Allow Consumer Groups
Allows the dev and admin Consumers and Consumer Groups on the Service or Route that the ACL plugin is enabled on.
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: acl
config:
include_consumer_groups: true
allow:
- dev
- admin
Make the following request:
curl -i -X POST http://localhost:8001/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "acl",
"config": {
"include_consumer_groups": true,
"allow": [
"dev",
"admin"
]
}
}
'
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "acl",
"config": {
"include_consumer_groups": true,
"allow": [
"dev",
"admin"
]
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongClusterPlugin
metadata:
name: acl
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
labels:
global: 'true'
config:
include_consumer_groups: true
allow:
- dev
- admin
plugin: acl
" | kubectl apply -f -
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_acl" "my_acl" {
enabled = true
config = {
include_consumer_groups = true
allow = ["dev", "admin"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
}
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: acl
service: serviceName|Id
config:
include_consumer_groups: true
allow:
- dev
- admin
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/services/{serviceName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "acl",
"config": {
"include_consumer_groups": true,
"allow": [
"dev",
"admin"
]
}
}
'
Make sure to replace the following placeholders with your own values:
-
serviceName|Id: Theidornameof the service the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/services/{serviceId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "acl",
"config": {
"include_consumer_groups": true,
"allow": [
"dev",
"admin"
]
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
serviceId: Theidof the service the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: acl
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
include_consumer_groups: true
allow:
- dev
- admin
plugin: acl
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the service resource:
kubectl annotate -n kong service SERVICE_NAME konghq.com/plugins=acl
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_acl" "my_acl" {
enabled = true
config = {
include_consumer_groups = true
allow = ["dev", "admin"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
service = {
id = konnect_gateway_service.my_service.id
}
}
Add this section to your declarative configuration file:
_format_version: "3.0"
plugins:
- name: acl
route: routeName|Id
config:
include_consumer_groups: true
allow:
- dev
- admin
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -i -X POST http://localhost:8001/routes/{routeName|Id}/plugins/ \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '
{
"name": "acl",
"config": {
"include_consumer_groups": true,
"allow": [
"dev",
"admin"
]
}
}
'
Make sure to replace the following placeholders with your own values:
-
routeName|Id: Theidornameof the route the plugin configuration will target.
Make the following request:
curl -X POST https://{region}.api.konghq.com/v2/control-planes/{controlPlaneId}/core-entities/routes/{routeId}/plugins/ \
--header "accept: application/json" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer $KONNECT_TOKEN" \
--data '
{
"name": "acl",
"config": {
"include_consumer_groups": true,
"allow": [
"dev",
"admin"
]
}
}
'
Make sure to replace the following placeholders with your own values:
-
region: Geographic region where your Kong Konnect is hosted and operates. -
controlPlaneId: Theidof the control plane. -
KONNECT_TOKEN: Your Personal Access Token (PAT) associated with your Konnect account. -
routeId: Theidof the route the plugin configuration will target.
See the Konnect API reference to learn about region-specific URLs and personal access tokens.
echo "
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: acl
namespace: kong
annotations:
kubernetes.io/ingress.class: kong
config:
include_consumer_groups: true
allow:
- dev
- admin
plugin: acl
" | kubectl apply -f -
Next, apply the KongPlugin resource by annotating the httproute or ingress resource:
kubectl annotate -n kong httproute konghq.com/plugins=acl
kubectl annotate -n kong ingress konghq.com/plugins=acl
Prerequisite: Configure your Personal Access Token
terraform {
required_providers {
konnect = {
source = "kong/konnect"
}
}
}
provider "konnect" {
personal_access_token = "$KONNECT_TOKEN"
server_url = "https://us.api.konghq.com/"
}
Add the following to your Terraform configuration to create a Konnect Gateway Plugin:
resource "konnect_gateway_plugin_acl" "my_acl" {
enabled = true
config = {
include_consumer_groups = true
allow = ["dev", "admin"]
}
control_plane_id = konnect_gateway_control_plane.my_konnect_cp.id
route = {
id = konnect_gateway_route.my_route.id
}
}