Placing the Redash analytical reporting service downstream of Kong
| 🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions. |
1. General description
In the current version of the Platform, Redash is publicly accessed through OpenShift HAProxy. This approach causes two issues:
-
Potential vulnerability of the Redash publishing service when it is located outside the dedicated API gateway for external traffic.
-
When configuring your DNS name for user portals, there is a need to configure a separate name for the Redash analytical report publishing service.
Placing the Redash downstream of Kong can resolve those issues.
2. User roles
-
Officer
3. General provisions
Repositioning applies only to the Redash analytical report publishing service (redash-viewer).
* The traffic to Redash must go through main Kong using the officer portal root with the /reports path.
* Kong has to check the availability of the JWT token, and in case of its absence, redirect the user to the Keycloak users and roles management subsystem for authorization.
4. Functional scenarios
5. Development plan
5.1. Technical expertise
-
BE
-
Frontend
-
DevOps
5.2. Development plan
-
Change the context path in Redash.
-
* Change the context path from root in all components where a URL is found in Redash, namely registry-regulation-publication-pipeline, registry-configuration, redash_chart.
-
Position Redash downstream Kong by applying the required configuration in the Kong resources.
-
Change the URI in the officer portal to a new one.
-
Allow traffic from Kong to Redash Viewer.
-
Delete the hidden DNS configuration fields for Redash in the admin portal code, and the custom DNS configuration for Redash in common-web-app.
7. Glossary and acronyms
| Term | Description |
|---|---|
Kong |
API gateway for external traffic |
URI |
A Uniform Resource Identifier (URI) is a unique sequence of characters that identifies a logical or physical resource used by web technologies. |