Versions Compared

Old Version 15

changes.mady.by.user Technische Redaktion

Saved on

compared with

New Version 16

changes.mady.by.user Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Page Properties
hiddentrue
idPROGRESS

Product Version2021 Autumn
Report Note
AssigneeAntje

Resources & Remarks

Modification History

NameDateProduct VersionAction
Antje07 JUL 20212021 Autumn

Security of Actuator Endpoints

Agnieszka14 JUL 20212021 AutumnrLANG
Agnieszka29 JUL 20212021 AutumnrLANG
Section
bordertrue
Column

Table of Contents

Table of Contents
maxLevel3
exclude(Table of Contents|Read on|Another Tutorial|Another Concept Article|Another interesting Tutorial|Ressources|Remarks|Authentication against the Core API|Graphical Overview \/ Use Cases \(Flows\)|Login to the Core API \(Java\)|yuuvis® Momentum Services|Basic Use Case Flows)

Cross-Tenant Service Accounts

In order to allow for the configuration and usage of Cross-Tenant Service Accountsan ancillary Kubernetes Service has to be created as follows.

Create a file authentication-internal.yml with the following content:

Code Block
languageyml
kind: Service
apiVersion: v1
metadata:
  name: authentication-internal
spec:
  selector:
    app: authentication
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8081

Run the command:

Code Block
languagepowershell
kubectl -n yuuvis apply -f authentication-internal.yml
Note
titleSafety Note

The AUTHENTICATION service manages the cross-tenant requests of service accounts via the separate port 8081. This port must be accessible only within the yuuvis® Momentum cluster to ensure strict separation of tenants for users. Be sure to never expose this internal port for public access!




Excerpt

When updating your yuuvis® Momentum installation to version 2021 Autumn, manual configuration changes are required for some services.


Column

Table of Contents

Table of Contents
maxLevel3
exclude(Table of Contents|Read on|Another Tutorial|Another Concept Article|Another interesting Tutorial|Ressources|Remarks|Authentication against the Core API|Graphical Overview \/ Use Cases \(Flows\)|Login to the Core API \(Java\)|yuuvis® Momentum Services|Basic Use Case Flows)

Core

...

Cross-Tenant Service Accounts

In order to allow for the configuration and usage of Cross-Tenant Service Accountsan ancillary Kubernetes Service has to be created as follows.

...

Note
titleSafety Note

The AUTHENTICATION service manages the cross-tenant requests of service accounts via the separate port 8081. This port must be accessible only within the yuuvis® Momentum cluster to ensure strict separation of tenants for users. Be sure to never expose this internal port for public access!

Anchor
Actuator
Actuator

Access to '/manage/**' Endpoints

The /manage/** endpoints provided by the AUTHENTICATION Service are now available via a separate port that is protected from external access. Especially for customers using the Tenant Management services, the configuration of the AUTHENTICATION Service has to be adjusted and an ancillary Kubernetes Service has to be created as follows.

...