Introduction
Kong Gateway has been the default answer to "which API gateway should we run?" for the better part of a decade, and in 2026 it's still hard to dislodge. The OSS core is mature, the plugin catalog is enormous, and the company has done a credible job pivoting the platform to also handle AI/LLM traffic without bolting on a separate product.
That said, the experience of actually running Kong in production is more nuanced than the marketing site suggests. I've shipped it on bare metal, on EKS, and tested the Konnect SaaS plane. The short version: the floor is high, the ceiling is higher, and the slope between them is steeper than you'd expect.
Key Features
The plugin ecosystem is the real product
Kong ships with over 100 plugins covering auth (OIDC, JWT, key-auth, LDAP), rate limiting, request/response transformations, logging, and traffic control. This is the moat. You can stand up mTLS, OAuth2 introspection, and per-consumer quotas without writing a line of code.
AI Gateway is more than a checkbox
The AI gateway features — prompt templating, semantic caching, provider failover across OpenAI, Anthropic, and self-hosted models, token-level rate limiting — are genuinely useful. If you're already running Kong for REST APIs, layering LLM traffic on top is a real consolidation play instead of running Portkey AI Gateway or LiteLLM as a separate hop.
Kubernetes-native via Kong Ingress Controller
KIC is one of the better-maintained ingress controllers out there. CRD-driven config, Gateway API support, and decent operator ergonomics. If your team lives in Helm and kubectl, this fits cleanly.
Konnect control plane
Konnect splits the control plane (SaaS) from the data plane (your infra). For teams who want to stop running Postgres for Kong config but still keep traffic on their own network, this is the right shape.
Dev portal and analytics
The dev portal is fine — not best-in-class, not embarrassing. Analytics in Konnect Plus are good enough that you can probably skip a separate APM tool for gateway-layer metrics.
Pricing Breakdown
| Plan | Price | What you get |
|---|---|---|
| OSS | Free | Self-hosted gateway, core plugins, Admin API, community support |
| Konnect Free | Free | Managed control plane, 1 runtime group, basic analytics, dev portal for 1 team |
| Konnect Plus | Custom | Multiple runtime groups, AI gateway, advanced analytics, RBAC, SSO, SLA |
| Enterprise | Custom | Full plugin library, FIPS compliance, 24/7 support, Kong Mesh, dedicated CSM |
Here's the honest part: "Custom" means you're getting on a call with sales, and the quote scales with the number of services, requests, and runtime groups. Expect five-figure annual numbers for any production-serious Konnect Plus footprint, and six figures for Enterprise. The OSS tier is genuinely usable forever — but the plugins you actually want for production (OIDC, advanced rate limiting variants, mTLS at scale) increasingly live behind the paid tier.
Pros
- Battle-tested at scale. Kong runs in front of some of the largest APIs on the internet. The performance and reliability story is unimpeachable.
- Massive plugin ecosystem. Whatever traffic-shaping or auth thing you need to do, someone has already written a plugin for it.
- One platform for REST and LLM traffic. The AI gateway features are real, not vaporware, and they share the same config model.
- Strong Kubernetes story. KIC is well-maintained and the Gateway API support is current.
- Konnect removes the worst part of running Kong — managing the control plane Postgres — without forcing you to give up data-plane sovereignty.
Cons
- Configuration complexity is real. Declarative YAML is powerful but the learning curve is steep. New engineers will not be productive on day one.
- Pricing is opaque. Konnect's pricing page tells you almost nothing. Any nontrivial scale means a sales call.
- Plugin authoring requires Lua. If you want to write a custom plugin, you're writing Lua. Go plugins exist but have caveats.
- Self-hosted HA is non-trivial. Running Kong in HA without Konnect means owning Postgres (or Cassandra, historically) reliability. That's a real ops cost.
- Feature gating creeps. Several plugins that used to be free have migrated to Enterprise. The OSS tier is still good, but watch the trend line.
Who Is It For
Good fit: Mid-to-large engineering teams with a dedicated platform or infra group, running APIs at scale, who need a single gateway for both traditional and LLM traffic. Teams already on Kubernetes will get the most leverage.
Decent fit: Smaller teams who want to start on OSS Kong and grow into it. The OSS tier is genuinely usable for years if you can absorb the ops cost.
Bad fit: Solo developers or small teams who just need an LLM proxy with cost controls — that's LiteLLM or Portkey AI Gateway territory, not Kong. Also a bad fit for teams allergic to YAML or unwilling to invest in platform engineering.
Verdict
Kong Gateway in 2026 is what it has been for years: the safe, capable, slightly-overengineered choice. If you need an API gateway that will not embarrass you under load, will not get acquired and shut down, and can handle both your REST and your LLM traffic without a second product, Kong is the answer.
The catch is that the path from "free OSS" to "production-grade Konnect with the features you actually want" is shorter and more expensive than the marketing suggests. Walk in with eyes open: budget for the platform engineer who will own it, and have a conversation with sales early so the Konnect quote doesn't blindside you six months in.
Rating: 7.8/10. Recommended for teams that need a serious API gateway and have the engineering capacity to run one. If you're shopping purely for an LLM gateway and the rest is overkill, look at Portkey AI Gateway or LiteLLM first.