Kong GKE + ILB + OAuth (via Google)

Running into an interesting issue and I “think” I know the answer and thought I would post it to the community to confirm. Is it possible to combine Kong with Google OAuth OIDC and use an internal load balancer.

Running into an issue with OAuth OIDC URI’s. The ILB does not resolve to a .com/.org address. So configuring the URI’s to use where the redirect would go internally fails.

My options as I understand them:

  • inform my architect that ILB is just not compatible with kong and Google OIDC integration (go back to ELB)
  • add a service label to the ILB to make it appear as a routable domain (sic URI)
  • or, get creative with the Cloud DNS managed private zone

For some context:

  • API calls are a mix of on-prem and GCP
  • I’m inheriting a design which rejects use of an ELB and requires an ILB
  • I’m inheriting a design which requires Google OIDC integration
  • I have it working up to the final miles of Google OIDC integration wherein one needs to configure the Javascript and domain redirect URIs.

So I’m certain I am nearly done, unless ILB support is flat out not supported by kong in this configuration. Which seems possible based on the documentation and the lack of answers to this very setup. (first one I found in the community boards was from Jan 2019 if I recall correctly.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