Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 1. Secure, protect, and connect APIs on OpenShift with Connectivity Link
This guide walks you through using Connectivity Link on OpenShift to secure, protect, and connect an API exposed by a Gateway that is based on Kubernetes Gateway API. You can use this walkthrough for a Gateway deployed on a single OpenShift cluster or a Gateway distributed across multiple OpenShift clusters with a shared HTTPS listener hostname. This guide shows how the platform engineer and application developer user roles can each use Connectivity Link to achieve their goals.
1.1. What Connectivity Link can do in multicluster environments
You can leverage Connectivity Link’s capabilities in single or multiple OpenShift clusters. The following features are designed to work across multiple clusters as well as in a single-cluster environment:
-
Multicluster ingress: Connectivity Link provides multicluster ingress connectivity using DNS to bring traffic to your Gateways by using a strategy defined in a
DNSPolicy. -
Global rate limiting: Connectivity Link can enable global rate limiting use cases when configured to use a shared Redis or Dragonfly store for counters based on limits defined by a
RateLimitPolicy. -
Global auth: You can configure a Connectivity Link
AuthPolicyto leverage external auth providers to ensure that different clusters exposing the same API authenticate and authorize in the same way. -
Automatic TLS certificate generation: You can configure a
TLSPolicyto automatically provision TLS certificates based on Gateway listener hosts by using integration with cert-manager and ACME providers such as Let’s Encrypt. - Integration with federated metrics stores: Connectivity Link has example dashboards and metrics for visualizing your Gateways and observing traffic hitting those Gateways across multiple clusters.
1.2. User role workflows
- Platform engineer: This guide walks through deploying a Gateway that provides secure communication and is protected and ready for use by application development teams to deploy an API. It then walks through using this Gateway in clusters in different geographic regions, leveraging Connectivity Link to bring specific traffic to your geo-located Gateways. This approach reduces latency and distributes load, while still protecting and securing with global rate limiting and auth.
Application developer: This guide walks through deploying your application API and shows how to override your Gateway-level global auth and rate limiting policies to configure your application-level auth and rate limiting requirements.
NoteFor details on how both user roles can observe and monitor Gateways when the OpenShift observability stack and user workload monitoring are deployed, see Connectivity Link Observability Guide.
1.3. Deployment management tooling
While this guide uses kubectl commands for simplicity, working with multiple clusters is complex. It is best to use a tool such as Argo CD to manage the deployment of resources to multiple clusters.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}