Creating ACL groups in db-less (Ingress controller) mode


I’m using Kong in ‘Ingress controller’ mode, without a database (the default helm chart install) on Kubernetes. I want to use the ACL plugin, with ACL groups, to limit certain consumers to using certain services. I see this question pop up a lot on this form, and the answer is always to ‘create ACL groups, assign consumers to groups, and use the ACL plugin on the service to allow specific ACL groups’. Sounds great, but how do it create ACL groups? I can create a consumer using ‘KongConsumer’ CRD, but there’s no CRD resource for ACL group. Creating it through the admin API also doesn’t work without a database.

{“message”:“cannot create ‘acls’ entities when not using a database”,“name”:“operation unsupported”,“code”:12}

So how do I create these ACL groups ‘on-the-fly’?


Maybe this official doc helps?

Oh my… I’ve read that document at least 10 times before posting here and completely missed the part where you can specify a group in a secret of type ACL. Thanks for pointing me to the doc, it works now!

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