kubernetes入口后面的授权服务器?
[英]Authorization server behind kubernetes ingress?
问题描述
I want to deploy a few Spring Boot microservices on Kubernetes cluster.
我想在Kubernetes集群上部署一些Spring Boot微服务。 One of them is authorization server serving OAuth 2.0 tokens.其中之一是提供OAuth 2.0令牌的授权服务器。 With current deployment (no k8s) only two services are visible to the outer world: api-gateway (Zuul) and authorization-server (Spring OAuth).对于当前的部署(没有 k8s),外部世界只能看到两个服务: api-gateway (Zuul) 和authorization-server (Spring OAuth)。 The rest is hidden behind the api-gateway .其余部分隐藏在api-gateway后面。 During k8s deployment Zuul proxy probably will be substituted by Kubernetes Ingress.在k8s部署期间,Zuul 代理可能会被 Kubernetes Ingress 取代。
Now the questions:现在的问题:
- Should I put
authorization-serverbehind the Ingress or not?我应该将authorization-server放在 Ingress 后面吗? - What are pros and cons concerning these two solutions?这两种解决方案的优缺点是什么?
- What are best practices ?什么是最佳实践?
- Maybe I shouldn't get rid of Zuul at all?也许我根本不应该摆脱 Zuul?
1 个解决方案
解决方案1
1 2018-11-09 15:02:58
Getting rid of Zuul is perfectly reasonable.摆脱 Zuul 是完全合理的。 Ingress should be the only outer-cluster accessible component that provides access to the cluster through ingress rules. Ingress 应该是唯一一个外部集群可访问的组件,它通过 Ingress 规则提供对集群的访问。 So yes, authorization-server and microservices should be accessible through ingress.所以是的,授权服务器和微服务应该可以通过入口访问。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.