mTLS Kong Admin API authentication support

[ludovic-pourrat]

Is there an existing issue for this?

• I have searched the existing issues

Problem Statement

This is a new feature request to support Kong mTLS authentication capabilities.

Kong API administration API can be secured via mTLS authentication by setting the following NGINX directives,

    nginx_admin_proxy_ssl_verify: "on"
    nginx_admin_ssl_client_certificate: /etc/secrets/tls.crt
    nginx_admin_ssl_verify_client: "on"
    nginx_admin_ssl_verify_depth: 3
    nginx_admin_ssl_trusted_certificate: /etc/secrets/ca/ca-bundle.crt

Thus, the ingress controller should provide a way to specify client certificates.

Proposed Solution

Add new arguments to specify the client certificate and key and setup the http/client package to use client certificates.

Additional information

No response

Acceptance Criteria

Once mTLS activated the ingress controller should authenticate to Kong administrative API with the specified client certificate and key.

[shaneutt]

@ludovic-pourrat the PR for this timed out due to inactivity, would you want that re-opened? Is there any additional assistance you need from us to continue it?

[ludovic-pourrat]

I will work on it next week. sorry for the delay.

[shaneutt]

No worries, thanks for the update and please let us know how we can help. Whenever you're ready to get back to it, feel free to just "re-open" the PR 👍

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.