Skip to content

Forwarding Proxy

In some environment Pulse Sensors can have limited network connectivity to push signals to the Pulse API. In these cases, a Forwarding Proxy can be used to forward signals to the Pulse API. The forwarding proxy can also be used to forward signals from multiple Pulse sensors to the Pulse API endpoint there by reducing the number of network egress points for an organization.

Pre-Requisites

Create a Shared Secret

Create random shared secret that is shared between the sensor and the Pulse Forwarding Proxy. The shared secret is used to authenticate communication between the sensor and the Pulse Forwarding Proxy.

The shared secret can be generated using the following command:

openssl rand -base64 32

Use the shared secret from the command above to authenticate requests

Create a API Key (Personal Access Token)

API key needs to be generate for the stream API REST endpoint to be used in the Sensor configuration. This can be generated using the credentials to login to the Pulse Dashboard (emailid + password).

Use a REST client (ex: Postman/ARC/curl) to initiate a request: 1. Request Type: POST 2. URI: (api-URL)/auth/login 3. Request Body: 

{
  "username": "<email-id>",
  "password": "<password>"
}
4. Content-type: application/json 5. Response (success): 
{
  "orcas-token": "TOKEN"
}
6. Response (failure): 
{
  "error": "Invalid request"
}
Use the TOKEN from step 5. above to authenticate requests for API operations.

How it works

The forwarding proxy recieves signals from the Pulse Sensor and forwards them to the Pulse API endpoint. The forwarding proxy can be deployed in the same Kubernetes cluster as the Pulse Sensor or in a different Kubernetes cluster. The forwarding proxy can also be deployed in a different network (on-prem) and can be used to forward signals from multiple Pulse Sensors to the Pulse API endpoint.

Authentication between the Pulse Sensor and the Forwarding Proxy is done using a shared secret. The shared secret is configured in the Pulse Sensor and the Forwarding Proxy.

Authentication between the Forwarding Proxy and the Pulse API endpoint is done using an API key (Personal Access Token). The API key is configured in the Forwarding Proxy.

Deployment

Download Sensor Docker Image

(Forwarding Proxy is a function of the Pulse Sensor) Download docker image (can be skipped if external repositories are open for the end user's Kubernetes installation) and upload to internal repo.

Pulse Sensor image tag: registry.gitlab.com/orcasio/platform/orcas-pulse:latest

Deploy Pulse Sensor Controller in Forwarding Proxy Configuration

Deploy the Pulse Sensor Controller to the cluster. The controller deployment configuration can be found here: Forwarding-Proxy

Note

Ensure all TODOs in the file are completed before applying the configuration to the cluster.

kubectl apply -f forwarding-proxy.yaml -n <tenant-id>