DIGIT Multi-Tenant traffic routing strategy

Owned by Kaviyarasan P
Mar 14, 2022
2 min read

DIGIT Multi-Tenant traffic routing strategy 

 

Intent: To facilitate the seamless flow of application request between DIGIT and tenant specific services deployed across different namespaces

 

Problem Statement: When UI based applications are deployed in tenant specific namespaces they won’t be able to change the domain to make API requests which makes the routing bit more complex than anticipated since all requests needs to be passed to ZUUL deployed in DIGIT namespace for auth and validation.

 

Assumptions: 

  1. Zuul will be deployed only in the Digit namespace, not in any state specific namespaces.

  2. UI applications are not capable of choosing the DNS URL to make API calls, they will have to make use of the given existing URL.

 

Available Options: Updating ingress rule to route only backend application to DIGIT namespace for auth and routing. UI applications need not be routed.

 

Proposed Solution:

  1. All the ingress rules to route the traffic to various services DIGIT + Tenant specific services, will be centrally maintained and updated in digit namespace. 

  2. The tenant specific services may not be deployed in digit namespace but still need to add an ingress rule for routing the call though DIGIT API gateway ZUUL.

  3. No ingress rules required to be added in any other namespaces since ZUUL will be running only in digit namespace and adding rules in another namespace will result in 404 because of the unavailability of ZUUL in the said namespaces.

  4. The above said three rules will not apply to UI Services (Citizen and employee) since they don't avail the services of ZUUL.

Challenges:

  • Everytime, when a new service is added by the tenants, it requires an update in the ingress and the zuul routing rules in DIGIT.

  • This will be an operational task for the central team. 

 

NOTE: The routing of state specific services (such as master data service, PT-Calculator ) post entering the ZUUL will be routed based on predefined route configs as confirmed earlier with help of Internal-gateway and are not affected by these changes.

 

Annexures: