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"37d8\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">networking.k8s.io\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">Ingress<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-ingress<\/span>\r\n  <span class=\"hljs-attr\">namespace:<\/span> <span class=\"hljs-string\">monitoring<\/span>\r\n  <span class=\"hljs-attr\">annotations:<\/span>\r\n    <span class=\"hljs-attr\">kubernetes.io\/ingress.class:<\/span> <span class=\"hljs-string\">kong<\/span>\r\n    <span class=\"hljs-attr\">konghq.com\/plugins:<\/span> <span class=\"hljs-string\">grafana-rate-limit,grafana-cors<\/span>\r\n<span class=\"hljs-attr\">spec:<\/span>\r\n  <span class=\"hljs-comment\"># ... rest of ingress configuration<\/span><\/span><\/pre>\n<h2 id=\"advanced-kong-features\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Advanced Kong Features for Production<\/h2>\n<h3 id=\"4e4c\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Traffic Splitting and Canary Deployments<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"d444\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">configuration.konghq.com\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">KongIngress<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-traffic-split<\/span>\r\n<span class=\"hljs-attr\">spec:<\/span>\r\n  <span class=\"hljs-attr\">upstream:<\/span>\r\n    <span class=\"hljs-attr\">algorithm:<\/span> <span class=\"hljs-string\">weighted-round-robin<\/span>\r\n    <span class=\"hljs-attr\">slots:<\/span> <span class=\"hljs-number\">1000<\/span>\r\n  <span class=\"hljs-attr\">proxy:<\/span>\r\n    <span class=\"hljs-attr\">connect_timeout:<\/span> <span class=\"hljs-number\">10000<\/span>\r\n    <span class=\"hljs-attr\">retries:<\/span> <span class=\"hljs-number\">3<\/span><\/span><\/pre>\n<h3 id=\"4fc3\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Health Checks and Circuit Breaker<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"8dad\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">configuration.konghq.com\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">KongPlugin<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">grafana-health-check<\/span>\r\n<span class=\"hljs-attr\">config:<\/span>\r\n  <span class=\"hljs-attr\">active:<\/span>\r\n    <span class=\"hljs-attr\">healthy:<\/span>\r\n      <span class=\"hljs-attr\">interval:<\/span> <span class=\"hljs-number\">10<\/span>\r\n      <span class=\"hljs-attr\">successes:<\/span> <span class=\"hljs-number\">3<\/span>\r\n    <span class=\"hljs-attr\">unhealthy:<\/span>\r\n      <span class=\"hljs-attr\">interval:<\/span> <span class=\"hljs-number\">10<\/span>\r\n      <span class=\"hljs-attr\">tcp_failures:<\/span> <span class=\"hljs-number\">3<\/span>\r\n      <span class=\"hljs-attr\">http_failures:<\/span> <span class=\"hljs-number\">3<\/span>\r\n  <span class=\"hljs-attr\">passive:<\/span>\r\n    <span class=\"hljs-attr\">unhealthy:<\/span>\r\n      <span class=\"hljs-attr\">http_failures:<\/span> <span class=\"hljs-number\">3<\/span>\r\n      <span class=\"hljs-attr\">tcp_failures:<\/span> <span class=\"hljs-number\">3<\/span>\r\n<span class=\"hljs-attr\">plugin:<\/span> <span class=\"hljs-string\">upstream-health-check<\/span><\/span><\/pre>\n<h2 id=\"monitoring-troubleshooting\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Monitoring and Troubleshooting<\/h2>\n<h3 id=\"5f7c\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Essential Monitoring Metrics<\/h3>\n<p id=\"3d8f\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Kong Gateway Metrics:<\/strong><\/p>\n<ul class=\"\">\n<li id=\"7edb\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Request rate and latency<\/li>\n<li id=\"9784\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Error rates by service<\/li>\n<li id=\"836a\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Plugin execution time<\/li>\n<li id=\"5109\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Upstream health status<\/li>\n<\/ul>\n<p id=\"1cfb\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Kubernetes Integration Metrics:<\/strong><\/p>\n<ul class=\"\">\n<li id=\"6705\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Pod scaling events<\/li>\n<li id=\"f836\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Service endpoint changes<\/li>\n<li id=\"8d0a\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Ingress rule modifications<\/li>\n<\/ul>\n<h3 id=\"d74c\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Common Troubleshooting Scenarios<\/h3>\n<h5 id=\"04ce\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">1. 