This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 83%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
I'm creating AKS cluster, and I want to use API gateway (Ocelot ) to route, and authenticate requests towards containers(microservices) behind the gateway. My question is how to achieve this? I know I must deploy ocelot API gateway inside node, but I don't know how will I configure all traffic to go through API gateway. Can't find an example or directions that could help me. What steps do I need to take? Or is there maybe a better way of accomplishing the desired scenario?
Apologies in delayed response on this.
Please check this document which has the details on implementing API Gateway with Ocelot.
Also, on ocelot documentation, there are details "If you have services deployed in Kubernetes you will normally use the naming service to access them. Ocelot will call the k8s endpoints API in a given namespace to get all of the endpoints for a pod and then load balance across them". Please check this document for more details on this.
Hope the provided information is helpful.
Please 'Accept as answer' if it helped, so that it can help others in the community looking for help on similar topics.
I already did,
you will normally use the naming service to access them
It is not clear to me, do I need to use Ingress or Network policy is just enough?
What is "naming service"?
I want that no microservice is directly accessible except through API gateway.
When the cluster is created, are all pods by default accessible from the Internet or not?
Apologies in delayed response.
When the cluster is created, are all pods by default accessible from the Internet or not?
NO, by default it is not accessible.
I want that no microservice is directly accessible except through API gateway
Yes, this is possible. You can use Ingress or Azure API Gateway to achieve this. Please check below reference which have more information around this:
https://learn.microsoft.com/en-us/azure/architecture/microservices/design/gateway
https://learn.microsoft.com/en-us/azure/api-management/api-management-kubernetes
https://azure.microsoft.com/en-in/blog/benefits-of-using-azure-api-management-with-microservices/
https://azure.microsoft.com/en-in/blog/application-gateway-ingress-controller-for-azure-kubernetes-service/
I don't have expertise on Ocelot.
@@Pwncic
Any update on the issue?
Please 'Accept as answer' if it helped, so that it can help others in the community looking for help on similar topics.