Authors: Bipin Chandra, Shivangi Mehra, Swathi Kannan, Vaishak A, Vivek Mahalingam, Punit Bhardwaj
Instana, the most robust application performance monitoring and observability solution available today, now supports Kong API gateway monitoring. With this new capability of Instana to monitor Kong API Gateway, Instana understands what changes are needed to make best out of your investment and to optimize your API performance. This article explains how to monitor a Kong API Gateway through Instana and provides details of the performance metrics.
Kong Gateway comes with an internal RESTful Admin API for administration purposes. Requests to the Admin API can be sent to any node in the cluster, and Kong will keep the configuration consistent across all nodes.
Prerequisite
Standalone mode
In kong.conf file, make sure you have the following configuration:
Hybrid mode:
Expose the “/metrics” and “/” endpoints to the host port to access them.
To create a new Kubernetes service to expose the metrics endpoint, execute the following commands:
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: kong-cp-metrics-monitoring
namespace: kong
labels:
app: kong-cp-metrics-monitoring
spec:
selector:
app.kubernetes.io/name: kong
type: ClusterIP
ports:
- name: metrics
protocol: TCP
port: 8100
targetPort: 8100
EOF
The “/” endpoint needs to be accessed from the control plane.
To create a new Kubernetes service, expose the control plane’s port by using the following command:
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: kong-cp-monitoring
namespace: kong
labels:
app: kong-cp-monitoring
spec:
selector:
app.kubernetes.io/name: kong
type: ClusterIP
ports:
- name: root
protocol: TCP
port: 8001
targetPort: 8001
EOF
Test the service for “/metrics” endpoint
On one local terminal, expose the port 8100 using the following command:
kubectl port-forward service/ kong-cp-metrics-monitoring -n kong 8100
Expected output
You can see the following output after executing the kubectl port-forward command:
Forwarding from 127.0.0.1:8100 -> 8100
Now open another tab of Terminal. Log in to the Fyre VM where you have installed the Kong and then type the following command:
curl localhost:8100/metrics
For remote monitoring , the port-forwarding command is as follows:
kubectl port-forward service/ kong-cp-metrics-monitoring -n kong 8100 –address 0.0.0.0
Then, you can access the “/metrics” endpoint from any machine by using the following command:
curl -i <ip_of_the_vm>:8100/metrics
Test the service for “/” endpoint
On one local terminal, expose the port 8001 using port-forward
kubectl port-forward service/kong-cp-monitoring -n kong 8001
Expected output
You can see the following output after executing the kubectl port-forward command:
Forwarding from 127.0.0.1:8001 -> 8001
Now open another tab of Terminal. Log in to the Fyre VM where you have installed the Kong and then type the following command:
curl localhost:8001/
For remote monitoring , the port-forwarding command is as follows:
kubectl port-forward service/kong-cp-monitoring –-address 0.0.0.0 -n kong 8001
Then, you can access the “/” endpoint from any machine by using the following command:
curl -i <ip_of_the_vm>:8001/
Architecture of Kong API Gateway Instana sensor
Kong API Gateway Instana sensor uses the following APIs to collect the required metrics:
-
API for monitoring Kong Gateway - GET /metrics
-
API for status of Kong Gateway - GET /status
-
API for configuration data of Kong Gateway - GET /
The default metrics poll rate used in this blog is 30 seconds.
Standalone mode
When running in traditional standard mode, every Kong Gateway node runs as both control plane (CP) and data plane (DP).
Figure 1 - Kong API Gateway monitoring (Standalone mode)
You need to provide the admin listener port to collect the required metrics for the Kong node. You can configure one or more Kong nodes in the same configuration.
Standalone mode configurations
To connect to Kong API Gateway in standalone mode, configure the following fields in the agent configuration file <agent_install_dir>/etc/instana/configuration.yaml:
Hybrid mode
In hybrid mode, Kong Gateway nodes in a cluster are split into two roles: Control Plane (CP), where configuration is managed and the Admin API is served from, and Data Plane (DP), which serves traffic for the proxy.
Figure 2 - Kong API Gateway monitoring (Hybrid mode)
In hybrid mode we need to provide the admin listener port and status listener port to collect the required metrics. You can configure one or more Kong cluster in the same configuration.
Hybrid mode configurations
To connect to Kong API Gateway in hybrid mode, configure the following fields in the agent configuration file <agent_install_dir>/etc/instana/configuration.yaml:
Dashboard screen
Kong API Gateway is displayed in the infrastructure dashboard of Instana UI.
Figure 3 - Infrastructure view
It provides the basic details about the Kong API Gateway configurations and versions.
Figure 4 - Environment information
Presents the total number of NGINX timers in running and pending state.
Figure 6 - Graph of Nginx Timers
Shows the count of all status codes that are grouped by status code class (for example, 2xx, 3xx, 4xx, and 5xx)
Figure 7 - Graph of Total Traffic
Displays the total number of requests by subsystem, such as HTTP, or stream.
Figure 8 - Kong-Nginx request total graph within the table
Displays the total bandwidth (egress or ingress) flowing through Kong in bytes. This metric is available per service and as a sum across all services.
Figure 9 - Kong Bandwidth graph within the table
Presents allocated slabs in bytes in a shared-memory dictionary to store large amount of data.
Figure 10 - Shared Dictionary Allocated Slabs graph within the table
Shows the allocated memory in bytes in Worker Lua virtual machine.
Figure 11 - Allocated Bytes in Worker Lua graph within the table
Displays the total number of HTTP requests per service per route and per HTTP status code.
Figure 12 - Total HTTP Requests graph within the table
Figure 13 - Latency by services and by routes
Troubleshooting
Kong supports basic authentication for its APIs. The following are the steps to secure Kong API with basic authentication:
1. Create a new service using the following command:
curl -X POST http://127.0.0.1:8001/services --data name=admin-api --data host=127.0.0.1 --data port=8001
2. Register the route into the newly created service as follows:
curl -X POST http://127.0.0.1:8001/services/admin-api/metrics --data paths[]=/admin-api
3. Register the API for the basic authentication by using the following command:
curl -X POST http://localhost:8001/services/admin-api plugins --data "name=basic-auth" --data "config.hide_credentials=true"
4. Create a consumer by entering a username in <<username>> in the following command:
curl -d "username={consumer-1}" http://127.0.0.1:8001/consumers
5. Note the consumer ID from the previous step and use it to link the credentials to the consumer as follows:
curl -X POST http://127.0.0.1:8001/consumers/consumer-1/basic-auth --data "username=Aladdin1" --data "password=OpenSesame1"
We hope you found this article informative. For more information about the benefits of using Kong API Gateway Instana sensor, see Instana documentation.