This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to connect multiple backend k8s services across namespaces from Apigee to achieve Multitenancy

Posted on 02-23-2022 02:26 AM
samirj
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

We have a GKE cluster with multiple namesspaces for different Customers. Each namespace has Kubernetes service named "myService". 

We want to connect to these k8s services from Apigee proxies. When request comes from customer A  then "myService" from Namespace for Customer A should be called from Apigee proxy.

Similarly ,  When request comes from customer B then "myService" from Namespace for Customer B should be called from Apigee proxy.

What can be the optimal solution to make these 1-to-1 connections possible from Apigee proxy to corrospnding k8s service on respective Namespace.

@imesh @strebel @anilsr 

 

 

Solved Solved
1 3 279
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
strebel
Staff
In response to samirj
Reply posted on --/--/---- --:-- AM

That's a slightly more complicated story then. GKE provides integration with Cloud DNS that would allow you to address the service from a VPC outside the cluster. Please see this link here: https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns#vpc_scope_dns

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
strebel
Staff
Reply posted on --/--/---- --:-- AM

Hi @samirj

I assume you're using Apigee hybrid deployed to the same Kubernetes cluster as your backend services are running (this is important to use Kubernetes' internal DNS). 

This is a common use case that requires you to implement a mapping of your customer id (People usually get this from the App or a claim in the JWT) to a hostname. If you have consistent naming then you could extract the namespace using an Apigee policy from the token directly. Otherwise a KVM might be useful to figure out what namespace and service you want to call.

In any case you'll want to use the Kubernetes Service's internal hostname for as the target of your API proxy.
The last thing you need to do is to set this value as the target.url as described here.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
samirj
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

@strebel  thanks for the response. We are using Apigee X. In this case the same above solutioin will apply ?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
strebel
Staff
In response to samirj
Reply posted on --/--/---- --:-- AM

That's a slightly more complicated story then. GKE provides integration with Cloud DNS that would allow you to address the service from a VPC outside the cluster. Please see this link here: https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns#vpc_scope_dns

Jump to Solution