Boilerplate for Kong OIDC and KeyCloak.
This repo will show the samples to baked a base Kong image with the Open-Source OIDC Plugin maintained by revomatico, and some sample Kubernetes deployment manifest for Kong and KeyCloak
Steps to build and publish the container with base Kong Image
# Build the container with any new changes
docker build -t <<private-registry>>/kong-oidc:<tag> -f Dockerfile .
# Run the container in detached mode
docker run -d --name kong-oidc <<private-registry>>/kong-oidc:<tag>
# Pushing the container image to a registry
docker push <<private-registry>>/kong-oidc:<tag>
To enjoy features by Kong API Gateway with its Ingress controller, we need to consider the following Kong Plugins.
-
odic - This plugin is used to communicate with the Keycloak Identity provider and is required if you'd like to enable (recommended) SSO for your ingress.
-
request-transformer - To strip off unnecessary headers upon authentication with the identity platform
-
cors - Allow cors at global level
-
Add a new Kong Realm
-
Create a new Kong Client in the realm , eg kong-oidc, and make the necessary changes
-
Go to Clients, and then click on Settings. Make the following changes:
Access Type: Confidential Valid Redirect URIs: * Web Origin: localhost (Allowed CORS origin)
- Retrieve Client ID, and then go to Credentials to get the Secret value.
- Retrieve OpenID Endpoint Configuration for the discovery path
- Passed the values to the oidc crds parameters discovery, client_id and client_secret
- Wee Liang - DevOps Engineer @ Thales Airlab
- Arun - DevOps & Integration # Thales Airlab
- Kelvin - Software Engineer @ Thales Airlab
MIT © Robin Cher