First, I have experience with configuring Kong using PostgreSQL database.
I’m now learning about Kong Ingress Controller (KIC) on Kubernetes, I’ve got Kong deployed on my cluster, services and routes configured, key-auth plugin added, it’s all working - so far so good.
Although this Provisioning Consumers and Credentials - v2.8.x | Kong Docs explains how to configure the key-auth plugin for KIC, it creates API key from a dummy literal stored in Kubernetes secret:
kubectl create secret generic kotenok-key-auth \ --from-literal=kongCredType=key-auth \ --from-literal=key=gav
This is all clear and good for learning, but I assume this is not how it’s done at larger scale or in production, is it? What is the proper way to manage API keys at scale?
The Key Authentication plugin | Kong Docs makes this recommendation:
Does this apply to DB-only installation of Kong or does it also apply to DB-less and Kong Ingress Controller?
Is there any way to request KIC to automatically generate API key and perhaps even store it in Kubernetes secret?