This service proxies http calls to external services.
The service needs the following environment variable:
- CONFIGURATION_PATH (required): the file path of the service configuration file
- CONFIGURATION_FILE_NAME (required): the filename of the service configuration file (without the extension)
- LOG_LEVEL (optional, default to
info): level of the log. It could be trace, debug, info, warn, error, fatal;
- HTTP_PORT (optional, default to
8080): port where the web server is exposed;
- SERVICE_PREFIX (optional): path prefix for all the specified endpoints (different from the status routes);
- DELAY_SHUTDOWN_SECONDS (optional, default to
10seconds): seconds to wait before starting the graceful shutdown. This delay is required in k8s to await for the DNS rotation;
This service requires a configuration file that provides all the different details regarding the external services to be proxied. The configuration file can be mounted into the service either as a ConfigMap or as a Secret (for more details, please refer to this documentation).
In case the former method (Config Map) is selected, please use variables interpolation for sensitive data, such as:
This prevents to store those sensitive values as plain text in the project repository.
The configuration must follow this schema:
The proxies array contains one item for each external service that has to by proxied. A proxy can have the following fields:
- targetBaseUrl: the url of the external service. This is a required field and has to start with an http or https scheme.
- basePath: the name of the related endpoint exposed by the Proxy Manager. This is a required field and has to start with a
- authentication: the type of authentication done by the proxy, which can either be
- username: the user identifier for the OAuth2 authentication (only Password Grant flow).
- password: the user password used in case of OAuth2 authentication (only Password Grant flow).
- clientId: the client identifier used in case of OAuth2 authentication.
- clientSecret: the client secret used in case of OAuth2 authentication.
- tokenIssuerUrl: the authorization server url that has to be called to obtain an access token.
- grantType: the type of procedure used to retrieve an access token. At the moment, the service supports the following OAuth2 Grant Types:
- authType: the method used to stuff the client credentials in the request when asking for a new access token. This is required only for the Client Credential Grant flow. At the moment, the service only supports the client_secret_basic type.
In this example, the Proxy Manager is configured to proxy requests to three external services.
- The first one is located at
external-service.com, requires OAuth2 authentication (client_credentials grant type) and can be reached through the proxy with a call to the
- The second one is located at
legacy-service.com, requires OAuth2 authentication (password grant type) and can be reached through the proxy with a call to the
- The thid service is located at
other-service.com, requires no authentication and can be reached with a call to the