I am running kong in the k8s cluster, kong-admin API has no authentication which is resulting in anyone with nodeAddress:port can update or delete the service or routes. One option is to run kong as localhost, and every time while performing CRUD operation, ssh to the node and from there do the updates. I want to know is there any plugin, or some other way possible to give kong-admin an authentication?
Asked
Active
Viewed 584 times
1 Answers
0
Kong documentation provides clear guidelines how to secure the admin api in case you want it to be exposed differently than localhost.
- You can restrict the traffic by small subset of IP ranges with some firewall. One of the option is to secure this with iptables as described in Layer 3/4 Network control.
- Another way would be Looping thru Kong.
- Lastly you can edit the nginx configuration available in
kong.ymlto add directives such as auth basic module.
If the documentation is not enough you can find all of them described also in google groups here and here.
acid_fuji
- 6,287
- 7
- 22