DEV Community

Securing your site via OIDC, powered by Kong and KeyCloak

Robin Cher on January 19, 2022

Quick sharing on how you can further secure your api or endpoints with OIDC, and powered by Kong and Keycloak. The examples shared are all open-sou...

Read full post

rajeesh-cs • Jan 8 '23 • Edited

Hi Robin,

I have followed the docs and installed Kong with customised OIDC plugin.

However, when the kong-crds.yaml is getting deployed it shows the CRD error.

resource mapping not found for name: "oidc" namespace: "" from "kubernetes/kong-crds.yaml": no matches for kind "KongClusterPlugin" in version "configuration.konghq.com/v1"
ensure CRDs are installed first
resource mapping not found for name: "cors" namespace: "" from "kubernetes/kong-crds.yaml": no matches for kind "KongClusterPlugin" in version "configuration.konghq.com/v1"
ensure CRDs are installed first
resource mapping not found for name: "request-transformer" namespace: "" from "kubernetes/kong-crds.yaml": no matches for kind "KongClusterPlugin" in version "configuration.konghq.com/v1"
ensure CRDs are installed first

Does the custom Kong install Ingress Controller as well?

I have followed the instructions as in the document. Is the CRD requires Ingress component? Or the Dockerfile provides only core Gateway?

Robin Cher • Jan 27 '23

Did you include the required custom plugins ?

export KONG_PLUGINS=bundled,oidc

There are some updates to Kong KIC API, do have a look.

rajeesh-cs • Jan 30 '23

Correct. I have included in Helm chart and it started working. Thanks!

Robin Cher • Jan 31 '23

Happy to hear that, thanks for using Kong :)

BERMUDA 2448 • Jul 2 • Edited

where to include the required custom plugins? when the kong-deployment.yaml file is applied to the cluster, no 'kong' ingress-class is created. Please hlep..I followed steps mentioned above but at the end, the ingress object created but not responding to external request..

rajeesh-cs • Feb 2 '23

Hi Robin,

This is a different topic.

Need to validate the Kong route with the Keycloak authorisation configurations.
For i.e, there is an enforce set of methods available in** keycloak-connect plugin **npmjs.com/package/keycloak-connect.... The above methods work according to the Authorisation configuration in Keycloak Client which consists of Resources, Policies, Permissions and Scopes.

Just wondering, are the similar features are available in either OIDC or any other plugins in Kong?

-Rajeesh

Zaryab Raza Malghani • Nov 7 '22 • Edited

Hi Robin, hope you are fine.
I've followed your article and setup the kong-ingress with both keycloak and sample-echo-app, also doing configuration of oidc plug-in in kong-crds.yml as provided in article. When i run echo-app with kong plug-ins (specifically oidc plugin), it throughs 404-not found error while accessing the sample-app url path.

I debugged the app and removed the oidc plugin from annotations in ingress config of sample-oidc.yml and it starts working fine. So, i came to conclusion that there might be error in kong-plugin (One that we configure in kong-crds.yml). Can you please debug it for me? i'll send you all the config files that i am using so you can quick run them on your side.

Hope you are having a good day and waiting for your reply, thanks.