502 Bad Gateway Errors<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"5fee\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-comment\"># Check Kong Gateway pods<\/span>\r\nkubectl get pods -n kong -l app=kong<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"1110\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Check Kong configuration\r\nkubectl logs -n kong deployment\/kong-gateway<\/span><span id=\"a82b\" class=\"pj mk gm oq b qe qi qg m qh ox\" data-selectable-paragraph=\"\"># Verify service endpoints\r\nkubectl get endpoints grafana-service -n monitoring<\/span><\/pre>\n<h5 id=\"3649\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">2. SSL\/TLS Issues<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"19c3\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"># <span class=\"hljs-keyword\">Check<\/span> certificate status\r\nkubectl <span class=\"hljs-keyword\">describe<\/span> secret grafana<span class=\"hljs-operator\">-<\/span>tls <span class=\"hljs-operator\">-<\/span>n monitoring<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"98c4\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Verify Kong SSL configuration\r\nkubectl get kongingress grafana-ingress -o yaml<\/span><\/pre>\n<h5 id=\"ed08\" class=\"pj mk gm bg ml pk pl pm mp pn po pp mt ns pq pr ps nw pt pu pv oa pw px py pz bl\">3. Plugin Configuration Problems<\/h5>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"a2c7\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-meta\"># List applied plugins<\/span>\r\nkubectl <span class=\"hljs-keyword\">get<\/span> kongplugins -n monitoring<\/span><\/pre>\n<pre class=\"qa op oq qb qc ak qd bl\"><span id=\"ad3e\" class=\"pj mk gm oq b qe qf qg m qh ox\" data-selectable-paragraph=\"\"># Check plugin status\r\nkubectl describe kongplugin grafana-rate-limit -n monitoring<\/span><\/pre>\n<p><strong>[ Our Case study: <a href=\"https:\/\/opstree.com\/case-study\/self-managed-deployment-of-kafka-airflow-on-linode-kubernetes\/\" target=\"_blank\" rel=\"noopener\">Self-Managed Deployment of Kafka &amp; Airflow on Linode Kubernetes<\/a> ]<\/strong><\/p>\n<h2 id=\"performance-optimization\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Performance Optimization<\/h2>\n<h3 id=\"35cb\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Kong Gateway Tuning<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"70b3\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">ConfigMap<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">kong-config<\/span>\r\n<span class=\"hljs-attr\">data:<\/span>\r\n  <span class=\"hljs-attr\">KONG_WORKER_PROCESSES:<\/span> <span class=\"hljs-string\">\"auto\"<\/span>\r\n  <span class=\"hljs-attr\">KONG_WORKER_CONNECTIONS:<\/span> <span class=\"hljs-string\">\"4096\"<\/span>\r\n  <span class=\"hljs-attr\">KONG_UPSTREAM_KEEPALIVE_POOL_SIZE:<\/span> <span class=\"hljs-string\">\"60\"<\/span>\r\n  <span class=\"hljs-attr\">KONG_UPSTREAM_KEEPALIVE_MAX_REQUESTS:<\/span> <span class=\"hljs-string\">\"100\"<\/span><\/span><\/pre>\n<h3 id=\"d4e0\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Resource Allocation<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"91f4\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">apps\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">Deployment<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">kong-gateway<\/span>\r\n<span class=\"hljs-attr\">spec:<\/span>\r\n  <span class=\"hljs-attr\">template:<\/span>\r\n    <span class=\"hljs-attr\">spec:<\/span>\r\n      <span class=\"hljs-attr\">containers:<\/span>\r\n      <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">kong<\/span>\r\n        <span class=\"hljs-attr\">resources:<\/span>\r\n          <span class=\"hljs-attr\">requests:<\/span>\r\n            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">200m<\/span>\r\n            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">256Mi<\/span>\r\n          <span class=\"hljs-attr\">limits:<\/span>\r\n            <span class=\"hljs-attr\">cpu:<\/span> <span class=\"hljs-string\">1000m<\/span>\r\n            <span class=\"hljs-attr\">memory:<\/span> <span class=\"hljs-string\">512Mi<\/span><\/span><\/pre>\n<h2 id=\"security-best-practices\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Security Best Practices<\/h2>\n<h3 id=\"235a\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">1. Network Policies<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"cd53\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-attr\">apiVersion:<\/span> <span class=\"hljs-string\">networking.k8s.io\/v1<\/span>\r\n<span class=\"hljs-attr\">kind:<\/span> <span class=\"hljs-string\">NetworkPolicy<\/span>\r\n<span class=\"hljs-attr\">metadata:<\/span>\r\n  <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">kong-network-policy<\/span>\r\n<span class=\"hljs-attr\">spec:<\/span>\r\n  <span class=\"hljs-attr\">podSelector:<\/span>\r\n    <span class=\"hljs-attr\">matchLabels:<\/span>\r\n      <span