Hello community!
I’m using kong with k8s and an external storage (Vault) to manage authentication credentials via the key-auth plugin. However, I’m facing an integration challenge.
ik, Kong expects Kubernetes Secrets to have the following structure:
apiVersion: v1
kind: Secret
metadata:
name: my-api-key
labels:
konghq.com/credential: key-auth # Is this label mandatory?
type: Opaque
stringData:
key: my_secret_key
The issue is that my external storage (Vault) is responsible for automatically creating Secrets in Kubernetes, but it does not allow me to define custom labels at creation time. As a result, the generated Secrets look like this:
apiVersion: v1
kind: Secret
metadata:
name: my-api-key
type: Opaque
stringData:
key: my_secret_key
Or, in another scenario, I can add custom metadata but not labels
Can Kong read a Secret without the konghq.com/credential: key-auth
label?
Or is there a way to configure Kong to use a different metadata field to identify a key-auth Secret?
i’m OSS user