Home / Dedicated Cloud Gateways
Edit
Report

Configure an Azure managed cache for a Dedicated Cloud Gateway control plane group

Uses: Kong Gateway
Incompatible with
on-prem
Related Documentation
Gateway Documentation
Related Resources
Dedicated Cloud Gateways
Partials
Minimum Version
Kong Gateway - 3.13
TL;DR

After your Dedicated Cloud Gateway Azure network is ready, send a POST request to the /cloud-gateways/add-ons endpoint to create your Azure managed cache. For control plane groups, you must manually create a Redis partial on each control plane that references the Konnect managed cache. Then use the Redis configuration in a Redis-backed plugin, specifying the Konnect managed cache as the shared Redis configuration (for example: konnect-managed).

Prerequisites

Dedicated Cloud Gateway

This is a Konnect tutorial that requires Dedicated Cloud Gateways access.

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
    • Dedicated Cloud Gateway Control Plane: You can use an existing Dedicated Cloud Gateway or create a new one to use for this tutorial.
    • Network ID: The default Dedicated Cloud Gateway network ID can be found in API Gateway > Network
  2. Set these values as environment variables: 
     export KONNECT_TOKEN='YOUR KONNECT TOKEN'
 export KONNECT_NETWORK_ID='KONNECT NETWORK ID'

A managed cache for Dedicated Cloud Gateways is a Redis-compatible datastore that powers all Redis-enabled plugins. This is fully managed by Kong in the region and provider of your choice, so you don’t have to host Redis infrastructure. Using a managed cache allows you to get up and running faster with Redis-backed plugins, such as Proxy Caching, Rate Limiting, AI Rate Limiting, ACME, and so on.

Set up an Azure managed cache on a control plane group

Set up a control plane, control plane group, and a managed cache for the group. All control planes in the group will have access to the managed cache.

Create a hybrid control plane

First, you need to create a hybrid control plane. The Dedicated Cloud control plane group aggregates the hybrid control plane’s configurations and passes them on to the Dedicated Cloud Gateway data plane nodes.

  1. In the Konnect sidebar, click API Gateway.
  2. Click New.
  3. Select New API gateway.
  4. Select Self-managed.
  5. Select Docker.
  6. In the Gateway name field, enter hybrid-cp.
  7. Click Create.
  8. Scroll and click Set up later.
  9. Copy and export the control plane ID that you’ll configure the partial for: 
    export CONTROL_PLANE_ID='YOUR CONTROL PLANE ID'

Create a Dedicated Cloud control plane group

You can use a Dedicated Cloud control plane group to isolate the Gateway configuration by team while still sharing a Dedicated Cloud Gateway cluster.

  1. In the Konnect sidebar, click API Gateway.
  2. Click New.
  3. Select New control plane group.
  4. In the Name field, enter dcgw-control-plane-group.
  5. From the Control Planes dropdown menu, select hybrid-cp.
  6. For the Node Type, select Dedicated Cloud.
  7. Click Save.
  8. Click Configure data plane.
  9. From the Provider dropdown menu, select “Azure”.
  10. From the Region dropdown menu, select the region you want to configure the cluster in.

  11. Edit the Network range as needed.

    Important: Your Azure virtual network must use a different IP than your network in Konnect, which is 10.0.0.0/16 by default but can be edited.

  12. From the Access dropdown menu, select “Public” or “Private”.
  13. Click Create data plane node.

  14. Click Go to overview.

    Important: Wait until your Azure network displays as Ready before proceeding to the next step.

  15. Copy and export the ID of the control plane group you want to configure the managed cache for: 
    export CONTROL_PLANE_GROUP_ID='YOUR CONTROL PLANE GROUP ID'

Create a managed cache for your control plane group

Now that you’ve configured your Dedicated Cloud control plane group, you can add a managed cache to the control plane group.

  1. Create a managed cache using the Cloud Gateways add-ons API:

    curl -X POST "https://global.api.konghq.com/v2/cloud-gateways/add-ons" \
     --no-progress-meter --fail-with-body  \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "name": "managed-cache",
       "owner": {
         "kind": "control-plane-group",
         "control_plane_group_id": "'$CONTROL_PLANE_GROUP_ID'",
         "control_plane_group_geo": "us"
       },
       "config": {
         "kind": "managed-cache.v0",
         "capacity_config": {
           "kind": "tiered",
           "tier": "small"
         }
       }
     }'

    When you configure a managed cache, you can select the small (~1 GiB capacity) cache size. Additional cache sizes will be supported in future updates. All regions are supported and you can configure the managed cache for multiple regions.

