Closed altinnadmin closed 7 months ago
@altinnadmin The Altinn 3 infrastructure already has an abstraction layer in API Management. API Management can already prevent any backend changes from affecting external users of the Platform API.
With that being said, I have actually suggested (internal link) something similar to this for the hostnames of the API in backend. The reason was the content of the OpenAPI specifications that each API would generate. They can't be imported into API Management without changes. We now have a small PowerShell script that does the necessary changes.
Please note that my suggestion requires changes not only in hostname but also in how the application itself include its name. eg: https://platform.altinn.no/profile/v1 -> https://profile.platform.altinn.no/v1
@SandGrainOne Thanks for the feedback!
The layer in API Management is not "good enough", since that implies a dependency on Azure. If, for example, we wanted to host Storage on-prem, we probably would not want all data to flow through Azure API Management. ref. Schrems II. That means Storage would need a separate IP-address and also exposing the subdomain externally.
Agree, changing the name in the URL also makes sense if we do this.
@altinnadmin My assumption is that any APIM product would have the same capability. There are also other reverse proxy products that can do similar "URL rewrites". We are already using NGINX and Treafik at other points in our infrastructure.
Does not matter :) The point here is that we should be able to NOT use APIM for one microservice if we so desire, or use APIM in AWS instead for one microservice.
Lagt inn i TFS https://tfs.ai-dev.brreg.no/Altinn/Altinn/_workitems/edit/50896 Trenger tilbakemelding fra dere når infrastruktur skal kobles på
@SandGrainOne Bør det opprettes et nytt issus for det som evt gjenstår, og lukke denne?
Maybe @altinnadmin can pitch in whether anything has changed or if this still stands.
I guess our current push towards moving to independent infrastructures for each product indirectly solves my original concern, since those products then can be hosted anywhere on any domain.
And the decision to use a common APIM across products and move towards a "unified" api.altinn.no domain for external APIs, also makes this issue less relevant as it stands.
So perhaps this just should be closed. Agree @SandGrainOne ?
Enig. Lukkes.
Description
Currently all our Platform microservices lives in https://platform.altinn.no/
This means that it will be difficult to host our microservices in different infrastructures without affecting external systems, f.ex. some in AWS, some in Azure and some on-prem.
To solve this we could introduce separate subdomains for each Platform component, for example:
https://storage.platform.altinn.no https://profile.platform.altinn.no etc.
This will be like our app clusters: https://digdir.apps.altinn.no https://ssb.apps.altinn.no etc.
In scope
Out of scope
Constraints
If we should do this it should be done early. When too many orgs star using Altinn 3 this will be very hard to change.
Analysis
Conclusion
Tasks