Password Protect Admin API on Kubernetes

Hello Team,

We have recently migrated to Kong Ingress Controller. We are now planning to password protect our Admin API so that only authorized users can access this. The issue we are facing is, the pod is going into CrashLoopBackOff status when we try this. We realized that the proxy container is working fine but the ingress-controller container is the one failing as it needs to communicate with the Kong using the url https://0.0.0.0:8444. We tried parsing the environment variable using below but still it doesn’t work for us.

- name: CONTROLLER_KONG_ADMIN_HEADER
  value: "Authorization: Basic <base64 encoded text>"

The password configuration is configured in the configmap in the below format.

data:
  admin_htpasswd: |-
 <encrypted user credentials>
  kong.conf: |-
       nginx_admin_auth_basic = "closed admin site"
       nginx_admin_auth_basic_user_file = "/etc/kong/admin_htpasswd"

Could you please let us know the right way to use this and fix the issue. Thanks in Advance.

Can you try "Authorization:Basic <base64 encoded text>"? Please remove the space between : and Basic.

I tried it and the ingress-controller logs are shown as below. I’m guessing the way I encrypted is wrong. Could you please point me to the documentation to configure this.

I0626 08:55:48.156880       1 main.go:536] Running in Kubernetes Cluster version v1.18 (v1.18.4) - git (clean) commit c96aede7b5205121079932896c4ad89bb93260af - platform linux/amd64
F0626 08:55:48.165735       1 main.go:201] 401 Unauthorized <html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
</body>
</html>

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