Versions Compared

Old Version 6

changes.mady.by.user Technische Redaktion

Saved on

compared with

New Version 7

changes.mady.by.user Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The AUTHENTICATION service manages the access to the yuuvis® Momentum API gateway. With a suitable configuration, also the access to external services running in the same Kubernetes cluster can be managed via the AUTHENTICATION service of yuuvis® Momentum.

...

In order to create a route for a service in the API gateway, in the file authentication<externalservice>-service.yaml (question) in the section labels the entry yuuvis: true has to be added.

...

  • Deploy the pod for the external service app in the namespace other

    Code Block
    languageyml
    title<app>-deployment.yaml
    linenumberstrue
    apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: other
  name: app
spec:
  replicas: 1
  selector:
    matchLabels:
      name: app
  template:
    metadata:
      labels:
        name: app
    spec:
      containers:
      - name: app
      ...
        ports:
        - containerPort: 80
      ...


  • Create a Kubernetes Service for cognisphere (question) app in the namespace other, e.g. app-svc.

    Code Block
    languageyml
    titleservice in the namespace other<app>-service.yaml
    linenumberstrue
    apiVersion: v1
kind: Service
metadata:
  name: app-svc
  labels:
  name: app-svc
  namespace: other
spec:
  ports:
  - name: "http"
     port: 80
     targetPort: 80
  selector:
     name: app
  type: ClusterIP


  • Create the Kubernetes Service in the namespace yuuvis. Use the type externalName that references the namespace other.

    Code Block
    languageyml
    titleservice im namespace yuuvis type externalName:<externalservice>-service.yaml
    linenumberstrue
    apiVersion: v1
kind: Service
metadata:
  name: app
  labels:
    yuuvis: "true"
  namespace: yuuvis
spec:
  type: ExternalName
  externalName: app-svc.other.svc.cluster.local
  ports:
  - port: 80


  • Add the external service app to the sections routing.endpoints: and routing.access: in the file authentication-prod.yml.

    Code Block
    languageyml
    titleauthentiaction-prod.yml
    linenumberstrue
    routing.endpoints:
  - 'app' # external service added to the list
...
authorization.accesses:
  - endpoints: /app/** # add
  # optionally restrict to a method, e.g.: method: Post
  # optionally restrict to users with specific roles, e.g.: hasAuthority('COGNISPHERE')


  • Restart the AUTHENTICATION service.

...