admin api authentication for kong

2/24/2021

I am running kong in the k8s cluster, kong-admin API has no authentication which is resulting in anyone with nodeAddress:port can update or delete the service or routes. One option is to run kong as localhost, and every time while performing CRUD operation, ssh to the node and from there do the updates. I want to know is there any plugin, or some other way possible to give kong-admin an authentication?

-- notification channel
authentication
kong
kong-ingress
kong-plugin
kubernetes

1 Answer

2/24/2021

Kong documentation provides clear guidelines how to secure the admin api in case you want it to be exposed differently than localhost.

  • You can restrict the traffic by small subset of IP ranges with some firewall. One of the option is to secure this with iptables as described in Layer 3/4 Network control.
  • Another way would be Looping thru Kong.
  • Lastly you can edit the nginx configuration available in kong.yml to add directives such as auth basic module.

If the documentation is not enough you can find all of them described also in google groups here and here.

-- acid_fuji
Source: StackOverflow