Hi,
I’m trying to figure out a way of configuring consumers and routes in a way that allows some consumers to use only certain methods on some routes. For example:
I have ingress with path /foo/ and the key-auth plugin enabled and acl with two consumers, consumerA and consumerB. I want the consumerA to be able to use POST only on the /foo/ path but consumerB should be able to send GET as well as POST.
I know I can use kongIngress crd to control what methods are allowed on which route but cannot see a way of doing the same for consumers and ACLs.
Am I missing something or approaching the problem from the wrong angle?
Thanks,
Martin
This would require separate routes. You’d have two otherwise identical routes, one which has methods: GET and the other that has methods: POST. The POST route would then have an ACL configuration that allows both consumerA and consumerB, whereas the GET route would have an ACL configuration that only allows consumerB.
@traines thanks. Do you know if I would need to use kongIngress or konghq.com/methods ingress annotation is sufficient?
The annotation is sufficient.
KongIngress was originally a generic catch-all for applying any Kong settings that Ingresses/Services didn’t have standard fields for. We’ve added annotations for most of those individual settings now, and generally recommend the dedicated annotations now (it’s easier to see what the configuration is at a glance since you only need to look at one resource). KongIngress is only necessary now for settings that do not have a dedicated annotation (mostly Upstream load balancing settings).