Nokia/kong-oidc and Auth0 on Kubernetes help

I set up Kong locally (Docker) with Nokia’s oidc plugin and used Auth0 as the OIDC authority – it worked wonderfully well!

I’ve since moved an identical service into Kubernetes using dist-kubernetes. I exposed the ingress-data-plane via Load Balancer and set an A record for the LB’s IP. The kong service’s route points to a deployment’s ClusterIP service and the host is the A record.

For some reason, Kong is bypassing the OIDC plugin and is routing straight to the deployment without authentication. Any ideas how I’d go about debugging?

How have you installed the plugin? git://kong-dist-kubernetes will always run the latest official Kong image which comes with our bundled plugins but won’t include the Nokia OIDC plugin.

Either make your own Dockerfile that additionally installs Nokia’s plugin, or use https://github.com/Kong/docker-kong/tree/master/customize. You’ll also need to update the kong-dist-kubernetes YAML files to reference your Kong image instead of image: kong

I’ve written a Docker container which adds the plugin onto the latest Kong image. From there I’ve dropped the container into a registry and have adjusted the deployment yaml accordingly.

I’ve also enabled the plugin (verified with Konga) and entered the same application info from my working local system (user access key, secret key, callback url, and discovery url). I don’t believe plugin installation is the problem…