I’m looking to add API key-based authentication to my API.
I’m looking at docs around the key-auth plugin:
I understand that in Kubernetes, Kong usually runs without database. Then the usual way to create users is according to the second link above is to create a KongConsumer resources alongside a kongCredType secret.
I don’t understand how this solution is supposed to scale to hundreds or thousands of users. It seems like it’s more suited for a handful of service-to-service auths. Juggling thousands of KongConsumer k8s resources for my users seems sketchy.
Should I be looking at running Kong with a database and using the REST API to manage user keys?