Recommended way to secure access to my service APIs

[amelki]

I would like to secure access to the service APIs I am creating via my Bento services (both SSL and authentication via my authentication server). What is the best way to do it with Yatai ?

[timliubentoml]

Hi @amelki! I think I have a couple different solutions depending on what piece you want to secure.

First, BentoML services support adding ASGI middleware, so adding an authentication step should be as straightforward as integrating an auth library.

To add asgi middleware use this method on the Service:

• svc.add_asgi_middleware()

Here are a couple auth libraries we've recommended to users in the past

• (JWT) https://github.com/aogier/starlette-authlib
• https://github.com/florimondmanca/starlette-auth-toolkit

Here's a full list of middleware you can select from

• https://www.starlette.io/middleware/

You can also look through fastapi middleware here: https://fastapi.tiangolo.com/advanced/middleware/

For SSL, we recommend terminating at a proxy, like nginx outside of the yatai server and forwarding traffic. We've had users who recommend using https://cert-manager.io to admin the ssl certificates in eks, but we haven't tested it ourselves.

Hope this answers your questions. Please clarify if it has not

[yubozhao]

@amelki

As for now, @timliubentoml 's solution should work in the short term. The service mesh and TLS feature is on our roadmap