Builds a Docker image from base Kong + nokia/kong-oidc (based on zmartzone/lua-resty-openidc)
- Dockerfile
- OpenID Connect plugin: kong-oidc
- Based on: lua-resty-openidc
- Reference: https://github.com/bungle/lua-resty-session#pluggable-storage-adapters
- To replace the default sesion storage: cookie with memcached, set
KONG_X_SESSION_STORAGE=memcache
- Memcached hostname is by default mcd-memcached (in my case installed via helm in a Kubernetes cluster)
- Set
KONG_X_SESSION_MEMCACHE_HOST=mynewhost - Alternatively, set up DNS entry for mcd-memcached to be resolved from within the container
- Set
- Memcached port is by default 11211, override by setting:
KONG_X_SESSION_MEMCACHE_PORT=12345
- Dockerfile will patch
nginx_kong.luatemplate at build time, to includeset_decode_base64 $session_secret 'some_base64_string';- This is needed for the kong-oidc plugin to set a session secret that will later override the template string
- See: nokia/kong-oidc#1
- To enable the plugins, set the env variable for the container with comma separated plugin values:
- [Kong < 0.14]
KONG_CUSTOM_PLUGINS=oidc,kong-http-to-https-redirect - [Kong >= 0.14]
KONG_PLUGINS=bundled,oidc,kong-http-to-https-redirect
- [Kong < 0.14]
- A common default session_secret should be defined by setting env KONG_X_SESSION_SECRET
- 2018-11-27 [0.14-2]:
Upgraded rockspec zmartzone/lua-resty-openidc to 1.7.0-2this causes issues, staying with 1.6.1-1 for now- Added env variable KONG_X_SESSION_SECRET to populate $session_secret variable with the same variable for all pods in the cluster
- Removed explicitly building lua-resty-openidc in Dockerfile, since is automatically done by luarocks build, since is a dependency of kong-oidc
- Set everything to run under regular user kong instead of root
- 2018-10-09 [0.14-1]:
- Upgraded to Kong 0.14
- 2018-10-09 [0.13-3]:
- Changed repo for kong-http-to-https-redirect to Revomatico/kong-http-to-https-redirect
- 2018-08-10 [0.13-2]:
- Forced a rebuild to update rockspec HappyValleyIO/kong-http-to-https-redirect
- 2018-07-07 [0.13-1]:
- Updated rockspec zmartzone/lua-resty-openidc to 1.6.1-1
- 2018-07-04 [0.13]:
- Updated rockspec nokia/kong-oidc to 1.1.0-0
- Updated rockspec zmartzone/lua-resty-openidc to 1.6.0-1