Providing Kong admin token via file

[ludovic-pourrat]

Is there an existing issue for this?

• I have searched the existing issues

Problem Statement

When deploying Kong Enterprise in Kubernetes we need another option to secure the Kong admin token. The existing feature to provide the kong-admin-token via the environment variable CONTROLLER_KONG_ADMIN_TOKEN which can be backed as a Kubernetes secret does not fit for us.

Proposed Solution

This feature proposal add the support for the Kong admin token to be provided via a file by leveraging the same feature that Kong supports in the gateway, so to fetch secrets from environment variable suffixed by _FILE.
We this option we can provide the Kong admin token from our vault, by injecting the a file containing the token.

In this proposal a new kong-admin-token-file option is added.

Additional information

No response

Acceptance Criteria

• As a DevOps engineer I should be in position to provide to Kong admin token via a mounted file within the KIC pod.

[mflendrich]

Hi @ludovic-pourrat

We'll happily accept a patch adding this functionality with two prerequisites:

• that validations exist (that the direct literal value setting & the filename setting are mutually exclusive)
• that the PR includes unit tests

Feel free to open a PR.

[ludovic-pourrat]

PR merged, many thanks for you prompt and great support !