Closed maraswrona closed 3 years ago
@maraswrona - RBAC is a licensed feature of the Kong Gateway. https://docs.konghq.com/enterprise/changelog/#enterprise-8. If no license is present either on the file system, environment variable or applied via the admin API the setting in kong.conf is not used. Have you applied a license?
Following this announcement: https://konghq.com/blog/kong-gateway-enterprise-2-3-now-generally-available/ I assumed the Kong Gateway Enterprise is now available for free. I assumed that Kong Manager, being the part of the Kong Gateway is also included and available for free, along with its features. I simply followed the documentation to set it up and got stuck on the issue described above.
So based on what you're saying, the RBAC (or authentication in general?) is only available on the paid plan of Kong Gateway / Kong Manager? Can I still use Kong + Kong Manager with all its other features without authentication enabled? Unfortunately I haven't found in the documentation any explicit listing of the features available and unavailable in the free version.
BTW. I'm currently using Kong OSS but since I saw the Enteprise version was now free I thought I could try migrating, but maybe it is not worthwhile afterall? What do you think?
So based on what you're saying, the RBAC (or authentication in general?) is only available on the paid plan of Kong Gateway / Kong Manager?
The link to a change log entry @RobSerafini referenced discuses a portion of the free vs licensed features that are available:
The TL;DR there is that yes you can use Kong Manager in free mode with Kong Gateway, but not all features will be available to you; UI notifications should be present in Kong Manager when attempting to use a licensed feature.
Unfortunately I haven't found in the documentation any explicit listing of the features available and unavailable in the free version.
There is a small matrix that helps differentiate between free and licensed mode, but it currently doesn't indicate portions of the Kong Gateway that are enable/disabled based on a license being applied. We'll get this list enhanced and make sure it is prominent in our documentation; thank you for bringing this to our attention.
An older video describing the difference between Kong Gateway (previously known as Kong Enterprise Edition) and Kong Gateway (OSS) (e.g Kong Community Edition) can be found here. To key in on the differences I captured a screenshot from this video; the one area to note is Kong Manager is now available starting with Kong Gateway 2.3.
BTW. I'm currently using Kong OSS but since I saw the Enterprise version was now free I thought I could try migrating, but maybe it is not worthwhile after all? What do you think?
Using Kong Gateway in free mode opens up the ability to use Kong Manager and easily migrate to a licensed/paid tier should the need arise for using licensed only features. All Kong Gateway (OSS) functionality is available within the free mode of Kong Gateway, issues/discussions can still occur here for the mode items, and you get the extra benefits listed in the announcement link presented earlier. With all of that said it is definitely worthwhile to continue using Kong Gateway in free mode.
@mikefero Thank you for your insightful response. This clarifies everything.
This actually means if i were to use the enterprise image of kong kong/kong-manager tag:"2.8"
and just enable kong manager in my values configuration - i would not be ale to use kong manager in the free mode ??
This is how my kong manager gui looks -
i have exposed it as ELB ... enabled rbac as well in my values file. Also have changed service port of manager and admin to 80
http:
# Enable plaintext HTTP listen for Kong Manager
enabled: true
servicePort: 80
containerPort: 8002
# Set a nodePort which is available if service type is NodePort
# nodePort: 32080
# Additional listen parameters, e.g. "reuseport", "backlog=16384"
parameters: []
tls:
# Enable HTTPS listen for Kong Manager
enabled: true
servicePort: 443
containerPort: 8445
# Set a nodePort which is available if service type is NodePort
# nodePort: 32443
# Additional listen parameters, e.g. "reuseport", "backlog=16384"
parameters:
- http2
My browser network trace :
That is the IP of kong-manager service ELB..... but the port is mapping to :8001 which is of kong admins service.
How do i use kong manager without authentication in free mode ... Do help me out.
@koushikraghu1297 Yes, this is very non-intuitive how to use the Manager in the free mode. Do I need to add an admin, login, authenticate, ...
Do you see the default workspace as here? Click it and voila...
I have the same problem but the defauit Workspaces not enable
Summary
Steps To Reproduce
/teams
page./login
page but the message says "Authentication is not enabled."rbac
andenforce_rbac
are set to"off"
even though they are 100% set toon
inkong.conf
and all the relevant configuration is done according to documentation.There is nothing useful or at least obvious in startup or error logs.
What am I missing? How can I further debug or troubleshoot this? This seems like a bug to me, hence the bug report, but maybe I'm just so blind. Also noticed very similar issue reported in the Charts repository: https://github.com/Kong/charts/issues/357 - maybe these are related.
Additional Details & Logs