Kubernetes - one of the containers to act as a proxy to the main app in a pod

54 Views Asked by N Deepak Prasath At 08 December 2022 at 17:50

I have two apps - one is a java based REST application (“A”) and the other one is a go lang based rego policy framework (“B”).

I have run these two apps as containers in a single pod in K8s. However, I am not sure how can I get the incoming HTTP requests to first hit the “B” rego policy framework and based on the policy decision, the request be forwarded to “A”. Is there a way this can be achieved?

Original Q&A

There are 1 best solutions below

Jonas On 08 December 2022 at 18:39

I am not sure how can I get the incoming HTTP requests to first hit the “B” rego policy framework

A "rego policy framework", e.g. OpenPolicyAgent are typically used as an assisting container.

In this setup, your application receives the request, then ask the "rego policy framework" container, "is this request allowed?", then your application continue to process the request.

See e.g OpenPolicyAgent example - HTTP API Authorization with this part, to ask if the request is allowed.

# ask OPA for a policy decision
# (in reality OPA URL would be constructed from environment)
rsp = requests.post("http://127.0.0.1:8181/v1/data/httpapi/authz", json=input_dict)
if rsp.json()["allow"]:
  # HTTP API allowed
else:
  # HTTP API denied

Kubernetes - one of the containers to act as a proxy to the main app in a pod

There are 1 best solutions below

Related Questions in KUBERNETES

Related Questions in KUBERNETES-POD

Trending Questions

Popular # Hahtags

Popular Questions