Install Kong Manager

Kong Manager is the graphical user interface (GUI) for Kong Gateway. It uses the Kong Admin API under the hood to administer and control Kong Gateway.

Kong’s Admin API must be accessible over HTTP from your local machine to use Kong Manager

Prerequisites

Installation

Kong Manager is served from the same node as the Admin API. To enable Kong Manager, make the following changes to your values-cp.yaml file.

  1. Set admin_gui_url, admin_gui_api_url and admin_gui_session_conf under the env key.

    1.  env:
    2.    admin_gui_url: http://manager.example.com
    3.    admin_gui_api_url: http://admin.example.com
    4.    # Change the secret and set cookie_secure to true if using a HTTPS endpoint
    5.    admin_gui_session_conf: '{"secret":"secret","storage":"kong","cookie_secure":false}'

  2. Replace example.com in the configuration with your domain.

  3. Enable Kong Manager authentication under the enterprise key.

    1.  enterprise:
    2.    rbac:
    3.      enabled: true
    4.      admin_gui_auth: basic-auth

  4. Configure the manager section in values-cp.yaml. Replace example.com with your custom domain name.

    EKS

    AKS

    GKE

    KIC

    If you are testing and do not have a VPN set up for your VPC, you may change the alb.ingress.kubernetes.io/scheme annotation to internet-facing to add a public IP address. This is not recommended for long running deployments

    1. manager:
    2.   enabled: true
    3.   http:
    4.     enabled: true
    5.   tls:
    6.     enabled: false
    8.   ingress:
    9.     enabled: true
    10.     hostname: manager.example.com
    11.     path: /
    12.     pathType: Prefix
    13.     ingressClassName: alb
    14.     annotations:
    15.       alb.ingress.kubernetes.io/load-balancer-name: kong-alb-private
    16.       alb.ingress.kubernetes.io/group.name: demo.kong-alb-private
    17.       alb.ingress.kubernetes.io/target-type: instance
    18.       alb.ingress.kubernetes.io/scheme: internal
    19.       alb.ingress.kubernetes.io/healthcheck-path: /
    20.       alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}]'

    If you are testing and do not have a VPN set up, you may change the appgw.ingress.kubernetes.io/use-private-ip annotation to false to add a public IP address. This is not recommended for long running deployments

    1. manager:
    2.   enabled: true
    3.   http:
    4.     enabled: true
    5.   tls:
    6.     enabled: false
    8.   ingress:
    9.     enabled: true
    10.     hostname: manager.example.com
    11.     path: /
    12.     pathType: Prefix
    13.     ingressClassName: azure-application-gateway
    14.     annotations:
    15.       appgw.ingress.kubernetes.io/use-private-ip: "true"

    If you are testing and do not have a VPN set up, you may change the kubernetes.io/ingress.class annotation to gce to add a public IP address. This is not recommended for long running deployments

    1. manager:
    2.   enabled: true
    3.   http:
    4.     enabled: true
    5.   tls:
    6.     enabled: false
    7.   annotations:
    8.     beta.cloud.google.com/backend-config: '{"default":"kong-hc"}'
    9.   ingress:
    10.     enabled: true
    11.     hostname: manager.example.com
    12.     path: /
    13.     pathType: Prefix
    14.     annotations:
    15.       kubernetes.io/ingress.class: gce-internal

    All endpoints proxied by Kong Ingress Controller will be publicly accessible. Use an authentication plugin to secure your API

    1. manager:
    2.   enabled: true
    3.   http:
    4.     enabled: true
    5.   tls:
    6.     enabled: false
    8.   ingress:
    9.     enabled: true
    10.     hostname: manager.example.com
    11.     path: /
    12.     pathType: Prefix
    13.     ingressClassName: kong

  5. Run helm upgrade to update the release.

    1.  helm upgrade kong-cp kong/kong -n kong --values ./values-cp.yaml

  6. Fetch the Ingress IP address and update your DNS records to point at the Ingress address. You can configure DNS manually, or use a tool like external-dns to automate DNS configuration.

    1.  kubectl get ingress -n kong kong-cp-kong-manager -o jsonpath='{.spec.rules[0].host}{": "}{range .status.loadBalancer.ingress[0]}{@.ip}{@.hostname}{end}'

Testing

Visit the URL in env.admin_gui_url in a web browser to see the Kong Manager log in page. The default username is kong_admin, and the password is the value you set in env.password when installing the Kong Gateway control plane in the previous step.

Troubleshooting

I can’t log in to Kong Manager

Check that env.password was set in values-cp.yaml before installing Kong. Kong Gateway generates a random admin password if this is not set. This password can not be recovered and you must reinstall Kong to set a new admin password.

What are my login credentials?

The Kong super admin username is kong_admin, and the password is the value set in env.password in values-cp.yaml.

Kong Manager shows a white screen

Ensure that env.admin_gui_api_url is set correctly in values-cp.yaml.

Previous Configure the Admin API