Tokkio Ingress#
Tokkio ingress gatekeeps all requests flowing into the backend server. It provides features like routing, authentication, authorization, session management, and etc.,
The structure of the ingress can be divided into two components:
Nginx Ingress: Nginx reverse proxy mainly handles the session management. It distributes and validates client token against server. The session behavior can be configured to fixed-duration mode or auto-refresh mode depending on the use cases.
Lifecycle Manager: This module provides HTTP endpoint to probe the health of the underlying application and manages the traces for the observability stack.
Tokkio Ingress uses cookie to grant access on a first-come-first-serve basis with a capacity limit. It can be configured with the maxNumSession parameter. Once a client connects, it takes up one capacity until it disconnects. Any additional connection to Tokkio ingress that exceeds the maxNumSession will be rejected
A user can enable/disable TLS at Tokkio ingress by configuring the enableTLS parameter. When TLS is enabled, the user is expected to mount a valid TLS certificate into the container . If not, a self-signed certificate will be used. TLS is disabled for any CSP deployment. allows the user to mount in TLS certificate, otherwise.
Parameters to Tokkio ingress can be configured at app building time through the UCS tools.
Parameters |
Description |
|---|---|
maxNumSession |
Max number of session allowed |
enableTLS |
Enable/disable transport layer security |