Kong · lena-larionova · Jun 5, 2024 · May 1, 2024 · May 1, 2024 · May 3, 2024
@@ -0,0 +1,21 @@
+description: |
+  This configuration enables AI Proxy with Anthropic.
+
+prereqs: 
+  - A route with `paths[]=~/anthropic-chat$` configured. Apply the plugin to this route.
+
+custom_values: 
+  - auth.header_value
+
+config:
+  route_type: "llm/v1/chat"
+  auth:
+    header_name: "apikey"
+    header_value: "<anthropic_key>"  # add your own Anthropic API key
+  model:
+    provider: "anthropic"
+    name: "claude-2.1"
+    options:
+      max_tokens: 512
+      temperature: 1.0
+      top_p: 256
@@ -0,0 +1,20 @@
+description: |
+  This configuration enables AI Proxy with Azure OpenAI Service.
+
+prereqs: 
+  - A route with `paths[]=~/azure-chat$` configured. Apply the plugin to this route.
+
+custom_values: 
+  - auth.header_value
+
+config:
+  route_type: "llm/v1/chat"
+  auth:
+    header_name: "api-key"
+    header_value: "<azure_ai_access_key>" # add your own Azure OpenAI access key
+  model:
+    provider: "azure"
+    name: "gpt-35-turbo"
+    options:
+      azure_instance: "ai-proxy-regression"
+      azure_deployment_id: "kong-gpt-3-5"
@@ -0,0 +1,20 @@
+description: |
+  This configuration enables AI Proxy with Cohere.
+
+prereqs: 
+  - A route with `paths[]=~/cohere-chat$` configured. Apply the plugin to this route.
+
+custom_values: 
+  - auth.header_value
+
+config:
+  route_type: "llm/v1/chat"
+  auth:
+    header_name: "Authorization"
+    header_value: "Bearer <cohere_key>"  # add your own Cohere API key
+  model:
+    provider: "cohere"
+    name: "command"
+    options:
+      max_tokens: 512
+      temperature: 1.0
@@ -0,0 +1,14 @@
+description: |
+  This configuration enables AI Proxy with Llama2.
+
+prereqs: 
+  - A running Llama2 instance.
+  - A route with `paths[]=~/llama2-chat$` configured. Apply the plugin to this route.
+
+config:
+  route_type: "llm/v1/chat"
+  model:
+    provider: "llama2"
+    name: "llama2"
+    llama2_format: "ollama"
+    upstream_url: "http://llama2-server.local:11434/api/chat"
@@ -0,0 +1,20 @@
+description: |
+  This configuration enables AI Proxy with Mistral.
+
+prereqs: 
+  - A running Mistral instance.
+  - A route with `paths[]=~/mistral-chat$` configured. Apply the plugin to this route.
+
+custom_values: 
+  - auth.header_value
+
+config:
+  route_type: "llm/v1/chat"
+  auth:
+    header_name: "Authorization"
+    header_value: "Bearer <MISTRAL_AI_KEY>"
+  model:
+    provider: "mistral"
+    name: "mistral-tiny"
+    mistral_format: "openai"
+    upstream_url: "https://api.mistral.ai/v1/chat/completions"
@@ -0,0 +1,20 @@
+description: |
+  This configuration enables AI Proxy with OpenAI.
+
+prereqs:
+  - A route with `paths[]=~/openai-chat$` configured. Apply the plugin to this route.
+
+custom_values: 
+  - auth.header_value
+
+config:
+  route_type: "llm/v1/chat"
+  auth:
+    header_name: "Authorization"
+    header_value: "Bearer <openai_key>"  # add your own OpenAI API key
+  model:
+    provider: "openai"
+    name: "gpt-4"
+    options:
+      max_tokens: 512
+      temperature: 1.0
@@ -0,0 +1,16 @@
+description: |
+  Send Kong Gateway logs to Splunk in raw text using the `/services/collector/raw` Splunk endpoint.
+
+  Adjust the `http_endpoint` and its secure token in `headers.Authorization` to your own values.
+
+custom_values: 
+  - headers.Authorization
+  - http_endpoint
+
+config:
+  headers:
+    Authorization: "Splunk 123456"
+  http_endpoint: "https://example.splunkcloud.com:8088/services/collector/raw"
+  method: POST
+  timeout: 3000
+  retry_count: 1
@@ -0,0 +1,18 @@
+description: |
+  Authenticate headless service consumers using Auth0's identity provider.
+
+prereqs:
+  - Auth0 API configured with the `openid` scope. Find your `issuer` URL and `audience`
+  in your Auth0 API configuration.
+  - A Kong service with `url` configured to match your Auth0 API Identifier.
+
+custom_values: 
+  - issuer
+  - audience
+
+config:
+  auth_methods:
+    - client_credentials
+  issuer: "https://<auth0 API name>.auth0.com/.well-known/openid-configuration"
+  audience: "<auth0 API identifier>"
+
@@ -0,0 +1,26 @@
+description: |
+  Authenticate browser clients using an Azure AD identity provider.
+
+prereqs:
+  - A Kong route secured with HTTPS.
+  - In Azure AD, configure a redirect URI that is handled by your route.
+  - In Azure AD, register an app and add a client secret credential that this plugin will use to access it.
