Metrics and monitoring

All Gateway Documentation

How does Kong Gateway expose metrics?

Kong Gateway can expose metrics using either of the following:

Admin API: Available at the /metrics endpoint and is enabled by default for Kong Gateway on-prem.
Status API: Available at the /metrics endpoint and is disabled by default. You must enable status_listen to use the Status API. If you’re using Konnect, you must use the Status API.

Kong Gateway will report system wide performance metrics by default. You can use Kong monitoring plugins to scrape the metrics. When a monitoring plugin has been installed and traffic is being proxied, it will record additional metrics across Gateway Service, Route, and Upstream dimensions.

How do I monitor Kong Gateway metrics?

API gateways isolate your applications from the outside world and provide critical path protection for your upstream services. Understanding the state of your API gateway system is critical to providing reliable API-based systems.

There are many monitoring and alerting systems available, and Kong Gateway integrates with multiple solutions:

Prometheus

Prometheus is an open-source systems monitoring and alerting toolkit. Prometheus provides a multi-dimensional time series data model and query language.

Prometheus plugin → Collect metrics with Kong Gateway → Monitor metrics with KIC →

Datadog

Datadog is a popular cloud based infrastructure and application monitoring service.

Datadog plugin → Set up Dynatrace with OpenTelemetry →

StatsD

StatsD is a lightweight network daemon that listens for application metrics on UDP or TCP and sends aggregated values to one or more backend services. Kong Gateway directly supports StatsD with the StatsD plugin.

StatsD plugin →

Node readiness endpoint

Use the built-in Node Readiness endpoint for monitoring when Kong Gateway is ready to accept requests.

Enable the endpoint →

What is health checking?

Health checking is an activity performed by infrastructure components (that is, load balancers) to monitor the health of a Kong Gateway node. This helps determine if a Kong Gateway node is operational and ready to process incoming requests. You can learn more about health checks (also known as “probes”) in the Health check probes guide.

Monitoring best practices

While infrastructure environments can vary widely, we encourage you to follow these general recommendations:

Enable the status_listen configuration parameter.
Always health check Kong Gateway and track the health in monitoring dashboards such as Datadog, Grafana, AppDynamics, and so on.
Configure the load balancer or other components immediately fronting Kong Gateway to use the readiness probe.
In the case of Kubernetes, configure both liveness and readiness probes for Kong Gateway, ensuring a load balancer uses the correct Kubernetes endpoints to forward traffic to Kong Gateway pods. Don’t expect the Kong Gateway readiness endpoint to respond with a 200 OK immediately after startup, as it always takes a short time for Kong Gateway to load the first configuration and build all the necessary data structures before it can successfully proxy traffic.
Set up alerting based on responses to the health checks to be proactive in case of an incident.
Don’t use the kong health CLI command to validate the overall health of the Kong Gateway, as this command only ensures that the Kong Gateway process is running and doesn’t ensure the ability or validity of the configuration.
Ensure that all nodes in a cluster are monitored. For example, checking only one Data Plane node in a cluster can’t offer reliable insight into the health of other Data Plane nodes in the same cluster.