I write this post even though I already solved the issue, because I think it might help someone out there, since I couldn't the cause nor a solution anywhere.

I'm learning Kong authentication strategies, in particular through these plugins:

• Basic Auth;
• Key Auth;
• JWT.

However, I've been stuck for almost an hour on a error which I wasn't able to identify nor address. From kong controller logs (kubectl logs -n kong -f <kong_controller_pod_name>):

[...]2023-11-22T15:09:42Z    error   Failed parsing resource errors  {"url": "https://10.244.0.125:8444", "update_strategy": "InMemory", "error": "could not unmarshal config error: json: cannot unmarshal object into Go struct field ConfigError.flattened_errors of type []sendconfig.FlatEntityError"}2023-11-22T15:09:42Z    error   dataplane-synchronizer  Could not update kong admin     {"error": "performing update for https://10.244.0.125:8444 failed: failed posting new config to /config: got status code 400"}

This error was being thrown every 3 seconds.

Setup

Kong Ingress Controller running on minikube:

minikube start --driver=dockerminikube tunnel      # running in another terminal

Then follow the steps from Get Started: Install KIC

Configuration Files

Secrets

File secrets.yaml:

# JWT Credential for AdminapiVersion: v1kind: Secretmetadata:  name: jwt-admin-secret  labels:    konghq.com/credential: jwttype: OpaquestringData:  key: admin-issuer  algorithm: RS256  secret: empty     # dummy field with arbitrary value, otherwise it throws an error  rsa_public_key: |    -----BEGIN PUBLIC KEY-----    [...]    -----END PUBLIC KEY--------# JWT Credential for UserapiVersion: v1kind: Secretmetadata:  name: jwt-user-secret  labels:    konghq.com/credential: jwttype: OpaquestringData:  key: user-issuer  algorithm: RS256  secret: empty     # dummy field with arbitrary value, otherwise it throws an error  rsa_public_key: |    -----BEGIN PUBLIC KEY-----    [...]    -----END PUBLIC KEY--------# Basic auth for a generic userapiVersion: v1kind: Secretmetadata:  name: user-generic-secret  labels:    konghq.com/credential: basic-authtype: OpaquestringData:  username: user  password: password---# Key auth for a generic API keyapiVersion: v1kind: Secretmetadata:  name: key-generic-secret  labels:    konghq.com/credential: key-authtype: OpaquestringData:  key: key

Consumers

File consumers.yaml:

# Consumer for Admin JWT tokenapiVersion: configuration.konghq.com/v1kind: KongConsumermetadata: name: admin annotations:   kubernetes.io/ingress.class: kongusername: admincredentials:- jwt-admin-secret      # references Kubernetes secret---# Consumer for User JWT tokenapiVersion: configuration.konghq.com/v1kind: KongConsumermetadata: name: user annotations:   kubernetes.io/ingress.class: kongusername: usercredentials:- jwt-user-secret       # references Kubernetes secret---# Consumer for generic basic auth userapiVersion: configuration.konghq.com/v1kind: KongConsumermetadata: name: generic-basic-auth-consumer annotations:   kubernetes.io/ingress.class: kongusername: usercredentials:- user-generic-secret   # references Kubernetes secret---# Consumer for generic key authapiVersion: configuration.konghq.com/v1kind: KongConsumermetadata: name: user-api-key-consumer annotations:   kubernetes.io/ingress.class: kongusername: user-key-authcredentials:- key-generic-secret    # references Kubernetes secret---# Consumer for anonymous userapiVersion: configuration.konghq.com/v1kind: KongConsumermetadata: name: anonymous-consumer annotations:   kubernetes.io/ingress.class: kong   konghq.com/plugins: 'request-termination-anonymous'username: anonymous

Plugins

File plugins.yaml:

# JWT authenticationapiVersion: configuration.konghq.com/v1kind: KongPluginmetadata:  name: jwt-auth-foobarplugin: jwtconfig:  anonymous: anonymous    # references a Consumer username---# Basic authenticationapiVersion: configuration.konghq.com/v1kind: KongPluginmetadata:  name: basic-auth-foobarplugin: basic-authconfig:  anonymous: anonymous    # references a Consumer username  hide_credentials: true---# Key authenticationapiVersion: configuration.konghq.com/v1kind: KongPluginmetadata:  name: key-auth-foobarplugin: key-authconfig:  key_names:    - apikey  anonymous: anonymous    # references a Consumer username  hide_credentials: true---# Request termination: when the authentication failsapiVersion: configuration.konghq.com/v1kind: KongPluginmetadata:  name: request-termination-anonymousplugin: request-terminationconfig:  message: "Authentication required"  status_code: 401

Services

File services.yaml:

# DeploymentapiVersion: apps/v1kind: Deploymentmetadata:  labels:    app: foobar  name: foobarspec:  replicas: 1  selector:    matchLabels:      app: foobar  strategy: {}  template:    metadata:      labels:        app: foobar    spec:      containers:        - image: mikyll/foobar:latest          name: foobar          ports:            - containerPort: 3000---# ServiceapiVersion: v1kind: Servicemetadata:  labels:    app: foobar-service  name: foobar-servicespec:  ports:    - port: 3000      name: http      protocol: TCP      targetPort: 3000  selector:    app: foobar---# Route /foobar/test/auth/keyapiVersion: gateway.networking.k8s.io/v1kind: HTTPRoutemetadata:  name: foobar-route-test-keyauth  annotations:    konghq.com/strip-path: 'true'    konghq.com/plugins: 'key-auth-foobar'spec:  parentRefs:  - name: kong  rules:  - matches:    - path:        type: PathPrefix        value: /foobar/test/auth/key    backendRefs:    - name: foobar-service      kind: Service      port: 3000---# Route /foobar/test/auth/basicapiVersion: gateway.networking.k8s.io/v1kind: HTTPRoutemetadata:  name: foobar-route-test-basicauth  annotations:    konghq.com/strip-path: 'true'    konghq.com/plugins: 'basic-auth-foobar'spec:  parentRefs:  - name: kong  rules:  - matches:    - path:        type: PathPrefix        value: /foobar/test/auth/basic    backendRefs:    - name: foobar-service      kind: Service      port: 3000---# Route /foobar/test/auth/jwtapiVersion: gateway.networking.k8s.io/v1kind: HTTPRoutemetadata:  name: foobar-route-test-jwtauth  annotations:    konghq.com/strip-path: 'true'    konghq.com/plugins: 'jwt-auth-foobar'spec:  parentRefs:  - name: kong  rules:  - matches:    - path:        type: PathPrefix        value: /foobar/test/auth/jwt    backendRefs:    - name: foobar-service      kind: Service      port: 3000

Applied with:

cat secrets.yaml | kubectl apply -f -cat consumers.yaml | kubectl apply -f -cat plugins.yaml | kubectl apply -f -cat services.yaml | kubectl apply -f -