+
+custom_values: 
+  - issuer
+  - client_id
+  - client_secret
+  - redirect_uri
+  - scopes
+
+config:
+  issuer: "https://login.microsoftonline.com/YOUR_DIRECTORY_ID/v2.0/.well-known/openid-configuration"
+  client_id: "YOUR_CLIENT_ID"
+  client_secret: "YOUR_CLIENT_SECRET"
+  redirect_uri: "https://example.com/api"
+  scopes:
+    - openid
+    - email
+    - profile
+    - "YOUR_CLIENT_ID/.default"
+  verify_parameters: false
@@ -0,0 +1,15 @@
+description: |
+  Integrate Kong Gateway with Amazon Cognito.
+
+prereqs:
+  - Set up an Amazon Cognito User Pool and Application Definition before configuring the plugin.
+
+custom_values: 
+  - issuer
+  - client_id
+  - client_secret
+
+config:
+  issuer: "https://cognito-idp.<REGION>.amazonaws.com/<USER-POOL-ID>"
+  client_id: "YOUR_CLIENT_ID"
+  client_secret: "YOUR_CLIENT_SECRET"
@@ -0,0 +1,27 @@
+description: |
+  Integrate Kong Gateway and the Curity Identity Server for introspection using the
+  Phantom Token pattern.
+
+prereqs:
+  - Curity Identity Server installed.
+  - An introspection endpoint configured with the Token Procedure Approach.
+
+custom_values: 
+  - issuer
+  - client_id
+  - client_secret
+
+config:
+  issuer: "https://idsvr.example.com/oauth/v2/oauth-anonymous"
+  client_id: "YOUR_CLIENT_ID"
+  client_secret: "YOUR_CLIENT_SECRET"
+  scopes_required:
+    - openid
+  hide_credentials: true
+  upstream_access_token_header: nil
+  upstream_headers_claims:
+    - phantom_token
+  upstream_headers_names: 
+    - phantom_token
+  auth_methods:
+    - introspection
@@ -0,0 +1,22 @@
+description: |
+  Authenticate browser clients using Google's identity provider.
+
+prereqs: 
+  - A Kong service secured with HTTPS.
+  - Set up a Google API project and create a set of OAuth client ID credentials with the Web application class. 
+  - An authorized redirect URI for the part of the API you want to protect.
+
+custom_values: 
+  - issuer
+  - client_id
+  - client_secret
+  - redirect_uri
+
+config:
+  issuer: "https://accounts.google.com/.well-known/openid-configuration"
+  client_id: "YOUR_CLIENT_ID"
+  client_secret: "YOUR_CLIENT_SECRET"
+  redirect_uri: "https://example.com/api"
+  scopes:
+    - openid
+    - email
@@ -0,0 +1,27 @@
+description: |
+  Authenticate browser clients using Okta.
+
+prereqs: 
+  - A Kong route secured with HTTPS.
+  - A registered application in Okta pointing to the Kong route.
+  - Any network access control to your Kong node must allow traffic to and from Okta, the upstream service, and the client.
+
+custom_values: 
+  - issuer
+  - client_id
+  - client_secret
+  - redirect_uri
+
+config:
+  issuer: "https://YOUR_OKTA_DOMAIN/oauth2/YOUR_AUTH_SERVER/.well-known/openid-configuration"
+  client_id: "YOUR_CLIENT_ID"
+  client_secret: "YOUR_CLIENT_SECRET"
+  redirect_uri: "https://example.com/api"
+  scopes_claim:
+    - scp
+  scopes:
+    - openid
+    - email
+    - profile
+  auth_methods:
+    - authorization_code
@@ -0,0 +1,9 @@
+description: |
+  Users are allowed 200 requests per 30 minutes, resetting exactly on the 30 minute mark with no carryover of unused limits.
+
+config:
+  limit: 
+    - 200
+  window_size: 
+    - 1800
+  window_type: fixed
@@ -0,0 +1,9 @@
+description: |
+  A fixed limit of 500 requests per hour resetting sharply on the hour, ensuring no user can exceed this limit.
+
+config:
+  limit: 
+    - 500
+  window_size: 
+    - 3600
+  window_type: fixed
@@ -0,0 +1,9 @@
+description: |
+  A strict limit of 5000 requests per day resetting promptly at midnight, preventing any burst traffic or inconsistent user experiences.
+
+config:
+  limit: 
+    - 500
+  window_size: 
+    - 86400
+  window_type: fixed
@@ -0,0 +1,10 @@
+description: |
+   Each user can make up to 100 requests every rolling hour, with the plugin continuously 
+   adjusting the count over the course of the hour. There is no hard limit or known reset.
+
+config:
+  limit: 
+    - 100
+  window_size: 
+    - 3600
+  window_type: sliding
@@ -0,0 +1,10 @@
+description: |
+  Each user can make up to 300 requests in any rolling 30 minute period, 
+  with the plugin continuously adjusting the count as new requests are made.
+
+config:
+  limit: 
+    - 300
+  window_size: 
+    - 1800
+  window_type: sliding
@@ -0,0 +1,12 @@
+description: |
+  Each user is allowed 500 requests every rolling hour.
+  If the limit is exceeded and the user receives a 429 error, each additional request within the sliding window (hour) 
+  will extend the wait time by about 12 minutes, continuously adjusting as new requests are made.
+
+config:
+  limit: 
+    - 500
+  window_size: 
+    - 3600
+  window_type: sliding
+  disable_penalty: false