JWT Credential Causes Kong To Die


#1

Hi There,

I am adding a consumer + jwt plugin + credential:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
   name: user-gunicorn
spec:
   replicas: 3
   selector:
      matchLabels:
         app: user-gunicorn
   template:
      metadata:
         labels:
            app: user-gunicorn
      spec:
         containers:
            - name: user-gunicorn
              image: docker.weightrack.io/user-gunicorn
              env:
              - name: GUNICORN_WORKERS
                value: "5"

---

apiVersion: v1
kind: Service
metadata:
  name: user-gunicorn
  labels:
     app: user-gunicorn
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: user-gunicorn-http
  selector:
    app: user-gunicorn

---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
   name: api.weightrack.io-user-gunicorn
   annotations:
     plugins.konghq.com: user-kong-cors
     plugins.konghq.com: user-kong-jwt
spec:
   rules:
     - host: api.weightrack.io
       http:
         paths:
           - path: /user
             backend:
               serviceName: user-gunicorn
               servicePort: 80

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
   name: api.weightrack.io-user-gunicorn-register
   annotations:
     plugins.konghq.com: user-kong-cors
spec:
   rules:
     - host: api.weightrack.io
       http:
         paths:
           - path: /user/register
             backend:
               serviceName: user-gunicorn
               servicePort: 80

---

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: user-kong-cors
  namespace: default
plugin: cors
config:
  origins: "*"
  methods:
      - GET
      - HEAD
      - PUT
      - PATCH
      - POST
  headers:
      - "Origin"
      - "Access-Control-Request-Headers"
      - "Access-Control-Allow-Origin"
  exposed_headers:
      - "Origin"
      - "Access-Control-Request-Headers"
      - "Access-Control-Allow-Origin"
  preflight_continue: "true"
  credentials: "true"

---

apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
  name: user-kong-consumer
  namespace: default
username: jwt_consumer
custom_id: jwt_consumer

---

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: user-kong-jwt
  namespace: default
plugin: jwt
config:
  claims_to_verify: "exp"

---

apiVersion: configuration.konghq.com/v1
kind: KongCredential
metadata:
name: jwt-credential
consumerRef: user-kong-consumer
type: jwt

When I apply this, it does not create a jwt credential and actually causes my kong ingress pod to stop working to the point where I have to redeploy it.

When I status kubelet, I get a message saying there was an error syncing the pod.

Is my JWT Plugin configuration correct? What else might explain this behavior?

Thanks for your help!