Kong Admin API Socket Hangup

Questions
1

Hello, I’m new to Kong and trying to access the Admin API for the first time. I used the portal to run a local docker container with the following command:

docker run -d \
-e "KONG_ROLE=data_plane" \
-e "KONG_DATABASE=off" \
-e "KONG_VITALS=off" \
-e "KONG_NGINX_WORKER_PROCESSES=1" \
-e "KONG_CLUSTER_MTLS=pki" \
-e "KONG_CLUSTER_CONTROL_PLANE=8108f349c6.us.cp0.konghq.com:443" \
-e "KONG_CLUSTER_SERVER_NAME=8108f349c6.us.cp0.konghq.com" \
-e "KONG_CLUSTER_TELEMETRY_ENDPOINT=8108f349c6.us.tp0.konghq.com:443" \
-e "KONG_CLUSTER_TELEMETRY_SERVER_NAME=8108f349c6.us.tp0.konghq.com" \
-e "KONG_CLUSTER_CERT=-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----" \
-e "KONG_CLUSTER_CERT_KEY=-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----" \
-e "KONG_LUA_SSL_TRUSTED_CERTIFICATE=system" \
-e "KONG_KONNECT_MODE=on" \
-e "KONG_CLUSTER_DP_LABELS=created-by:quickstart,type:docker-macOS" \
-p 8000:8000 \
-p 8443:8443 \
kong/kong-gateway:3.3

This runs just fine and connects to Kong Konnect where I’m able to add plugins and etc. Now I want to access the Admin API so I shut down the container, and add this to the script, thinking it would expose the Admin API:

-p 8001:8001 \
-p 8444:8444 \

But I’m getting this error in Postman

image
image2180×1704 164 KB

Any idea what’s happening? I’ve also tried adding the following configurations.

-e "KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl"

-e "KONG_ADMIN_LISTEN=127.0.0.1:8001 reuseport backlog=16384, 127.0.0.1:8444 http2 ssl reuseport backlog=16384" -e "KONG_ADMIN_ERROR_LOG=/dev/stderr" -e "KONG_ADMIN_ACCESS_LOG=/dev/stdout"
2

Hey Arvind,

When using Kong Konnect, the Admin API isn’t served on the same machine as the dataplane you just installed.

You’ll need to send requests to https://global.api.konghq.com.

Here is the documentation outlining how to use the Konnect Admin API: Konnect Admin API

Here is the spec document for using the API: Runtime Group Configuration API

Somethings have changed between the on-prem and Konnect versions. You need to specify /v2/ as the root path and use your runtime group id to target your specific instance. Do this by calling a GET on the /runtime-groups endpoint and using the returned “id” for the rest of your calls.

Thanks,
Vince

1 Like
3

Ahhhh wow this is what I was looking for. How do I use the Konnect Admin API to create API keys?

These docs really aren’t helpful for that: Key Auth | Kong Docs

4

Nvm I see what’s happening now. The management API is basically at https://global.api.konghq.com/v2/runtime-groups/{runtime_group_id}/{Management API path of interest}

And now you have to use a Personal Access Token to use it.