Kong DB-less mode and dynamic Consumers

I’m studying a little bit more about service mesh (istio) and found out Kong has awesome features to work with, so I decided to integrate it in my service mesh.

I’m trying to achieve End-User Authentication feature in my service mesh, and reading a little bit more I got stuck in Consumers part. It says a Consumer is a human trying to access a Service, and since Kong in k8s is recommended without DB (due to delcarative configs) how will I implement authentication feature for my microservices for each user?

In database mode, it seems fine to keep Kong db in sync with my ‘users’ microservice db, then it’s just a matter of using a plugin. Although it seems a bad practice to create a Consumer yaml for each user that signs up in my system

How do I approach this?

Depending upon the scale of consumers, you’ve three options:

  • If there are not going to be a lot of consumers, then you can create KongConsumer resource for each user that signs up. A lot mean, less than a thousand (no data to back this up).
  • If you have a lot of consumers, then you should deploy Kong with a database and then configure the consumers in Kong’s database. Please note that only the consumers are configured via your sync script/app. Rest of the configuration will be taken care of by Kong.
  • If you can, you should rather integrate an IdP with Kong, meaning, you don’t need a consumer resource for each of your user and also get to run Kong in DB-less mode.

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