| Page Properties | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||
Resources & Remarks Modification History
|
| Excerpt |
|---|
When updating your yuuvis® Momentum installation to version 2021 Autumn, manual configuration changes are required for some services. |
Please also pay attention to the Breaking Changes.
| Column | ||||||
|---|---|---|---|---|---|---|
Table of Contents
|
Core
Cross-Tenant Service Accounts
In order to allow for the configuration and usage of Cross-Tenant Service Accounts, an ancillary Kubernetes Service has to be created as follows.
Create a file
authentication-internal.ymlwith the following content:Code Block language yml kind: Service apiVersion: v1 metadata: name: authentication-internal spec: selector: app: authentication type: ClusterIP ports: - protocol: TCP port: 80 targetPort: 8081Run the command:
Code Block language powershell kubectl -n yuuvis apply -f authentication-internal.yml
| Note | ||
|---|---|---|
| ||
The AUTHENTICATION service manages the cross-tenant requests of service accounts via the separate port |
| Anchor | ||||
|---|---|---|---|---|
|
Access to '/manage/**' Endpoints
The /manage/** endpoints provided by the AUTHENTICATION Service are now available via a separate port that is protected from external access. Especially for customers using the Tenant Management services, the configuration of the AUTHENTICATION Service has to be adjusted and an ancillary Kubernetes Service has to be created as follows.
Adjust the 'authentication-prod.yml' file:
Expose the individual
/manageendpoints in theauthorization.accessessection.Deprecated Configuration New Configuration Code Block language yml authorization.accesses: ### manage-endpoints - endpoints: /manage/info,/manage/health expose: trueCode Block language yml authorization.accesses: ### manage-endpoints - endpoints: /manage/** expose: trueAdd the following two lines in order to select the port number
9091for the/manageendpoints.Code Block language yml management.server.port: 9091 management.server.servlet.context-path: /
Adjust the Kubernetes Service:
Run the command.
Code Block language powershell kubectl -n yuuvis edit svc authentication
Remove the label
yuuvis:"true".Deprecated Configuration New Configuration Code Block language yml labels: app: yuuvis name: authentication yuuvis: "true" name: authenticationCode Block language yml labels: app: yuuvis name: authentication name: authentication
Create a new Kubernetes Service:
Create a new file
authentication-manage-service.yamlwith the following content:Code Block language yml apiVersion: v1 kind: Service metadata: labels: app: yuuvis name: authentication-manage name: authentication-manage spec: ports: - name: "80" port: 80 targetPort: 9091 selector: name: authentication type: ClusterIPRun the command:
Code Block language powershell kubectl -n yuuvis apply -f authentication-manage-service.yaml
Adjust the ports for liveness probe and readiness probe:
Run the command:
Code Block language powershell kubectl -n yuuvis edit deploy authentication
Adjust the configuration:
Deprecated Configuration New Configuration Code Block language yml livenessProbe: failureThreshold: 3 httpGet: path: /manage/info port: 8080 scheme: HTTP ... readinessProbe: failureThreshold: 3 httpGet: path: /manage/info port: 8080 scheme: HTTPCode Block language yml livenessProbe: failureThreshold: 3 httpGet: path: /manage/info port: 9091 scheme: HTTP ... readinessProbe: failureThreshold: 3 httpGet: path: /manage/info port: 9091 scheme: HTTP
Restart the AUTHENTICATION service.
| Anchor | ||||
|---|---|---|---|---|
|