Versions Compared

Old Version 8

changes.mady.by.user Technische Redaktion

Saved on

compared with

New Version 9

changes.mady.by.user Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The service has its own endpoints that are configured in the file authentication-prod.yml in the sections routing.endpoints and authorization.accesses.

Only The AUTHENTICATION service endpoints are only available for endpoints listed in routing.endpoints the AUTHENTICATION service endpoints are available.

In authorization.accesses, permissions can be defined for the access to the individual endpoints and sub-paths.
>> Access Authorization for Endpoints

...

In order to create a route for a service in the API gateway, the entry yuuvis: true has to be added in the file <externalservice>-service.yaml in  file in the section labels the entry yuuvis: true has to be added labels section.

Example Configuration

In this example scenario, the required steps of configuration are shown. Afterwards, the external service app in the namespace other will be available via the AUTHENTICATION service.

...

  • Deploy the pod for the external service app in the namespace other

    Code Block
    languageyml
    titleapp-deployment.yaml
    linenumberstrue
    apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: other
  name: app
spec:
  replicas: 1
  selector:
    matchLabels:
      name: app
  template:
    metadata:
      labels:
        name: app
    spec:
      containers:
      - name: app
      ...
        ports:
        - containerPort: 80
      ...


  • Create a Kubernetes Service for app in the namespace other, e.g., app-svc.

    Code Block
    languageyml
    titleapp-service.yaml
    linenumberstrue
    apiVersion: v1
kind: Service
metadata:
  name: app-svc
  labels:
  name: app-svc
  namespace: other
spec:
  ports:
  - name: "http"
     port: 80
     targetPort: 80
  selector:
     name: app
  type: ClusterIP


  • Create the Kubernetes Service in the namespace yuuvis. Use the type externalName that references the namespace other.

    Code Block
    languageyml
    title<externalservice>-service.yaml
    linenumberstrue
    apiVersion: v1
kind: Service
metadata:
  name: app
  labels:
    yuuvis: "true"
  namespace: yuuvis
spec:
  type: ExternalName
  externalName: app-svc.other.svc.cluster.local
  ports:
  - port: 80


  • Add the external service app to the sections routing.endpoints: and routing.access: in the file authentication-prod.yml file.

    Code Block
    languageyml
    titleauthentiaction-prod.yml
    linenumberstrue
    routing.endpoints:
  - 'app' # external service added to the list
...
authorization.accesses:
  - endpoints: /app/** # add
  # optionally restrict to a method, e.g.: method: Post
  # optionally restrict to users with specific roles, e.g.: hasAuthority('COGNISPHERE')


  • Restart the AUTHENTICATION service.

...

Info
iconfalse

Read on

Section


Column
width25%
Kubernetes Installation Guide

/wiki/spaces/YMY/pages/320051558

Insert excerpt
Kubernetes Test System Installation GuideKubernetes
Test System Installation Guide
nopaneltrue
 Keep reading/wiki/spaces/YMY/pages/320051558


Column
width25%

Access Authorization for Endpoints

Insert excerpt
Access Authorization for Endpoints
Access Authorization for Endpoints
nopaneltrue
 Keep reading


Column
width25%

Authentication against the Core API

Insert excerpt
Authentication against the Core API
Authentication against the Core API
nopaneltrue
 Keep reading



...