K
Q

Authorization server behind kubernetes ingress?

11/8/2018

I want to deploy a few Spring Boot microservices on Kubernetes cluster. One of them is authorization server serving OAuth 2.0 tokens. With current deployment (no k8s) only two services are visible to the outer world: api-gateway (Zuul) and authorization-server (Spring OAuth). The rest is hidden behind the api-gateway. During k8s deployment Zuul proxy probably will be substituted by Kubernetes Ingress.

Now the questions:

  • Should I put authorization-server behind the Ingress or not?
  • What are pros and cons concerning these two solutions?
  • What are best practices?
  • Maybe I shouldn't get rid of Zuul at all?
-- k13i
kubernetes
kubernetes-ingress
netflix-zuul
oauth-2.0
spring-cloud

Similar Questions

In Kubernetes, is it possible to reference a pod by its metadata fields in a service selector?
Istio Gateway With multiple ports | service is responding only on port 80
Update variables set in Helm Chart from a previous installation
Copying directories into minikube and persisting them
K8s porforward to external resource through pod

1 Answer

11/9/2018

Getting rid of Zuul is perfectly reasonable. Ingress should be the only outer-cluster accessible component that provides access to the cluster through ingress rules. So yes, authorization-server and microservices should be accessible through ingress.

-- Jeff
Source: StackOverflow