I’m studying a little bit more about service mesh (istio) and found out Kong has awesome features to work with, so I decided to integrate it in my service mesh.
I’m trying to achieve End-User Authentication feature in my service mesh, and reading a little bit more I got stuck in Consumers part. It says a Consumer is a human trying to access a Service, and since Kong in k8s is recommended without DB (due to delcarative configs) how will I implement authentication feature for my microservices for each user?
In database mode, it seems fine to keep Kong db in sync with my ‘users’ microservice db, then it’s just a matter of using a plugin. Although it seems a bad practice to create a Consumer yaml for each user that signs up in my system
Depending upon the scale of consumers, you’ve three options:
If there are not going to be a lot of consumers, then you can create KongConsumer resource for each user that signs up. A lot mean, less than a thousand (no data to back this up).
If you have a lot of consumers, then you should deploy Kong with a database and then configure the consumers in Kong’s database. Please note that only the consumers are configured via your sync script/app. Rest of the configuration will be taken care of by Kong.
If you can, you should rather integrate an IdP with Kong, meaning, you don’t need a consumer resource for each of your user and also get to run Kong in DB-less mode.
Thanks for replying! Can you please explain a little more about the third option? How do I integrate with as IdP? Is there a famous one well used by community? How does that work?