I have been trying to get started with kong authentication and following the instructions to setup the ingress controller in kubernetes and then to set up JWT authorisation.
I followed the instructions to the letter and was able to get everything set up with the expected responses until I turned authentication on. I created secrets according to the instructions and inspecting them in kubernetes show that my key (the “admin-issuer” string used in the docs) and my public RSA key are both correct, although base64 encoded.
I used jwt.io to generate my token, with a header of
{
"alg": "RS256",
"typ": "JWT"
}
and a payload of
{
"iss": "admin-issuer"
}
I also provided the same public key that I provided when setting up the secret and the corresponding signature. JWT.io verified the signature and everything seems fine, but then it fails when I try to connect to it
$ curl -I -H "Authorization: Bearer ${ADMIN_JWT}" http://kong.example/lime --resolve kong.example:80:$PROXY_IP
HTTP/1.1 401 Unauthorized
Date: Fri, 15 Sep 2023 04:38:28 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Content-Length: 50
X-Kong-Response-Latency: 7
Server: kong/3.3.1
I have tried a lot of things, including a number of different permutations of the JWT payload (the docs only mention that an issuer is required, but I tried adding iat, exp, etc), as well as recreating a GKE cluster and starting the whole thing from scratch.
I really don’t know what to try next. If somebody could confirm that the instructions work for them on a new cluster, or maybe provide some clues about where to find more info/logs to try to narrow down where exactly this is failing, that would be very much appreciated!