How to enable CORS plugin on K8S and dbless kong

Kubernetes
#1

I have to enable CORS plugin on K8S and dbless kong.
Any example available?

Thanks in advance

#2

@arvtiwar Please do not cross-post. It leaves threads hanging in the forum and the maintainers have a hard time navigating all the notifications. If you post once, please have patience and someone will get back to you as soon as they can.

Regarding this:

What problem did you run into? That looks correct on the face of it.
The general guidelines is that you should take the config part of the plugin configuration from the docs site and then change it to YAM format under the config property of KongPlugin resource.

#3

Sorry for cross-post.
This is how I set up the plugin and ingress


My problem is, it is not at all setting up the CORS headers as defined in config.
Thanks
Arvind

#4

Can you login into the Kong container and check if the plugin has the right configuration ?
You can use Kong’s Admin API to check that.

#5

FYI, this Kong community edition. I guess kong-admin is not for community edition?
More info
This K8S 1.16.2 instance on DigitalOcen
I have two service {myapp-web, myapp-api} running which kong is proxing.

Observation 1
If remove (configuration.konghq.com: myapp-kong-ingress) below which enforces HTTPS and access “http://devui.myapp.net” on HTTP all CORS headers are set and all works fine

Observation 2
When I enable (configuration.konghq.com: myapp-kong-ingress) and access “https://devui.myapp.net” on HTTPS, CORS plugin is not working as no header on API response

Observation 3
Directly hitting the API after enabling “http-add-header”, no header is there as we are setting up “Access-Control-Allow-Origin: https://devui.myapp.net” on the plugin

Any idea?

Also when you say “login into the Kong container” you mean using the shell? are we running shell in “kong-proxy” container? More context please

Thanks

#6

shell into the kong-proxy container and look up the Admin API.

#7

Thanks Harry for all the suggestions. let me try

#8

I’m noticing this behavior as well.
mainly Access-Control-Allow-Headers and Access-Control-Allow-Methods

Name:         cors
Namespace:    default
Labels:       <none>
Annotations:  <none>
API Version:  configuration.konghq.com/v1
Config:
  Credentials:  true
  exposed_headers:
    Authorization
  Headers:
    Accept
    Accept-Version
    Content-Length
    Content-MD5
    Content-Type
    Date
    X-Requested-With
  max_age:  3600
  Methods:
    GET
    POST
    PUT
    DELETE
    OPTIONS
  Origins:
    *
  preflight_continue:  false
Kind:                  KongPlugin
Metadata:
  Creation Timestamp:  2021-09-12T18:08:28Z
  Generation:          1
  Managed Fields:
    API Version:  configuration.konghq.com/v1
    Fields Type:  FieldsV1
    fieldsV1:
      f:config:
        .:
        f:credentials:
        f:exposed_headers:
        f:headers:
        f:max_age:
        f:methods:
        f:origins:
        f:preflight_continue:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:plugin:
    Manager:         Go-http-client
    Operation:       Update
    Time:            2021-09-12T18:08:28Z
  Resource Version:  14686
  UID:               b8669971-67bc-4916-a964-c0b70e639d4c
Plugin:              cors
Events:              <none>