Kong Ingress Controller: Configure nokia/kong-oidc in Kubernetes with Kong CRD's

Here is an example of how to configure the nokia/kong-oidc plugin using Kong's KongPlugin CRD :

---

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: kong-oidc-plugin-example
  namespace: dev
config:
  client_id: ****
  client_secret: ****
  discovery: https://****.auth0.com/.well-known/openid-configuration
  scope: openid email profile
  logout_path: /oidc_logout
plugin: oidc

and then you can apply it to any ingress resource you'd like:

---

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: app-ingress
  namespace: dev
  annotations:
    kubernetes.io/ingress.class: "kong"
    konghq.com/plugins: "kong-oidc-plugin-example"
spec:
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /
            backend:
              serviceName: app
              servicePort: 80

Notes:

In order to use the nokia/kong-oidc plugin, you will need to substitute the kong-proxy image in the kong-ingress-controller manifests with a kong-proxy which has the nokia/kong-oidc installed and configured.

Here's a kong-proxy 2.1-alpine image I've prepared which you can use:

registry.gitlab.com/mcb-image/kong:2.1-alpine

Or use the Dockerfile to build your own.

Kong Ingress Controller: Configure nokia/kong-oidc in Kubernetes with Kong CRD's

MCB

MCB

Notes:

ExternalName Services: Keeping your critical Stateful Applications out of Kubernetes

Docker to Podman