I was wondering if there is a way to associate an ingress resource with a plugin that has been defined in a different namespace. I’d like to be able to create a set of global plugins in one namespace and have those plugins be available to all services across all namespaces. I am using the Kubernetes ingress controller.
For instance:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: internal-only-ip
namespace: ops
config:
whitelist:
- 10.0.0.0/32
plugin: ip-restriction
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: kong
plugins.konghq.com: internal-only-ip
name: echoserver
namespace: dev
spec:
rules:
- host: echo.web.com
http:
paths:
- backend:
serviceName: echo
servicePort: 80
Currently this doesn’t work because the ingress controller assumes that the plugin is defined in the same namspace as the resource that consumes it. The controller prints errors that look like this:
fetching KongPlugin dev/internal-only-ip: plugin dev/internal-only-ip was not found
Is there a simple workaround for this? If not, would it be possible to extend the ingress controller to handle things like this?