I am running kong in the k8s cluster, kong-admin API has no authentication which is resulting in anyone with nodeAddress:port can update or delete the service or routes. One option is to run kong as localhost, and every time while performing CRUD operation, ssh to the node and from there do the updates. I want to know is there any plugin, or some other way possible to give kong-admin an authentication?
Kong documentation provides clear guidelines how to secure the admin api in case you want it to be exposed differently than localhost.
kong.yml
to add directives such as auth basic module.If the documentation is not enough you can find all of them described also in google groups here and here.