How do you handle thousands of users with key-auth in k8s?

I’m looking to add API key-based authentication to my API.

I’m looking at docs around the key-auth plugin:

I understand that in Kubernetes, Kong usually runs without database. Then the usual way to create users is according to the second link above is to create a KongConsumer resources alongside a kongCredType secret.

I don’t understand how this solution is supposed to scale to hundreds or thousands of users. It seems like it’s more suited for a handful of service-to-service auths. Juggling thousands of KongConsumer k8s resources for my users seems sketchy.

Should I be looking at running Kong with a database and using the REST API to manage user keys?


If you have a few thousands of users (<5000), you can use the DB-less mode of Kong but if you have a large number of consumers, then please use the DB-mode and use Kong’s Admin API to provision the consumers and their credentials directly.

@hbagdi Does this mean that CP and the Database need to be up and running all the time, unlike suggested in the documentation that they can be brought down as long as DP are up and running ?