Alibaba Cloud Service Mesh (ASM) supports custom external authorization. You can add an authentication process to the communication between services to ensure that only authenticated requests can access key services. This topic uses the httpbin application as an example to describe how to implement custom external authorization.
Prerequisites
- An ASM instance is created. For more information, see Create an ASM instance.
- A Container Service for Kubernetes (ACK) cluster is created. For more information, see Create an ACK managed cluster.
- The ACK cluster is added to the ASM instance. For more information, see Add a cluster to an ASM instance.
Step 1: Create an external authorization application
Create an external authorization application named ext-authz in an ACK cluster to
implement external authentication logic. The ext-authz application used in this topic
specifies that only requests with the x-ext-authz: allow
request header can be authenticated to access the httpbin application.
Step 2: Create sample applications
Step 3: Manage the external authorization service
Declare the ext-authz application that you created in Step 1 to an ASM instance so that the ASM instance can use the application to authenticate requests.
Step 4: Create an authorization policy
Create an authorization policy to configure the request operation that requires authentication.