kubernetes-ingress-controller: Basic authentication doesn't work on KONG in kubernetes cluster
Summary
We use KONG in our kubernetes cluster and deploy it with help of helm. We need to use basic authentication on our prometheus ingress resource. Kong controller deployed in dev2 namespace, prometheus deployed in monitoring namespace.
Kong Ingress controller version kong-docker-kubernetes-ingress-controller.bintray.io/kong-ingress-controller:0.9.1
Kong or Kong Enterprise version kong-docker-kong-enterprise-edition-docker.bintray.io/kong-enterprise-edition:2.1.0.0-beta1-alpine
Kubernetes version
1.15.6 Client Version: version.Info{Major:“1”, Minor:“15”, GitVersion:“v1.15.11”, GitCommit:“d94a81c724ea8e1ccc9002d89b7fe81d58f89ede”, GitTreeState:“clean”, BuildDate:“2020-03-13T17:40:34Z”, GoVersion:“go1.12.17”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“15”, GitVersion:“v1.15.11”, GitCommit:“d94a81c724ea8e1ccc9002d89b7fe81d58f89ede”, GitTreeState:“clean”, BuildDate:“2020-03-13T17:40:34Z”, GoVersion:“go1.12.17”, Compiler:“gc”, Platform:“linux/amd64”}
Environment
- Kubernetes cluster based on Azure AKS:
- OS (“Ubuntu 18.04.4 LTS”):
- Kernel Linux k8s-master-13666935-0 5.3.0-1034-azure #35~18.04.1-Ubuntu SMP Mon Jul 13 12:54:45 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
What happened
We have ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: letsencrypt-prod
konghq.com/plugins: basic-auth
kubernetes.io/ingress.class: kong-dev2
generation: 1
labels:
app: prometheus-operator-prometheus
app.kubernetes.io/managed-by: Helm
chart: prometheus-operator-7.4.0
heritage: Helm
release: prometheus-operator
name: prometheus-operator-prometheus
namespace: monitoring
spec:
rules:
- host: example.com
http:
paths:
- backend:
serviceName: prometheus-operator-prometheus
servicePort: 9090
path: /prometheus/
tls:
- hosts:
- example.com
secretName: letsencrypt-secret
status:
loadBalancer:
ingress:
- ip: 0.0.0.0
And resources needed for basic authentication:
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: basic-auth
namespace: monitoring
consumerRef: basic-auth
config:
hide_credentials: true
plugin: basic-auth
" | kubectl create -f -
echo "
apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
name: basic-auth
namespace: monitoring
username: user
credentials:
- prometheus-secret
" | kubectl create -f -
echo '
apiVersion: v1
kind: Secret
metadata:
name: prometheus-secret
namespace: monitoring
stringData:
kongCredType: basic-auth
username: user
data:
password: pass' | kubectl create -f -`
Also I tried to use old way without secret and without section “credentials:” in “KongConsumer”, using:
echo "
apiVersion: configuration.konghq.com/v1
kind: KongCredential
metadata:
name: basic-auth
namespace: dev2
consumerRef: basic-auth
type: basic-auth
config:
username: user
password: pass
" | kubectl create -f -
but result was the same. I have an error after login, using username “user” and password “pass” - {“message”:“Invalid authentication credentials”}
Expected behavior
Login using username “user” and password “pass”
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 17 (8 by maintainers)
If you are using Controller 0.10, please makes sure to add the annotation
kubernetes.io/ingress.class: kongto your KongConsumer resource.