Kubernetes - one of the containers to act as a proxy to the main app in a pod
Question
I have two apps - one is a java based REST application (“A”) and the other one is a go lang based rego policy framework (“B”).
I have run these two apps as containers in a single pod in K8s. However, I am not sure how can I get the incoming HTTP requests to first hit the “B” rego policy framework and based on the policy decision, the request be forwarded to “A”. Is there a way this can be achieved?
1 answers
solution1
1 2022-12-08 18:39:49
I am not sure how can I get the incoming HTTP requests to first hit the “B” rego policy framework
A "rego policy framework", eg OpenPolicyAgent are typically used as an assisting container.
In this setup, your application receives the request, then ask the "rego policy framework" container, "is this request allowed?", then your application continue to process the request.
See eg OpenPolicyAgent example - HTTP API Authorization with this part, to ask if the request is allowed .
# ask OPA for a policy decision
# (in reality OPA URL would be constructed from environment)
rsp = requests.post("http://127.0.0.1:8181/v1/data/httpapi/authz", json=input_dict)
if rsp.json()["allow"]:
# HTTP API allowed
else:
# HTTP API denied
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.