Versions Compared

Old Version 13

changes.mady.by.user Technische Redaktion

Saved on

compared with

New Version Current

changes.mady.by.user Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Page Properties
hiddentrue
idPROGRESSDONE

Product Version2021 Autumn
Report Note
AssigneeAntje

Resources & Remarks

Modification History

NameDateProduct VersionAction
Antje07 JUL 20212021 Autumn

Security of Actuator Endpoints

Agnieszka14 JUL 20212021 AutumnrLANG
Agnieszka29 JUL 20212021 AutumnrLANG



...

Excerpt

When updating your yuuvis® Momentum installation to version 2021 Autumn, manual configuration changes are required for some services. 


Please also pay attention to the Breaking Changes.


Section
bordertrue


Column

Table of Contents

Table of Contents
maxLevel3
exclude(Table of Contents|Read on|Another Tutorial|Another Concept Article|Another interesting Tutorial|Ressources|Remarks|Authentication against the Core API|Graphical Overview \/ Use Cases \(Flows\)|Login to the Core API \(Java\)|yuuvis® Momentum Services|Basic Use Case Flows)



Core

Cross-Tenant Service Accounts

In order to allow for the configuration and usage of Cross-Tenant Service Accountsan ancillary Kubernetes Service has to be created as follows.

  • Create a file authentication-internal.yml with the following content:

    Code Block
    languageyml

...

  • apiVersion:

...

  • v1

...

  • kind:

...

  • Service
metadata:

...

  • labels:

...

  •

...

  •

...

  • app: yuuvis

...

  •  name: authentication-internal

...

  • name:

...

  •  authentication-internal
spec:
  ports:
  -

...

  • name:

...

  • "80"
    port: 80
    targetPort: 8081
  selector:
    name: authentication
  type: ClusterIP


  • Run the command:

    Code Block
    languagepowershell
    kubectl -n yuuvis apply -f authentication-internal.yml


Note
titleSafety Note

The AUTHENTICATION service manages the cross-tenant requests of service accounts via the separate port 8081. This port must be accessible only within the yuuvis® Momentum cluster to ensure strict separation of tenants for users. Be sure to never expose this internal port for public access!

Core

...

Anchor
Actuator
Actuator

Access to '/manage/**' Endpoints

The /manage/** endpoints provided by the AUTHENTICATION Service are now available via a separate port that is protected from external access. Especially for customers using the Tenant Management services, the configuration of the AUTHENTICATION Service has to be adjusted and an ancillary Kubernetes Service has to be created as follows.

...