Reputation: 501
I have an API application (java, springboot) which need to run in Openshift. I need to restrict the API access to make it available only within the same POD. Requirement wise it is an on demand API which would be executed manually from the same POD terminal via curl command ( in PRODUCTION). API should not need any authentication, as this must be only accessible within the same POD. Any other POD even within the same namespace should not be able to call this API.
I am quite new to openshift. I read through the documentation and found that Routes in openshift are required to expose the service externally. I think I dont even need the route, in that case. Can I expose my API (to be called from same Pod's terminal) just by using Openshift service? How should I restrict the service to be available within the same POD only?
Upvotes: 0
Views: 369
Reputation: 1
There's no need to expose that service externally. Instead, you can expose your API within the POD terminal using the internal service URL, which can be found under the Service Details Hostname.
For example: http://<SERVICE_NAME>.<NAMESPACE>.svc.cluster.local:8080
Using this URL will allow you to restrict the API's access to within your project.
Upvotes: 0
Reputation: 312868
I'm a little unclear on the architecture you're trying to produce here, so if I'm answering the wrong question let me know.
If both the client and the server are running into the same Pod, then you don't need a Route and you don't need a Service: the client can simply access the service using localhost
, since all containers in the Pod run in the same network namespace.
If the service binds to localhost
(that is, if it only listens for connections on 127.0.0.1
), then it will only be accessible within the Pod and will not be accessible from any other Pods in the Namespace.
Upvotes: 0