I’m looking to add API key-based authentication to my API.
I’m looking at docs around the key-auth plugin:
- https://docs.konghq.com/hub/kong-inc/key-auth/
- https://github.com/Kong/kubernetes-ingress-controller/blob/master/docs/guides/using-consumer-credential-resource.md
I understand that in Kubernetes, Kong usually runs without database. Then the usual way to create users is according to the second link above is to create a KongConsumer resources alongside a kongCredType secret.
I don’t understand how this solution is supposed to scale to hundreds or thousands of users. It seems like it’s more suited for a handful of service-to-service auths. Juggling thousands of KongConsumer k8s resources for my users seems sketchy.
Should I be looking at running Kong with a database and using the REST API to manage user keys?