Metrics and monitoring

Kong Gateway can expose metrics using either of the following:

• Admin API: Available at the /metrics endpoint and is enabled by default for Kong Gateway on-prem.
• Status API: Available at the /metrics endpoint and is disabled by default. You must enable status_listen to use the Status API. If you’re using Konnect, you must use the Status API.

Kong Gateway will report system wide performance metrics by default. You can use Kong monitoring plugins to scrape the metrics. When a monitoring plugin has been installed and traffic is being proxied, it will record additional metrics across Gateway Service, Route, and Upstream dimensions.

API gateways isolate your applications from the outside world and provide critical path protection for your upstream services. Understanding the state of your API gateway system is critical to providing reliable API-based systems.

There are many monitoring and alerting systems available, and Kong Gateway integrates with multiple solutions:

Health checking is an activity performed by infrastructure components (that is, load balancers) to monitor the health of a Kong Gateway node. This helps determine if a Kong Gateway node is operational and ready to process incoming requests. You can learn more about health checks (also known as “probes”) in the Health check probes guide.

While infrastructure environments can vary widely, we encourage you to follow these general recommendations:

• Enable the status_listen configuration parameter.
• Always health check Kong Gateway and track the health in monitoring dashboards such as Datadog, Grafana, AppDynamics, and so on.
• Configure the load balancer or other components immediately fronting Kong Gateway to use the readiness probe.
• In the case of Kubernetes, configure both liveness and readiness probes for Kong Gateway, ensuring a load balancer uses the correct Kubernetes endpoints to forward traffic to Kong Gateway pods. Don’t expect the Kong Gateway readiness endpoint to respond with a 200 OK immediately after startup, as it always takes a short time for Kong Gateway to load the first configuration and build all the necessary data structures before it can successfully proxy traffic.
• Set up alerting based on responses to the health checks to be proactive in case of an incident.
• Don’t use the kong health CLI command to validate the overall health of the Kong Gateway, as this command only ensures that the Kong Gateway process is running and doesn’t ensure the ability or validity of the configuration.
• Ensure that all nodes in a cluster are monitored. For example, checking only one Data Plane node in a cluster can’t offer reliable insight into the health of other Data Plane nodes in the same cluster.