-
Epic
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
Set Up North/South Gateway on HCC Clusters
-
False
-
-
False
-
Unset
-
To Do
-
-
-
Review the CRCPLAN parent feature for additional context, including the feature overview, goals, user stories and use cases, acceptance criteria, designs, dependencies, risks, assumptions, pending questions and documentation callouts.
Summary and goal
A north-south gateway needs to be established on HCC clusters in accordance with ADR-080. The purpose of this gateway is to enable external traffic to be authenticated and directed to services deployed within the cluster. The gateway will be implemented using an OpenShift Service Mesh 3, leveraging the Gateway API. The gateway will utilize CAPS (see RHCLOUD-42365 for details) as an external authorizer for authentication, identity token generation, entitlement injeciton, exports compliance checks, etc. The gateway will ensure that incoming requests originated from Akamai's edge proxies.
Acceptance Criteria
- The external gateway is successfully deployed and operational on the HCC clusters.
- The gateway can route traffic from Akamai to services within the cluster.
- Requests are authenticated by CAPS to ensure they originate from Akamai's edge proxies.
- The gateway uses the gateway service as an external authorizer
- The gateway is configured to produce Prometheus metrics and CloudWatch logs
Checklist
| Checklist Item | Required | Notes or Comments |
|---|---|---|
| Workstream or external team dependencies? | Y / N | |
ADR Required?
|
Y / N | |
Testing plans
|
Y / N | |
Known dependencies?
|
Y / N |
Open Questions
- What is the hostname strategy used for routing?
- is related to
-
-
- Refinement
-