Module 3

With their growing popularity, Travelz Corp would like to add new channels to their existing portals. They plan to onboard travel partners that require secure access to their flights, cars and hotel offerings.

All incoming traffic from the external partner portal needs to be secured and managed. Travelz Corp also wants to protect the endpoints by easily applying rate limiting and specific levels of access based on systems and users.

To safely expose their core services to external travel partners, Travelz Corp decides to embrace a policy-as-code approach. This approach provides a repeatable and automated way to manage the policies that can be applied to incoming north-south traffic and thereby easily define security through code.

The team adopts Red Hat Connectivity Link which is based on Kuadrant open-source project, to enable secure traffic management across multi-cluster environments.

Red Hat Connectivity Link extends the capabilities of Gateway API, the new Kubernetes standard for Ingress. It offers Policy APIs to support DNS management, TLS certificate lifecycle management, authentication, and rate limiting.

The Red Hat Connectivity Link policies are applied on the HTTP traffic being routed to a Service by using a Gateway and an HTTPRoute resources.

Platform Engineers can apply policies to the Gateway and thereby govern the lower levels of the network (HTTPRoute/Services), until a more specific policy is applied.

With this approach, Platform engineers and application developers can collaborate to connect, secure, and protect distributed services and applications through the right policies needed to protect exposed endpoints.

The next sections walks you through the activities as a Platform Engineer and a Developer securing the travel-agency core services for third-party partner access