Network Architecture
Main difference for "onpremise/direct" hosting of Security Server services - to now modern kubernetes(k8s) Security Server services are as follows:
| direct hosted Security Server-services / TCP-connection: | Server |
|---|---|
| Security Server-MGT | <hostname_ssms>:8443 |
| Security Server-SERVICES (SOAP) | <hostname_ssms>:8445 |
| Security Server-SERVICES (REST/-ASM) | <hostname_ssms>:80 bzw. <hostname>:443 |
| k8s hosted service | Server (Host) | Path (IngressController) |
|---|---|---|
| Security Server-MGT | ssms.<cluster.domain.net>:443 | ssms.<cluster.domain.net>/ssms-gui |
| Security Server-SOAP | ssms.<cluster.domain.net>:443 | ssms.<cluster.domain.net>/ssms-services/soap |
| Security Server-REST | ssms.<cluster.domain.net>:443 | ssms.<cluster.domain.net>/ssms-services/rest |
| Security Server-ASM | ssms.<cluster.domain.net>:443 | ssms.<cluster.domain.net>/ssms-services/asm/rest/device |
The TCP connectivity will be utilizing one port only (443) and the Ingress-Controller functionality is used to route to the appropriate Kobil Security Server service. There is no need to specify different ports.
For the application API use-case the k8s-hosted services are more simple now due to only handle all traffic to one port only.
To access the Kobil-Services internally within the k8s-cluster (and not going via Ingress-Controller) please have a look to the k8s-service declarations (specific services and ports)