Client authentication in pre compiled image

Tanul 1,251 Reputation points
2020-08-12T21:25:16.517+00:00

Hello,

I need to host a pre compiled image of tensorflow serving in azure kubernetes and there is no way to edit this image.

Once I host the image, it will be available to whole public as a Rest API. Is there anyway to put an authentication wall in such way that only specific users can call the api.

Is it possible to enable a token based authentication so thar client must send a token in the header to call the api inside pod.

I have explored the certificate handshake between client and server as well but I have more than 500 users and it is very difficult to manage the certificate. Every year the certificate will expire and it will become a tedious task to replace certs.

Please suggest some solution. Thank you.

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
635 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,855 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,872 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sam Cogan 10,157 Reputation points MVP
    2020-09-10T10:21:20.843+00:00

    If you are not able to change the image then you need to add an authentication layer outside of the container. The simplest way to do this would be to use Azure API Management in front of your container. You can restrict your container to only accept requests from APIM, then configure the API in APIM with the required authentication, policies etc. You can see some examples here

    0 comments