...

• Deploy the pod for the external service app in the namespace other. 

  Code Block
  language yml title <app>app-deployment.yaml linenumbers true
  apiVersion: apps/v1 kind: Deployment metadata: namespace: other name: app spec: replicas: 1 selector: matchLabels: name: app template: metadata: labels: name: app spec: containers: - name: app ... ports: - containerPort: 80 ...

  
  

• Create a Kubernetes Service for app in the namespace other, e.g. app-svc.

  Code Block
  language yml title <app>app-service.yaml linenumbers true
  apiVersion: v1 kind: Service metadata: name: app-svc labels: name: app-svc namespace: other spec: ports: - name: "http" port: 80 targetPort: 80 selector: name: app type: ClusterIP

  
  

• Create the Kubernetes Service in the namespace yuuvis. Use the type externalName that references the namespace other.

  Code Block
  language yml title <externalservice>-service.yaml linenumbers true
  apiVersion: v1 kind: Service metadata: name: app labels: yuuvis: "true" namespace: yuuvis spec: type: ExternalName externalName: app-svc.other.svc.cluster.local ports: - port: 80

  
  

• Add the external service app to the sections routing.endpoints: and routing.access: in the file authentication-prod.yml.

  Code Block
  language yml title authentiaction-prod.yml linenumbers true
  routing.endpoints: - 'app' # external service added to the list ... authorization.accesses: - endpoints: /app/** # add # optionally restrict to a method, e.g.: method: Post # optionally restrict to users with specific roles, e.g.: hasAuthority('COGNISPHERE')

  
  

• Restart the AUTHENTICATION service.

Summary

External services running in the same Kubernetes cluster together with yuuvis® Momentum, access authorization can be managed via the AUTHENTICATION service. The required configuration steps were shown for an example scenario.

...