K
Q

admin api authentication for kong

2/24/2021

I am running kong in the k8s cluster, kong-admin API has no authentication which is resulting in anyone with nodeAddress:port can update or delete the service or routes. One option is to run kong as localhost, and every time while performing CRUD operation, ssh to the node and from there do the updates. I want to know is there any plugin, or some other way possible to give kong-admin an authentication?

-- notification channel
authentication
kong
kong-ingress
kong-plugin
kubernetes

Similar Questions

applying task in k8s pod
Prometheus kube_pod_container_status_waiting_reason not capturing pod CrashLoopBackOff reason
Use short lived token to push docker image to GCP
How to set PAM auth for jupyterhub on Kubernetes cluster?
Airflow k8s operator xcom - Handshake status 403 Forbidden

1 Answer

2/24/2021

Kong documentation provides clear guidelines how to secure the admin api in case you want it to be exposed differently than localhost.

  • You can restrict the traffic by small subset of IP ranges with some firewall. One of the option is to secure this with iptables as described in Layer 3/4 Network control.
  • Another way would be Looping thru Kong.
  • Lastly you can edit the nginx configuration available in kong.yml to add directives such as auth basic module.

If the documentation is not enough you can find all of them described also in google groups here and here.

-- acid_fuji
Source: StackOverflow