I’am having trouble getting the basic auth plugin working with the kong ingress controller. This is my current setup:
apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: basic-auth config: hide_credentials: true plugin: basic-auth
apiVersion: configuration.konghq.com/v1 kind: KongConsumer metadata: name: cluster-admin annotations: kubernetes.io/ingress.class: "kong" username: cluster-admin
apiVersion: configuration.konghq.com/v1 kind: KongCredential metadata: name: cluster-admin-credential annotations: kubernetes.io/ingress.class: "kong" consumerRef: cluster-admin type: basic-auth config: username: cluster-admin password: super-secret-password
apiVersion: extensions/v1beta1 kind: Ingress metadata: name: my-service-ingress annotations: plugins.konghq.com: basic-auth kubernetes.io/tls-acme: "true" cert-manager.io/cluster-issuer: letsencrypt-prod spec: tls: - secretName: kong-tls-secret hosts: - my-service.domain.com rules: - host: my-service.domain.com http: paths: - backend: serviceName: my-service servicePort: 80
Kubernetes version: 1.16.2
Kong Ingress controller version: 0.6.0
Kong version: 1.3
When I call the url
my-service.domain.com I get a 401 response with the message “Invalid authentication credentials”. So the plugin is loaded correctly but the credentials are not loaded.
It looks like the ingress controller is not finding the KongConsumer and KongCredential. When I check de logs on the ingress controller there is no record of the consumer or credentials. I don’t see any records of the consumer and credentials in the kong postgres database.
I’ve tried creating the consumer and credentials with and without the
kubernetes.io/ingress.class annotation as mentioned here. But that does not seem to do the trick.
Kong is in it’s own kubernetes namespace named “kong”. I’am not sure if this matters, I’ve tried creating the consumer and credentials in the kong namespace and the default namespace where the “my-service” lives.
Any suggestions on how to solve this problem?