I am getting my hands dirty with kubernetes and ingress and have seem to have hit bit of a hurdle. So I have a cluster set up and have my services deployed and exposed via service and they all are reachable from within the cluster using their names and namespace prefix if necessary. Next I have used ambassador Api gateway as basic ingress controller to make these services externally reachable and used a single Authorization service to perform authorization at the gateway and all services are reachable from outside the cluster using their external paths. My problem arises when I have cross service communication that requires authorization to be performed and for that I require that service A calls service B with its external url/ingress defined path and that is where the problem occurs because from within the cluster that path is reported as unreachable. I can call service B from service A using the internal cluster name but then I lose the edge authorization performed at the gateway. Need help as to whether this is default behavior or not and what can be done in this scenario.
Asked
Active
Viewed 88 times
3
JayD
- 748
- 1
- 13
- 38