I am currently using the KongIngress in association with KongConsumer and KongCredential and I am taking an approach similar to One Consumer per user.
I wonder, to have a correct user management, I’m planning to have an active directory (like LDAP) without using the plugin (my workflow is kind of weird).
So I will probably have to map my consumer and my users (via custom_id) and to create a new consumer when I create a new User (probably using 2PC) .
The main problem (for me) using kong as an ingress and not as an app here is I will have to dynamically update kubernetes via Kubernetes-API to create/update consumer. Isn’t it evil? In this case, shouldn’t I use Kong as an app?
For me, Kubernetes configuration must be versionned, but here I have dynamic update so I can’t version it, so it will look kind of awkward to have some of my kubernetes conf installed and some are not.
Kong’s Ingress controller currently controls all aspects of Kong. We have plans to add support for manually creating resources in Kong which will be ignored by Kong Ingress Controller. Until that is implemented, you cannot manage resources in Kong using both Ingress Controller and another application or directly via Admin API.
You could edit the code to disable the sync on Consumers and their credentials.
Have a look at this file, you can change the code there to skip syncing consumers and credentials:
With that being said, tagging feature was released in Kong 1.1 and we are currently doing development in the Ingress Controller to sync only k8s managed entities to Kong. This will allow you to manually create consumers and credentials in Kong without creating their corresponding KongConsumer and KongCredential objects.