kubernetes-apim icon indicating copy to clipboard operation
kubernetes-apim copied to clipboard

Published 20 hours ago verified publisher icon wso2

Helm chart for pattern 2 does not expose IS-KM to outside

Open rksk opened this issue 5 years ago • 3 comments

Helm chart for pattern 2 does not expose IS-KM to outside, therefore it is unable to use the IS only features by accessing the IS-KM nodes.

This can be fixed by adding adding ingress resouce as following to location advanced/helm/am-pattern-2/templates/am-is-as-km/wso2am-pattern-2-is-as-km-ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: wso2am-pattern-2-is-as-km-ingress
  namespace : {{ .Release.Namespace }}
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
spec:
  tls:
    - hosts:
        - {{ .Release.Name }}-is-as-km
  rules:
    - host: {{ .Release.Name }}-is-as-km
      http:
        paths:
          - path: /
            backend:
              serviceName: wso2am-pattern-2-km-service
              servicePort: 9443

rksk avatar Jan 03 '20 14:01 rksk

@pubudu538 @malithie is exposing the Key Manager component of the setup to outside of the Kubernetes cluster, a valid use case?

chirangaalwis avatar Jan 05 '20 13:01 chirangaalwis

@chirangaalwis, it might not be a use case for a standalone APIM deployment, yet when IAM requirements come and it's a valid use case and another integration pattern (a pattern extended from pattern 2)

malithie avatar Jan 05 '20 13:01 malithie

Yes, there are cases where we need to expose Key manager endpoint to the outside.

pubudu538 avatar Jan 05 '20 15:01 pubudu538