  2. Export the ID of your managed cache from the response: 
    export MANAGED_CACHE_ID='YOUR MANAGED CACHE ID'

  3. Check the status of the managed cache. Once it’s marked as ready, it indicates the cache is ready to use:

    curl -X GET "https://global.api.konghq.com/v2/cloud-gateways/add-ons/$MANAGED_CACHE_ID" \
     --no-progress-meter --fail-with-body  \
     -H "Authorization: Bearer $KONNECT_TOKEN"

    This can take about 15 minutes.

Configure Redis for plugins

Next, you must manually create a Redis partial configuration on each control plane where Redis-backed plugins are enabled. Each Redis partial will use the managed cache that you just set up.

Note: You can’t use the Redis partial configuration in custom plugins. Instead, use env referenceable fields directly.

Create a managed cache Redis partial

Now that you’ve created your managed cache, you must manually create a Redis partial for it.

  1. Create a Redis partial configuration:

    curl -X POST "https://us.api.konghq.com/v2/control-planes/$CONTROL_PLANE_ID/core-entities/partials" \
     --no-progress-meter --fail-with-body  \
     -H "Authorization: Bearer $KONNECT_TOKEN" \
     --json '{
       "name": "konnect-managed",
       "type": "redis-ee",
       "config": {
         "host": "{vault://env/ADDON_MANAGED_CACHE_HOST}",
         "port": "{vault://env/ADDON_MANAGED_CACHE_PORT}",
         "username": "{vault://env/ADDON_MANAGED_CACHE_USERNAME}",
         "ssl": true,
         "ssl_verify": true,
         "server_name": "{vault://env/ADDON_MANAGED_CACHE_SERVER_NAME}",
         "database": 0,
         "connect_timeout": 2000,
         "read_timeout": 5000,
         "send_timeout": 2000,
         "keepalive_backlog": 512,
         "keepalive_pool_size": 256,
         "connection_is_proxied": false,
         "cloud_authentication": {
           "auth_provider": "azure",
           "azure_client_id": "{vault://env/ADDON_MANAGED_CACHE_AZURE_CLIENT_ID}",
           "azure_client_secret": "{vault://env/ADDON_MANAGED_CACHE_AZURE_CLIENT_SECRET}",
           "azure_tenant_id": "{vault://env/ADDON_MANAGED_CACHE_AZURE_TENANT_ID}"
         }
       }
     }'

  2. Repeat the previous step for all the control planes in your control plane group.

Apply the managed cache Redis partial to a plugin

To demonstrate how you can use a managed cache in a Redis-supported plugin, let’s apply this configuration to a Rate Limiting Advanced plugin.

  1. In the Konnect sidebar, click API Gateway.
  2. Click your Dedicated Cloud Gateway.
  3. In the API Gateway sidebar, click Plugins.
  4. Click New plugin.
  5. Select Rate Limiting Advanced.
  6. In the Rate Limit Window Type fields, enter 100 and 3600.
  7. Click View advanced parameters.
  8. In the Strategy dropdown menu, select “redis”.
  9. In the Shared Redis Configuration dropdown menu, select your Konnect-managed configuration.
  10. In the Sync Rate field, enter 5.
  11. Click Save.
  12. Repeat steps 1 - 11 for each control plane in your control plane group.

Important: If you’re configuring your plugins with decK, you must include the konnect-managed partial default lookup tag to ensure the managed cache partial is available. Add the following to your plugin config file:

_info:
default_lookup_tags:
  partials:
    - konnect-managed

Validate

Verify that the Rate Limiting Advanced plugin is using the managed cache partial configuration: 

curl -X GET "https://us.api.konghq.com/v2/control-planes/$CONTROL_PLANE_ID/core-entities/plugins" \
     --no-progress-meter --fail-with-body  \
     -H "Authorization: Bearer $KONNECT_TOKEN"

In the response, locate your rate-limiting-advanced plugin and confirm that config.strategy is set to redis and that the partials array contains your managed Redis partial:

"partials": [
    {
      "id": "dcf411a3-475b-4212-bdf8-ae2b4dfa0a04",
      "name": "konnect-managed",
      "path": "config.redis"
    }
  ]

Next Steps

Dedicated Cloud Gateways production readiness checklist
Something wrong?
Report an Issue | Edit this Page
View all Kong documentation

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help?

Ask in our Forum
Contact Support