I have a client side react app that was scaffolded out of Create React App. This is deployed in Kubernetes cluster and is exposed to internet.
Now, I would like to access REST API from this API. This REST API is deployed to the same cluster but exposed only to the cluster (not internet).
My question is If I add Nodejs server layer for my client side react app and deploy to the same cluster, will I be able to access the REST API without being exposed to internet?
Or, should I go with exposing REST API to internet?
Not sure I follow exactly. However you can access the k8s API from a node.js server deployed in a POD, it will get the same permissions as the POD.
I have something similar to this, an express application running in the pod that provides a REST API for a REACT app, calling the REST API looks up the specific k8s API I need for the APP. We routinely prototype these REST -> k8sAPIs with NodeRed as well.
Hope this helps, an example below. (full disclosure, hacker not programmer;-)
example....
const axios = require("axios");
const k8s = require("@kubernetes/client-node");
const kc = new k8s.KubeConfig();
kc.loadFromDefault();
async function getnskey(user) {
//Match username from gitlab with ns-map/namespace key and return
const k8sApi = kc.makeApiClient(k8s.CoreV1Api);
const response = await k8sApi.readNamespacedConfigMap('ns-map', 'epicmgrsrv')
let userns;
let userlist = response.body.data;
if ( userlist.hasOwnProperty(user)) {
userns = userlist[user];
}
const response2 = await k8sApi.readNamespacedSecret('mgrsrvkey', userns)
//let key = Buffer.from(response2.body.data["key"], 'base64').toString();
const nskey = {
userns: userns,
nskey: response2.body.data["key"],
};
return nskey;
}
app.get("/user", (req, res) => {
console.log("getting user data!");
// console.log(JSON.stringify(req.headers));
if (typeof(req.headers.authorization) !== undefined && req.headers.authorization.length > 10 ) {
axios.get("https://api.github.com/user" , {
headers: {
Authorization: req.headers.authorization,
},
}).then((response) => {
getnskey(response.data.login)
.then(nskey => {
const user = {
name: response.data.login,
userns: nskey.userns,
nskey: nskey.nskey,
}
console.log(user);
res.send(user)
})
});
} else {
console.log("no authorization");
}
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.