LinkedIn
Twitter
Hi everyone,
I try to include Apidge EDGE into my company API request processing chain.
But, the main questions: how to establish communication between Apigee EDGE and Google Kubernetes Engine Ingress as it shown on the attached picture?
It means,
1. It is necessary to organize certificate authentication on back-end side.
2. Usage of client certificates on front end side.
3. Prevent ability of non-Apigee apps to get success responses with required data from back-end server through ingress.
First of all, it is necessary to note:
1. Server and client certificates will be generated as it is described there: https://kubernetes.github.io/ingress-nginx/examples/PREREQUISITES/#client-certificate-authentication
2. Ingess and secret will be created as it is described there:
https://kubernetes.github.io/ingress-nginx/examples/auth/client-certs/
3. I will use payed account, therefore, I can create virtual hosts.
Problems,
1. GKE Ingress does not return ERROR 400 if I sent wrong certs, as It does Nginx on ssl_verify_client on set. It returns requested data.
2. I cannot create virtual host with certs generated using provided above way.
Questions:
1. How to correctly configure GKE ingress to prevent side servers requests?
2. How to create virtual host with client serts generated using provided above way?
This questions are crucial for Apigee application in bussiness, and, may be they are for Apigee team members. I need to have safe channel only between Apigee and GKE Ingress.
I read answers on questions, like:
https://community.apigee.com/questions/40286/what-is-the-best-practice-for-securing-communicati.html
but they are very general.
Guys, how to apply payed Apigee? I cannot see a way.
Thank you in advance!
Solved
1 ACCEPTED SOLUTION
