...

...

Introduction

...

The service has its own endpoints that are configured in the file authentication-prod.yml in the sections routing.endpoints and authorization.accesses.

Only The AUTHENTICATION service endpoints are only available for endpoints listed in routing.endpoints the AUTHENTICATION service endpoints are available.

In authorization.accesses, permissions can be defined for the access to the individual endpoints and sub-paths.
>> Access Authorization for Endpointsauthentication-prod.yml

API Gateway

The API gateway uses the Spring Cloud Kubernetes DiscoveryClient in order to dynamically create routes. This DiscoveryClient sends requests to the Kubernetes API. The corresponding permissions are configured via the Kubernetes objects ServiceAccount, RoleBinding and Role.

...

In order to create a route for a service in the API gateway, the entry yuuvis: true has to be added in the file <externalservice>-service.yaml in  file in the section labels the entry yuuvis: true has to be added labels section.

Example Configuration

In this example scenario, the required steps of configuration are shown. Afterwards, the external service app in the namespace other will be available via the AUTHENTICATION service.

...

• Deploy the pod for the external service app in the namespace other. 

  Code Block
  language yml title app-deployment.yaml linenumbers true
  apiVersion: apps/v1 kind: Deployment metadata: namespace: other name: app spec: replicas: 1 selector: matchLabels: name: app template: metadata: labels: name: app spec: containers: - name: app ... ports: - containerPort: 80 ...

  
  

• Create a Kubernetes Service for app in the namespace other, e.g., app-svc.

  Code Block
  language yml title app-service.yaml linenumbers true
  apiVersion: v1 kind: Service metadata: name: app-svc labels: name: app-svc namespace: other spec: ports: - name: "http" port: 80 targetPort: 80 selector: name: app type: ClusterIP

  
  

• Create the Kubernetes Service in the namespace yuuvis. Use the type externalName that references the namespace other.

  Code Block
  language yml title <externalservice>-service.yaml linenumbers true
  apiVersion: v1 kind: Service metadata: name: app labels: yuuvis: "true" namespace: yuuvis spec: type: ExternalName externalName: app-svc.other.svc.cluster.local ports: - port: 80

  
  

• Add the external service app to the sections routing.endpoints: and routing.access: in the file authentication-prod.yml file.

  Code Block
  language yml title authentiaction-prod.yml linenumbers true
  routing.endpoints: - 'app' # external service added to the list ... authorization.accesses: - endpoints: /app/** # add # optionally restrict to a method, e.g.: method: Post # optionally restrict to users with specific roles, e.g.: hasAuthority('COGNISPHERE')

  
  

• Restart the AUTHENTICATION service.

...

...