Closed cnukwas closed 6 months ago
As far as I know there is no support for RBAC (and by extension, Manager authentication) in DB-less mode. If you want additional authentication options in DB-less mode, you'll want to file a support ticket with a feature request for it.
Setting env.password
does not define the super admin password per se. It's not a typical kong.conf setting like most env
settings, but instead directs initial database migrations to create a super admin with that password.
I'm checking around to see why we don't actually disallow enabling RBAC when using DB-less mode. I'm not sure why the documentation for RBAC doesn't mention anything about it one way or the other either.
Note that if you do switch to using a database, you'll need to delete and re-create the Helm release, as the initial install is the only time it runs initial migrations. Once you've done so, you can remove the env.password
setting. It has no effect after initial migrations; all admin management is handled via the database and admin API after.
I'll reopen this if I find further information of interest, but don't expect I will.
Tried with most of the default configuration with Db-less and without Ingress Controller component. Pod comes up fine when logged into Kong Manager UI with kong-admin password that's set in the secret, I get "Username/Password is invalid" error. Any clues on what we're missing here or this is a known limitation of the DB-less approach?
I could see
curl http://locallost:8001
andhttp://locallost:8001/routes
calls are successful when ran from the same or different pod.Applied Helm chart with below values.yaml after creating necessary secrets and configmaps.
Secrets: kong-session-config, kong-ee-pass, and kong-enterprise-license
kong-session-config secret data: