...
Page Properties |
---|
|
Product Version | 2021 Autumn |
---|
Report Note |
|
---|
Assignee | Antje |
---|
Resources & Remarks Modification History Name | Date | Product Version | Action |
---|
Antje | 07 JUL 2021 | 2021 Autumn | Security of Actuator Endpoints | Agnieszka | 14 JUL 2021 | 2021 Autumn | rLANG | Agnieszka | 29 JUL 2021 | 2021 Autumn | rLANG |
|
...
Excerpt |
---|
When updating your yuuvis® Momentum installation to version 2021 Autumn, manual configuration changes are required for some services. |
Please also pay attention to the Breaking Changes.
Section |
---|
|
Column |
---|
Table of Contents Table of Contents |
---|
maxLevel | 3 |
---|
exclude | (Table of Contents|Read on|Another Tutorial|Another Concept Article|Another interesting Tutorial|Ressources|Remarks|Authentication against the Core API|Graphical Overview \/ Use Cases \(Flows\)|Login to the Core API \(Java\)|yuuvis® Momentum Services|Basic Use Case Flows) |
---|
|
|
|
Core
...
Cross-Tenant Service Accounts
In order to allow for the configuration and usage of Cross-Tenant Service Accounts, an ancillary Kubernetes Service has to be created as follows.
Create a file authentication-internal.yml
with the following content:
Code Block |
---|
|
apiVersion: v1
kind: Service
metadata:
labels:
app: yuuvis
name: authentication-internal
name: authentication-internal
spec:
ports:
- name: "80"
port: 80
targetPort: 8081
selector:
name: authentication
type: ClusterIP |
Run the command:
Code Block |
---|
|
kubectl -n yuuvis apply -f authentication-internal.yml |
Note |
---|
|
The AUTHENTICATION service manages the cross-tenant requests of service accounts via the separate port 8081 . This port must be accessible only within the yuuvis® Momentum cluster to ensure strict separation of tenants for users. Be sure to never expose this internal port for public access! |
Access to '/manage/**' Endpoints
The /manage/**
endpoints provided by the AUTHENTICATION Service are now available via a separate port that is protected from external access. Especially for customers using the Tenant Management services, the configuration of the AUTHENTICATION Service has to be adjusted and an ancillary Kubernetes Service has to be created as follows.
...
Restart the AUTHENTICATION service.
...
...
...
Create a file authentication-internal.yml
with the following content:
Code Block |
---|
|
kind: Service
apiVersion: v1
metadata:
name: authentication-internal
spec:
selector:
app: authentication
type: ClusterIP
ports:
- protocol: TCP
port: 80
targetPort: 8081 |
Run the command:
Code Block |
---|
|
kubectl -n yuuvis apply -f authentication-internal.yml |
...
...