Enabling plugins via custom resources (KongPlugin) on existing consumers in database

Hi,

I’m attempting to configure a small number of plugins on Kong 1.5 (using DB). I was wondering if it’s possible to enable plugins using Kong custom resources for existing consumers. Specifically, I’ve tried something like

apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
  name: rate-limit-test-consumer
  annotations:
    konghq.com/plugins: rate-limit-test
username: my-username
custom_id: my-custom-id

with

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: rate-limit-test
config:
  minute: 10
  limit_by: consumer
  policy: local
plugin: rate-limiting

with the user existing in the database, and no dice(plugin is not returned by admin api at /plugins or /consumers//plugins). However, if it’s a consumer that does not already exist (specifically, neither “custom_id” nor “username” match a user in the database), the plugin is properly enabled and shows up in the admin API.

Is this possible?

You need to either managed configuration via Kubernetes CRDs or do it manually via the Admin API. If you try to do both of them, you will have such issues.

For your use-case, you could try to setup your consumers via CRDs only.

Hey hbagdi,

Thanks for you reply! I noticed that adding the tag managed-by-ingress-controller allows it to be configured via custom resources. Is there a strong recommendation against adding this tag to all consumers (via admin API) and configuring plugins/consumers for a small number of cases declaratively via CRs?

I’m aware that it’s a bit shaky, so was thinking of disabling deletes from admin api altogether, since it’s possible to revoke access to a consumer simply by expiring their api key.

If you add the tag managed-by-ingress-controller then you have to make sure that a KongConsumer resource exists in the Kubernetes data-store, else the controller will delete the consumer.