Is there a way to reference a kubernetes secret in a Kong plugin yaml file?

145 Views Asked by lxodowd At 20 October 2024 at 00:52

I have a Kong introspection plugin and would like the introspection url to pull the data from a kubernetes secret. Is this possible?

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: oauth2-introspection
  namespace: app
  annotations:
    kubernetes.io/ingress.class: kong
consumerRef:
plugin: oauth2-introspection
config:
  introspection_url: **<k8-secret>**

Original Q&A

There are 1 best solutions below

Michael Heap On 19 December 2023 at 12:44 BEST ANSWER

Kong Ingress Controller allows you to configure plugins using the contents of a Kubernetes secret. The configFrom field in the KongPlugin resource allows you to set a secretKeyRef pointing to a Kubernetes secret.

This only works for a COMPLETE configuration. You can not configure individual fields.

This KongPlugin definition points to a secret named rate-limit-redis that contains a complete configuration for the plugin:

echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
 name: rate-limiting-example
plugin: rate-limiting
configFrom:
  secretKeyRef:
    name: rate-limit-redis
    key: config
" | kubectl apply -f -

The rate-limit-redis secret contains a complete configuration as a string:

echo "
apiVersion: v1
kind: Secret
metadata:
  name: rate-limit-redis
stringData:
  config: |
    minute: 10
    policy: redis
    redis_host: redis-master
    redis_password: PASSWORD
type: Opaque
" | kubectl apply -f -

KIC will resolve the secrets, build a complete configuration object and send it to Kong Gateway

Is there a way to reference a kubernetes secret in a Kong plugin yaml file?

There are 1 best solutions below

Related Questions in KUBERNETES

Related Questions in KONG

Related Questions in KUBERNETES-SECRETS

Related Questions in KONG-PLUGIN

Trending Questions

Popular # Hahtags

Popular Questions