I have a Kong introspection plugin and would like the introspection url to pull the data from a kubernetes secret. Is this possible?
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: oauth2-introspection
namespace: app
annotations:
kubernetes.io/ingress.class: kong
consumerRef:
plugin: oauth2-introspection
config:
introspection_url: **<k8-secret>**Kong Ingress Controller allows you to configure plugins using the contents of a Kubernetes secret. The configFrom field in the KongPlugin resource allows you to set a secretKeyRef pointing to a Kubernetes secret.
This only works for a COMPLETE configuration. You can not configure individual fields.
This KongPlugin definition points to a secret named rate-limit-redis that contains a complete configuration for the plugin:
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-example
plugin: rate-limiting
configFrom:
secretKeyRef:
name: rate-limit-redis
key: config
" | kubectl apply -f -
The rate-limit-redis secret contains a complete configuration as a string:
echo "
apiVersion: v1
kind: Secret
metadata:
name: rate-limit-redis
stringData:
config: |
minute: 10
policy: redis
redis_host: redis-master
redis_password: PASSWORD
type: Opaque
" | kubectl apply -f -
KIC will resolve the secrets, build a complete configuration object and send it to Kong Gateway