New Topic: Securing the KIC-kong

[Rajakavitha1]

Is there an existing issue for this?

• [X] I have searched the existing issues

Problem Statement

As a user, I'd like to know how to secure KIC-Kong communication with mTLS when using Gateway Discovery

Proposed Solution

No response

Additional information

No response

Acceptance Criteria

• Provide instructions how to configure mTLS with Gateway Discovery
• Instructions may be provided as a response to this issue and @Rajakavitha1 will port to the WIP KIC 3.0 branch in docs

[mheap]

https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/using-gateway-discovery/ mentions the following:

As Kong Ingress Controller and Kong Gateway deployments are separate, you should enable TLS client verification for the Admin API service so that no one from inside the cluster can access it without a valid certificate. This can be done by setting ingressController.adminApi.tls.client.enabled option in the Helm chart to true. It will create a CA certificate and a CA-signed certificate for the client, and respective Kubernetes TLS Secrets for both.

I'll test these instructions first