This is my first question/issue here so let me know if it misses some details.
We start to use Kong as an Ingress Controller but I have a small issue around the Kong plugin JWT
Here is what I have currently:
- 2 separate apps on the same K8s cluster (separated by namespaces)
- KongPlugin JWT on the Ingress for both apps
- KongConsumer and KongCredential for each namespace
- My routes are protected (401 when I access the route without any token)
- On both apps, The tokens are checked and authenticated with both consumers. It’s an issue as I want to validate the token only with the consumer corresponding to the current namespace (different signature key per namespace).
So what I tried to do is: Adding a consumerRef to my KongPlugins to specify which credentials to use when validating the token.
But it doesn’t work. The plugin is not attached to a specific consumer and no errors show up in the kong ingress controller.
Do we have limitations around this consumerRef property? Do I miss something on how to connect a plugin on a specific namespace to specific credentials?
Thank you for your help