I am trying to setup Kong on a GKE cluster so that I can validate the incoming requests. I have a jwks file/uri that I would like to use for validation.
I have followed following steps...
Deploy a hello world app exposed via a service.
Install Kong
kubectl apply -f https://raw.githubusercontent.com/Kong/kubernetes-ingress-controller/master/deploy/single/all-in-one-dbless.yamlSetup Kong JWT plugin
apiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: weather-jwt namespace: weather-api plugin: jwtCreate an ingress
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: weather-ingress namespace: weather-api annotations: kubernetes.io/ingress.class: kong plugins.konghq.com: weather-jwt spec: backend: serviceName: weather-service servicePort: 80
Next step I see are..
Create a secret that has the public key something like
apiVersion: v1 kind: Secret metadata: name: apiuser-apikey namespace: weather-api type: Opaque stringData: kongCredType: jwt key: https://farrellsoft.auth0.com/ algorithm: RS256 rsa_public_key: |- -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PYgeiVyURLhqAkkUOfL roY281upGVWgBTZKZu6rIMPCiyzuZU8Rnlc1k+cHkbov0uRZIVmwrhMLTr6E9ZwD -----END PUBLIC KEY-----Create kong consumer
apiVersion: configuration.konghq.com/v1 kind: KongConsumer metadata: name: api-consumer namespace: weather-api username: apiUser credentials: - apiuser-apikey
This should all work fine... The problem is that I don't have the public key for the secret. All I have is the JWKS uri something like https://YOUR_DOMAIN/.well-known/jwks.json and m not sure how to use it for token validation. Is there any other plugin that I need to use.