class=\"hljs-attr\">app:<\/span> <span class=\"hljs-string\">kong<\/span>\r\n  <span class=\"hljs-attr\">policyTypes:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">Ingress<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-string\">Egress<\/span>\r\n  <span class=\"hljs-attr\">ingress:<\/span>\r\n  <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">from:<\/span>\r\n    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">namespaceSelector:<\/span>\r\n        <span class=\"hljs-attr\">matchLabels:<\/span>\r\n          <span class=\"hljs-attr\">name:<\/span> <span class=\"hljs-string\">ingress-nginx<\/span>\r\n    <span class=\"hljs-attr\">ports:<\/span>\r\n    <span class=\"hljs-bullet\">-<\/span> <span class=\"hljs-attr\">protocol:<\/span> <span class=\"hljs-string\">TCP<\/span>\r\n      <span class=\"hljs-attr\">port:<\/span> <span class=\"hljs-number\">8000<\/span><\/span><\/pre>\n<h3 id=\"4b74\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">2. RBAC Configuration<\/h3>\n<pre class=\"ok ol om on oo op oq or bq os bc bl\"><span id=\"ad41\" class=\"ot mk gm oq b bh ou ov m ow ox\" data-selectable-paragraph=\"\"><span class=\"hljs-section\">apiVersion: rbac.authorization.k8s.io\/v1<\/span>\r\n<span class=\"hljs-section\">kind: ClusterRole<\/span>\r\n<span class=\"hljs-section\">metadata:<\/span>\r\n  name: kong-ingress\r\n<span class=\"hljs-section\">rules:<\/span>\r\n- apiGroups: [<span class=\"hljs-string\">\"\"<\/span>]\r\n  resources: [<span class=\"hljs-string\">\"services\"<\/span>, <span class=\"hljs-string\">\"endpoints\"<\/span>]\r\n  verbs: [<span class=\"hljs-string\">\"get\"<\/span>, <span class=\"hljs-string\">\"list\"<\/span>, <span class=\"hljs-string\">\"watch\"<\/span>]\r\n- apiGroups: [<span class=\"hljs-string\">\"networking.k8s.io\"<\/span>]\r\n  resources: [<span class=\"hljs-string\">\"ingresses\"<\/span>]\r\n  verbs: [<span class=\"hljs-string\">\"get\"<\/span>, <span class=\"hljs-string\">\"list\"<\/span>, <span class=\"hljs-string\">\"watch\"<\/span>]\r\n- apiGroups: [<span class=\"hljs-string\">\"configuration.konghq.com\"<\/span>]\r\n  resources: [<span class=\"hljs-string\">\"*\"<\/span>]\r\n  verbs: [<span class=\"hljs-string\">\"*\"<\/span>]<\/span><\/pre>\n<h2 id=\"future-considerations\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Future Considerations<\/h2>\n<h5 id=\"0d8d\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Kong Gateway Roadmap<\/h5>\n<ul class=\"\">\n<li id=\"6341\" class=\"nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Enhanced service mesh capabilities<\/li>\n<li id=\"6168\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Improved GraphQL support<\/li>\n<li id=\"ea2a\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Advanced traffic analytics<\/li>\n<li id=\"c3d8\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\">Better integration with cloud providers<\/li>\n<\/ul>\n<h5 id=\"a849\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\">Migration Strategies<\/h5>\n<p id=\"f98a\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">When considering Kong Gateway adoption:<\/p>\n<ol class=\"\">\n<li id=\"fa06\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Phase 1<\/strong>: Deploy alongside existing ingress<\/li>\n<li id=\"0fce\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Phase 2<\/strong>: Migrate non-critical services<\/li>\n<li id=\"f661\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Phase 3<\/strong>: Full migration with monitoring<\/li>\n<li id=\"4b89\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe alq pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Phase 4<\/strong>: Advanced features implementation<\/li>\n<\/ol>\n<h2 id=\"conclusion\" class=\"mj mk gm bg ml mm mn mo mp mq mr ms mt mu mv mw mx my mz na nb nc nd ne nf ng bl\" data-selectable-paragraph=\"\">Conclusion<\/h2>\n<p id=\"8f2f\" class=\"pw-post-body-paragraph nh ni gm nj b nk nl nm nn no np nq nr ns nt nu nv nw nx ny nz oa ob oc od oe gf bl\" data-selectable-paragraph=\"\">Kong Gateway represents a mature, production-ready solution for API management in Kubernetes environments. Its combination of powerful traffic management, robust security features, and extensive plugin ecosystem makes it an excellent choice for organizations serious about their API infrastructure.<\/p>\n<p id=\"494b\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">Through our Grafana example, we\u2019ve seen how Kong seamlessly integrates with Kubernetes networking, providing intelligent traffic routing while maintaining the flexibility to add advanced features like authentication, rate limiting, and monitoring.