Discovering APIs on Istio
Instructions on how to discover your APIs deployed on Kubernetes with Istio
API discovery with Istio Authorizer
The ACP Istio Authorizer supports the automatic service discovery based on OpenAPI specification.
A service can use the
services.k8s.cloudentity.com/spec-url annotation on a deployment resource
to specify an url where its OpenAPI or Proto specification is available, for example:
kind: Deployment metadata: name: hello labels: app: hello namespace: default annotations: services.k8s.cloudentity.com/spec-url: "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/examples/v3.0/petstore.yaml"
Istio Authorizer scans deployments and once it finds the annotation described above, it fetches the specification, parses it to get a list of APIs that a service is exposing, and then it’s sending this information to ACP.
By default, Istio Authorizer is configured to perform the service
discovery only in the default namespace. To make Istio Authorizer perform the service
discovery in more namespaces, configure them by adding the
--namespace default,my-custom-ns flag to
args of the
istio-authorizer deployment in