How do I make an authorization request from cronjobs to a secure API endpoint?

php editor Strawberry will introduce how to issue authorization requests from cronjobs to secure API endpoints. When developing web applications, we often need to use cronjobs to perform some scheduled tasks. However, sending requests directly from cronjobs may be a security risk, so we need to take some measures to ensure the security of the requests. This article will answer this question in detail and provide practical methods and suggestions to help developers solve this problem.

Question content

I have a golang application that does API key authorization via JWT token

I'm using Kubernetes. So, this golang application lives in a pod.

Now I want to create another application for cronjobs to access the golang endpoint once a week.

What I need:

How toperform/skipauthorization?

Skip: No need for Ingress here as I can simply call it internally. Will this help the case?

What I tried:

I tried keeping the cronjobs and api in the same application so that I could simply call the service instead of the endpoint , but this also has a drawback. I can't create replicas because they also replicate cronjobs and the same endpoint will be hit 1*no ofreplicas times

I want to call the "abc.com" endpoint once a week. It requires a token, and I can't simply pass a token. I hope there is a way to solve this problem.

Workaround

It would definitely help if you could just call them internally without exposing them. If two Pods (and therefore deployments) are running under the same cluster, you can use Kubernetes' internal DNS.

K8s automatically creates DNS records for the services you create, which can be used for internal communication in the following format: <service-name>.<service-namespace>.svc.cluster.local

More information from the official documentation: Services and DNS Pods

If this sounds weird or it helps understand the gist of it, try thinking of an "endpoint" as a rule added to the system's hosts file: it basically boils down to adding a rule where < service-name>. <service-namespace>.svc.cluster.local points to the IP address of your pod unless it is auto-completed

For example

• Your golang application is running inside a Pod.
• You created a service pointing to it under the namespace go-apps named go-api.
• If your cron-job worker thread is running in a Pod within the same cluster, you can use go-api.go-apps.svc.cluster.local[:<port>] to Access your application without using Ingress李>

Authorization is up to you as you usually handle it directly or using a specific framework. For example, you can add a custom endpoint path within your application to ensure that the only accepted clients are from the same private IP subnet of the cluster, either without using a token (not recommended) or using a specific semi-fixed one that you generate and Controlled one so you can send requests from your crons to something like: go-api.go-apps.svc.cluster.local:8080/api/v1/callWithNoAuth

The above is the detailed content of How do I make an authorization request from cronjobs to a secure API endpoint?. For more information, please follow other related articles on the PHP Chinese website!