Get Started with Dynamic Plugin Ordering

    Let’s say you want to limit the amount of requests against your service and route before Kong requests authentication. You can describe this dependency with the token .

    The following example uses the Rate Limiting Advanced plugin with the plugin as the authentication method.

    Admin API

    Kubernetes

    decK (YAML)

    Call the Admin API on port 8001 and enable the rate-limiting plugin, configuring it to run before key-auth:

    cURL

    HTTPie

    1. http -f post :8001/plugins \
    2.   name=rate-limiting \
    3.   config.minute=5 \
    4.   config.policy=local \
    5.   config.limit_by=ip \
    6.   ordering.before.access=key-auth
    1. apiVersion: configuration.konghq.com/v1
    2. kind: KongClusterPlugin
    3. metadata:
    4.   name: limit-before-key-auth
    5.   labels:
    6.     global: "true"
    7.   annotations:
    8.     kubernetes.io/ingress.class: "kong"
    9. config:
    10.   minute: 5
    11.   policy: local
    12.   limit_by: ip
    13. plugin: rate-limiting
    14. ordering:
    15.   before:
    16.     - key-auth
      1.  plugins:
      2.  - name: rate-limiting
      3.    config:
      4.      minute: 5
      5.      policy: local
      6.      limit_by: ip
      7.    ordering:
      8.      before:
      9.        access:
      10.          - key-auth

      Your file should now look like this:

      This plugin will be applied globally, which means the rate limiting applies to all requests, including every Service and Route in the Workspace.

      If you pasted the plugin section under an existing Service, Route, or Consumer, the rate limiting would only apply to that specific entity.

    2. Sync the configuration:

      1.  deck sync

    Authentication after request transformation

    The following example is similar to running .

    For example, you may want to first transform a request, then request authentication after transformation. You can describe this dependency with the token after.

    Instead of changing the order of the Request Transformer plugin, you can change the order of the authentication plugin (, in this example).

    Kubernetes

    decK (YAML)

    Call the Admin API on port 8001 and enable the basic-auth plugin, configuring it to run after request-transformer:

    cURL

    HTTPie

    1. curl -i -X POST http://<admin-hostname>:8001/plugins \
    2.   --data name=basic-auth \
    3.   --data ordering.after.access=request-transformer
    1. http -f post :8001/plugins \
    2.   name=basic-auth \
    3.   ordering.after.access=request-transformer

    1. Add a new plugins section to the bottom of your kong.yaml file. Enable basic-auth and set the plugin to run after :

      1.  plugins:
      2.  - name: basic-auth
      3.    ordering:
      4.      after:
      5.        access:
      6.          - request-transformer

      Your file should now look like this:

      1.  _format_version: "3.0"
      2.  services:
      3.  - host: mockbin.org
      4.    name: example_service
      5.    port: 80
      6.    protocol: http
      7.    routes:
      8.    - name: mocking
      9.      paths:
      10.      - /mock
      11.      strip_path: true
      12.  plugins:
      13.  - name: basic-auth
      14.    config: {}
      15.    ordering:
      16.      after:
      17.        access:
      18.          - request-transformer

      Note: By default, enabled is set to true for the plugin. You can disable the plugin at any time by setting enabled: false.