I am running kong in kubernetes cluster, kong-admin-api has no authentication, anyone with the nodePort can CRUD service or routes. Is there any way we can have some authentication. I don't want to run kong as a localhost. It will be running as 0.0.0.0
Asked
Active
Viewed 2,043 times
1 Answers
0
There is whole documentation is available on securing the kong admin api.
https://docs.konghq.com/gateway-oss/1.0.x/secure-admin-api/
you can use the network restrict policy or enable the basic authentication policy on admin API if possible you can also IP restrict.
you also try another approach to change the service type to ClusterIP and call the admin API internally only if want to use GUI Konga is there with user management.
Harsh Manvar
- 27,020
- 6
- 48
- 102