I’m able to configure (service, route, consumer & credentials)the basic-auth using documentation Admin API’s - Basic Authentication plugin | Kong Docs .
I want to use of yaml files - plugin enable, KongPlugin resource to service (present in documentation), Create a Consumer & Create a Credential (no sample yaml file/kind exists in documentation)
Kong gateway + DB (Postgres) deployed in namespace-1
Service is available in namespace-2
How to configure this using yaml based?
#create a Consumer and configure the credentials to use the secret created
apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: consumer
annotations: kubernetes.io/ingress.class: kong
username: username
credentials:
secretconsumer
when we applied at Gateway side and entries are not inserting into DB(Postgres), any other insights here?
The Kubernetes YAML applies to both. The controller makes API requests appropriate to whichever mode you’re using on your behalf.
Is that Service used by an Ingress? The controller won’t create any configuration for a Service alone, it has be used as the backend for some Ingress rule or similar.
If so, the first troubleshooting step to take when configuration isn’t updating is the review the controller container logs. It can include errors that indicate if that or some other piece of configuration is invalid and preventing it from sending updates to the Kong admin API.
Referring to attached screen shot, this is creating the new service but need to apply the basic-auth plugin to existing service which has created thru service object(Admin API - v2.8.x | Kong Docs).
how it will decide internally to use the Admin API port (8001) while deploying through the yaml file
Kong Hub | Plugins and Integrations | Kong Docs ==> i’m looking for plugins documentation Basic Authentication, OAuth 2.0 Authentication, Kong Spec Expose & Response Size Limiting
can we deploy these plugins purely using yaml files or Admin API(using curl) + yaml files?
here, Admin API command is applying basic auth plugin to service which already exists (which is inserting into database and working fine)
Admin API:
curl -X POST http://localhost:8001/services/SERVICE_NAME|SERVICE_ID/plugins
–data “name=basic-auth”
–data “config.hide_credentials=true”
here, plugin and service is getting created independantly, plugin is not applying on service level and functionality is not similar to Admin API
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: basic-auth-example
config:
hide_credentials: true
plugin: basic-auth
my requirement is to apply basic-auth plugin(using yaml) to existing service and should insert into database as similar to Admin API with curl command.
looking single yaml file to fulfill the request as similar Admin API with curl command.
my comments ==> I’m connecting to cluster using KUBECONFIG file, how it will choose the Admin API mode thru kubernetes(yaml based)
Is that Service used by an Ingress? The controller won’t create any configuration for a Service alone, it has be used as the backend for some Ingress rule or similar.
my comments ==> defined service & route objects , able to invoke the service thru proxy port( url:kong-proxy of EXTERNAL-IP :proxy port/servicename)
The controller reads a CONTROLLER_KONG_ADMIN_URL environment variable to find the admin API. In most installations this is set for you via static configuration (the manifests available in the controller Github repo) or via automation in the Helm chart.
The guides on the plugin pages do show the minimal configuration needed to apply a plugin to a particular resource type because they’re intended as brief reference examples for users already familiar with controller configuration in general. They don’t provide a complete end-to-end set of instructions to create everything you need; that is instead provided by the guides. Again, I’d recommend going through Provisioning Consumers and Credentials - v2.5.x | Kong Docs to get a working example up and to understand the relation between Ingresses and Services first, and then applying that knowledge to the configuration you actually want to create.