<\/p>\n<p id=\"b1f2\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">The key takeaways from this deep dive:<\/p>\n<ul class=\"\">\n<li id=\"74ad\" class=\"nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe pa pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Seamless Integration<\/strong>: Kong works naturally with Kubernetes ingress patterns<\/li>\n<li id=\"85eb\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Production Ready<\/strong>: Comprehensive feature set for enterprise requirements<\/li>\n<li id=\"7e64\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Extensible Architecture<\/strong>: Plugin system enables custom functionality<\/li>\n<li id=\"4872\" class=\"nh ni gm nj b nk pd nm nn no pe nq nr ns pf nu nv nw pg ny nz oa ph oc od oe pa pb pc bl\" data-selectable-paragraph=\"\"><strong class=\"nj gn\">Strong Community<\/strong>: Active development and extensive documentation<\/li>\n<\/ul>\n<p id=\"1586\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">Whether you\u2019re just starting with Kubernetes or looking to upgrade your existing ingress solution, Kong Gateway provides the foundation for scalable, secure API management.<\/p>\n<p id=\"7065\" class=\"pw-post-body-paragraph nh ni gm nj b nk of nm nn no og nq nr ns oh nu nv nw oi ny nz oa oj oc od oe gf bl\" data-selectable-paragraph=\"\">As microservices architectures continue to evolve, having a robust API Gateway like Kong becomes not just beneficial, but essential for maintaining service reliability and security at scale.<\/p>\n<article class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto [content-visibility:auto] supports-[content-visibility:auto]:[contain-intrinsic-size:auto_100lvh] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" tabindex=\"-1\" data-turn-id=\"request-WEB:77ec9bdc-34c3-4811-a065-43839a726b48-96\" data-testid=\"conversation-turn-10\" data-scroll-anchor=\"true\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto pb-10 [--thread-content-margin:--spacing(4)] thread-sm:[--thread-content-margin:--spacing(6)] thread-lg:[--thread-content-margin:--spacing(16)] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] thread-lg:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\" tabindex=\"-1\">\n<div class=\"flex max-w-full flex-col grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"df76e8ef-eb48-48b9-97a8-50aaa0bf67ee\" data-message-model-slug=\"gpt-5-1\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden first:pt-[1px]\">\n<div class=\"markdown prose dark:prose-invert w-full break-words light markdown-new-styling\">\n<p data-start=\"113\" data-end=\"300\" data-is-last-node=\"\" data-is-only-node=\"\"><strong>Related Searches &#8211; <a href=\"https:\/\/www.buildpiper.io\/containerization-kubernetes-management\/\" target=\"_blank\" rel=\"noopener\">kubernetes management tools<\/a> | <a href=\"https:\/\/opstree.com\/services\/application-platform-security-management\/\" target=\"_blank\" rel=\"noopener\">Managed DevSecOps<\/a> | <a href=\"https:\/\/opstree.com\/services\/database-and-data-engineering\/\" target=\"_blank\" rel=\"noopener\">Data Security<\/a><\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/article>\n","protected":false},"excerpt":{"rendered":"<p>Introduction In today\u2019s cloud-native ecosystem, managing API traffic efficiently is crucial for application performance and security. As organizations migrate to microservices architectures on Kubernetes, the need for a robust API Gateway becomes paramount. Enter Kong Gateway \u2014 a powerful solution that acts as the intelligent traffic director for your Kubernetes cluster. Having worked with multiple &hellip; <a href=\"https:\/\/opstree.com\/blog\/2025\/11\/18\/kong-gateway-in-kubernetes\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;A Complete Traffic Flow Guide to Using Kong Gateway in Kubernetes&#8221;<\/span><\/a><\/p>\n","protected":false},"author":244582710,"featured_media":29881,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[768739351],"tags":[7290753,768739308,729182522,719458036,343865],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/Understanding-Kong-Gateway-in.jpg","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfDBOm-7LT","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/29877"}],"collection":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/users\/244582710"}],"replies":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/comments?post=29877"}],"version-history":[{"count":5,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/29877\/revisions"}],"predecessor-version":[{"id":29922,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/29877\/revisions\/29922"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media\/29881"}],"wp:attachment":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media?parent=29877"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/categories?post=29877"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/tags?post=29877"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}