search

Kong / kubernetes-ingress-controller

:gorilla: Kong for Kubernetes: The official Ingress Controller for Kubernetes.
https://docs.konghq.com/kubernetes-ingress-controller/
Apache License 2.0
2.2k stars 590 forks source link

Kong on Kubernetes / after securing the admin api , how to instruct the manager GUI to use the appropriate authentication #5486

Closed kdejaeger closed 7 months ago

kdejaeger commented 7 months ago

Discussed in https://github.com/Kong/kubernetes-ingress-controller/discussions/5470

Originally posted by **kdejaeger** January 23, 2024 So I installed kong for kubernetes, both the manager and admin api are publically exposed. I added basic auth on the manager gui. However, this manager gui seems to need 'just a url' reference to the admin api. Where is the authentication configuration part? Off course this admin api will need to be secured, else everyone can just mutate it. But is there any setting so that the manager web based gui can refer to the admin api in a secure way (f. ex. with a apikey or basic auth).
programmer04 commented 7 months ago

Answered in discussion https://github.com/Kong/kubernetes-ingress-controller/discussions/5470#discussioncomment-8242450

kdejaeger commented 7 months ago

Indeed the admin api is not exposed by default. But the OSS manager GUI needs the env variable admin_gui_api_url to be an exposed url. So to use the OSS manager, one needs to expose the admin api. And so then you need to secure the admin api, since it needs to be exposed. And then my question is, how can the manager still connect to an admin api that is secured?