4 months ago
I was curious if there is a recommended way of making networking happen between two projects in the same account. This would be a useful feature for allowing access to admin/backchannel APIs that really have no business being available publicly without having to figure out how to add authentication to those endpoints.
As far as I know the private networking is scoped to exactly one environment, so right now bridging to a different enviroment seems infeasible.
But I think this would be a desirable feature in the long run to allow scenarios where multiple projects might need access to a central dependency like an authentication service's admin API without having to expose that dependency to the public network.
And of course without having to put all those serivces in the same enviroment.
0 Replies
4 months ago
may i ask what is undesirable about putting related services in the same project?
Well, if the only relation between the other components is that single common component, that does feel like an antipattern
Authentication is a good example here. If you have SSO for all your applications, that does not feel like enough of a reason to put all those applications in the same project with the SSO provider
That said, I am thinking of projects as discrete applications similarly to how deployment solutions like argocd would compartmentalize them
4 months ago
thats fair, so for now if you have something centralized in another project you would need to connect to it via the public network
I see, in that case I should deploy an API gateway solution to protect the admin api from unauthorized access
as I want to use ory kratos and ory hydra for my solution, ory oathkeeper should do the job just fine as it was designed for this purpose
4 months ago
no problem!
4 months ago
!s
Status changed to Solved brody • 4 months ago