First of all: I'm not sure if this an issue of kong itself or of the kong-oidc plugin. That's why I put the issue here, but also at kongnation.
What I want to do:
Use kong as an API gateway for some services I'm running on kubernetes. Further I want to use the kong-oidc plugin to protect those services, backed by keycloak as an IDP. Before I started I tested the concept by setting everything up with docker-compose and it worked.
The Problem:
Now I started introducing kong on my kubernetes cluster. The basic routing works fine, but kong ignores the kong-oidc plugin, so everything is unprotected.
Let me elaborate how I set things up.
Reproduction/Setup:
The kong-oidc plugin is not in the list of bundled images. That's why I created my own Dockerfile including the plugin based on kong:1.4.0-alpine :
FROM kong:1.4.0-alpine
LABEL description="Alpine + Kong 1.4.0 + kong-oidc plugin"
RUN apk update && apk add git unzip luarocks
RUN luarocks install kong-oidc
Then I used this deployment yaml (from the official minikube-guide).
Because I have my own kong-image I replaced image: kong:1.3 with image: corphub/kong-oidc:1.4.0-centos in the ingress-kong deployment. Note that I used this opportunity to go from kong-1.3 to kong-1.4.
After that I set up an Ingress for kong and the configuration for the kong-oidc plugin:
I also added the env variable KONG_CUSTOM_PLUGINS=kong-oidc to the earlier mentioned ingress-kong deplyoment because I read that somewhere, but I'm not sure if that is needed.
Now I would expect that every request going through kong would be validated by leveraging the kong-oidc plugin and keycloak. But that's just not happening. All the requests just go through as if the plugin is not there at all. I also can't find any logs which could point me in any direction.
I would love this setup to work, because I find it very elegant and robust. I hope I provided enough information, if not please ask.
Thanks in advance,
Peter
Hello!
First of all: I'm not sure if this an issue of kong itself or of the kong-oidc plugin. That's why I put the issue here, but also at kongnation.
What I want to do: Use kong as an API gateway for some services I'm running on kubernetes. Further I want to use the kong-oidc plugin to protect those services, backed by keycloak as an IDP. Before I started I tested the concept by setting everything up with docker-compose and it worked.
The Problem: Now I started introducing kong on my kubernetes cluster. The basic routing works fine, but kong ignores the kong-oidc plugin, so everything is unprotected. Let me elaborate how I set things up.
Reproduction/Setup: The kong-oidc plugin is not in the list of bundled images. That's why I created my own Dockerfile including the plugin based on
kong:1.4.0-alpine
:Then I used this deployment yaml (from the official minikube-guide). Because I have my own kong-image I replaced
image: kong:1.3
withimage: corphub/kong-oidc:1.4.0-centos
in the ingress-kong deployment. Note that I used this opportunity to go fromkong-1.3
tokong-1.4
.After that I set up an Ingress for kong and the configuration for the kong-oidc plugin:
I also added the env variable
KONG_CUSTOM_PLUGINS=kong-oidc
to the earlier mentioned ingress-kong deplyoment because I read that somewhere, but I'm not sure if that is needed.Now I would expect that every request going through kong would be validated by leveraging the kong-oidc plugin and keycloak. But that's just not happening. All the requests just go through as if the plugin is not there at all. I also can't find any logs which could point me in any direction.
I would love this setup to work, because I find it very elegant and robust. I hope I provided enough information, if not please ask. Thanks in advance, Peter