{
"headers": {
"normalizedNames": {},
"lazyUpdate": null
},
"status": 401,
"statusText": "OK",
"url": "https://{webGateway-URL}/api/identity/users/lookup/roles",
"ok": false,
"name": "HttpErrorResponse",
"message": "Http failure response for https://{webGateway-URL}/api/identity/users/lookup/roles: 401 OK",
"error": null
}
We have deployed a newly generated microservices solution using .NET and Angular as our frontend. All microservices under infrastructure (WebGateway, Saas, Language, AuthServer, Administration, etc) are deployed on an AKS cluster, each one with their own deployment, service and configmap. The only ingress created are for WebGateway and AuthServer. WebGateway communicates with all services using internal communication between services and don't use Ingresses, since all other microservices don't have an Ingress. We are doing this to avoid unneccesary exposure of our microservices. The issue is that as seen above, we can't correctly authenticate with each endpoint through WebGateway. We found that the call https://{webGateway-URL}/api/abp/application-configuration returns {"isAuthenticated":false,"id":null,"tenantId":null,"impersonatorUserId":null,"impersonatorTenantId":null,"impersonatorUserName":null,"impersonatorTenantName":null,"userName":null,"name":null,"surName":null,"email":null,"emailVerified":false,"phoneNumber":null,"phoneNumberVerified":false,"roles":[],"sessionId":null}. If we make our Web Gateway endpoint use the external Ingress URL we can authenticate successfully, but we want to avoid exposing microservice if it's not strictly necessary. We can guess that there are some information being lost when communicating internally, maybe some headers, as we are still debugging the issue. Communication between services is done using HTTP and not HTTPS.
My questions are: what is the best practice for communication between microservices in a Kubernetes cluster? should be strictly done through external URLs with Ingress or this can be done using services? How should we configure services for this to work correctly?
Thank you in advance. Best regards, Gaston Gallo
We are trying to run our ABP Commercial application on Development environment on a Kubernetes cluster so we can test new code but we are getting an error that says that we need to login in order to run the application. We could use another environment name (like Dev, DevRemote, etc) but isn't really practical for us because we use monitoring tools and would like to keep environment naming consistent with other applications. Is there any way we can keep the Development name? or we must use a licensed ABP Commercial account dedicated for running applications? Sorry about my bad english, if there is something that is hard to understand please let me know and I can elaborate it more.
Thank you in advance, Best regards.
