Uploaded image for project: 'Application Authorization Framework'
  1. Application Authorization Framework
  2. AAF-530

AAF inside Kubernetes inaccessible for clients from outside

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Medium Medium
    • Casablanca Release
    • Casablanca Release
    • None
    • Casablanca-RC2 (11/08/18)

      AAF services are using locator for linking clients with aaf-service.

      If AAF service is in Kubernetes then locator store its' internal port which is valid only inside Kubernetes. If call to locator is made from outside of kubernetes:

      Example:

      https://aaf-locator:30253/locate/org.osaaf.aaf.service:2.1

      Then response is with internal port:

      endpoint  
      0  
      name "org.osaaf.aaf.service"
      major 2
      minor 1
      patch 0
      pkg 0
      latitude 37.78187
      longitude -122.26147
      protocol "https"
      subprotocol  
      0 "TLSv1.1"
      1 "TLSv1.2"
      hostname "aaf-service"
      port 8100

       

      The port is from internal port range, not from external, so any CADI client can not connect to aaf-service due to inaccessible port number outside of kubernetes

            instrumental instrumental
            burdziak burdziak
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: