-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add OIDC to Kong in K8 #183
Comments
Hey @yasir2000, Just thought I'd share a couple resources I found helpful for this.
When testing, I used a Dockerfile like this but you may want to tweak the copy command so only the required files are included. ARG KONG_BASE_TAG
FROM kong${KONG_BASE_TAG}
USER root
ENV LUA_PATH ${LUA_PATH};/usr/local/kong-oidc/?.lua;;
RUN luarocks install lua-resty-openidc 1.6.0
COPY . /usr/local/kong-oidc
USER kong I've only tested this in vanilla Docker but I don't suspect you'll have problems in K8s. |
My question, is how to to follow with this deployment inside a running POD container? do I have to rerun Docker file with new commands or I can do this while container running, my plugins path is :
|
Hmm... that's a good question. If you're looking for a way to add the plugin without restarting Kong, I'm not entirely sure it's possible. Kong loads the plugins listed in KONG_PLUGINS on startup. However, if you're ok with restarting the instance, you might be able to get that to work with just the regular Kong image. Here's 4 things you'd need to do.
Hopefully there's something helpful here for you. Cheers 🙂 |
Problem @ghunteranderson is that am using bitnami image and helm charts |
Thanks for sending the helm chart over @yasir2000. If you can give a little time to test out a few approaches with that helm chart, I'll try to get something working. |
Am now for 14 days on this task infact :) so the smoother and quicker things are to come to happy ending, the louder I shout of it, it's a nice tricky stuff. I tried so so many ways to inject this config:
So the next is to follow your steps above to get an image upped with the source in separate path (now its inside /opt/bitnami/kong/openresty/luajit/share/lua/5.1/kong/plugins and edited /opt/bitnami/kong/conf/kong.conf Will say HOORAY once its there in listed plugins. |
Now am in the middle way @ghunteranderson , I created , mounted and bound a pv with source inside it /mnt/data/kong-config/kong-oidc-master/ next is to do something in that pod to |
This is my existing deployment yaml:
|
Could that be useful to add a new script from the repo: |
I just custimized the image based on the bitnami/kong image, and use it for my k8s kong. It works fine and I can add oidc plugin via Konga. Custimized Docker File
Helm Value (based on here)
|
@chance2021 That worked for me ! Thanks |
@MalikEljaouadi how did you executed the docker build ? mine is not finding the prebuildfs and rootfs folders :/ |
Yes I executed the docker build ! but first you need to pull the repo of Bitnami Kong (https://github.com/bitnami/bitnami-docker-kong) and override its Dockerfile with this image. and if you are stuck with it you can use the image that Ihave provided in the Dockerhub (https://hub.docker.com/repository/docker/malekeljaouadi/bitnami-kong-with-oidc) and it is working fine! |
Hi @MalikEljaouadi, i tried to create a helm build based on your provided image i.e malekeljaouadi/bitnami-kong-with-oidc and also added the kong-oidc plugin as extraEnvVars according to your above provided Values.yaml file. I am still not able to see OIDC plugin in konga. Here are my custom Values.yaml configs:
Can you please look into the config and mention anything that i am doing wrong? I want to integrate kong with keycloak as ID provider on custom app. Hoping for a reply soon |
@chance2021 can you please look into it as well, btw i am not using bitnami/kong but kong/kong helm chart image, would it make any difference? |
This is the values file that I have used to deploy it with the Helm chart
|
How to add OIDC from source to running Kong pod in k8
luarocks install kong-oidc
The text was updated successfully, but these errors were encountered: