Creating ACL groups in db-less (Ingress controller) mode

ronald17 · October 6, 2021, 10:52am

Hi,

I’m using Kong in ‘Ingress controller’ mode, without a database (the default helm chart install) on Kubernetes. I want to use the ACL plugin, with ACL groups, to limit certain consumers to using certain services. I see this question pop up a lot on this form, and the answer is always to ‘create ACL groups, assign consumers to groups, and use the ACL plugin on the service to allow specific ACL groups’. Sounds great, but how do it create ACL groups? I can create a consumer using ‘KongConsumer’ CRD, but there’s no CRD resource for ACL group. Creating it through the admin API also doesn’t work without a database.

{“message”:“cannot create ‘acls’ entities when not using a database”,“name”:“operation unsupported”,“code”:12}

So how do I create these ACL groups ‘on-the-fly’?

Thanks,
Ronald

fomm · October 6, 2021, 11:18am

Maybe this official doc helps?

ronald17 · October 6, 2021, 2:57pm

Oh my… I’ve read that document at least 10 times before posting here and completely missed the part where you can specify a group in a secret of type ACL. Thanks for pointing me to the doc, it works now!

Topic		Replies	Views
Cannot figure out ACL plugin Questions	2	448	February 24, 2024
Kong Ingress Controller : Configure ACL without KongCredentials Questions kubernetes	3	1028	February 26, 2020
Configure ACL using Kong Ingress Controller Questions kubernetes	14	5311	March 21, 2019
Add ACLgroup to consumers Questions	1	531	May 10, 2018
ACL plugin not working in db-less mode Questions	3	1230	April 15, 2020

Creating ACL groups in db-less (Ingress controller) mode

Related topics