Hi,
I’am having trouble getting the basic auth plugin working with the kong ingress controller. This is my current setup:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: basic-auth
config:
hide_credentials: true
plugin: basic-auth
apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: cluster-admin
annotations:
kubernetes.io/ingress.class: "kong"
username: cluster-admin
apiVersion: configuration.konghq.com/v1
kind: KongCredential
metadata:
name: cluster-admin-credential
annotations:
kubernetes.io/ingress.class: "kong"
consumerRef: cluster-admin
type: basic-auth
config:
username: cluster-admin
password: super-secret-password
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: my-service-ingress
annotations:
plugins.konghq.com: basic-auth
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- secretName: kong-tls-secret
hosts:
- my-service.domain.com
rules:
- host: my-service.domain.com
http:
paths:
- backend:
serviceName: my-service
servicePort: 80
Kubernetes version: 1.16.2
Kong Ingress controller version: 0.6.0
Kong version: 1.3
When I call the url my-service.domain.com
I get a 401 response with the message “Invalid authentication credentials”. So the plugin is loaded correctly but the credentials are not loaded.
It looks like the ingress controller is not finding the KongConsumer and KongCredential. When I check de logs on the ingress controller there is no record of the consumer or credentials. I don’t see any records of the consumer and credentials in the kong postgres database.
I’ve tried creating the consumer and credentials with and without the kubernetes.io/ingress.class
annotation as mentioned here. But that does not seem to do the trick.
Kong is in it’s own kubernetes namespace named “kong”. I’am not sure if this matters, I’ve tried creating the consumer and credentials in the kong namespace and the default namespace where the “my-service” lives.
Any suggestions on how to solve this problem?
Thanks
Tom