Client registration
External clients need to use TLS to communicate with the system securely. Clients must enroll in the system in order for certificates to be created for TLS communication.
Enrollment
Clients issue an enrollment request to the client controller, which handles certificate creation, and the client controller responds to the client with a unique client ID.
This step requires an access token that can be retrieved as described here
Below is an explicit example of enrolling a client using curl
curl https://${INSIGHTS_HOSTNAME}/clientcontroller/enrol -H "Authorization: Bearer ${INSIGHTS_TOKEN}" -d '{ "name": "my-client", "topics": { "insert": "data", "query": "requests" }}'
Example response
{"message":"success","detail":"Client enrolled","url":"d0c8ae0ae920f4ed78b2b8725dffdb74"}
Topics
The topics.insert
field must match the rt.sequencer.topic
in Helm values file, by default this is data
.
Retrieving certs and endpoints
Once the client is enrolled, they can use their unique client ID to communicate with the information service to retrieve their certificates and information about the endpoints corresponding to the topics they registered with.
Below is an explicit example of retrieving the certs and endpoints using curl
curl https://${INSIGHTS_HOSTNAME}/informationservice/details/d0c8ae0ae920f4ed78b2b8725dffdb74 | jq .
Example response
{
"name": "my-client",
"topics": {
"insert": "data",
"query": "requests"
},
"ca": "<redacted>",
"cert": "<redacted>",
"key": "<redacted>",
"insert": {
"insert": [
":12.33.33.193:5000"
],
"query": [
":12.33.33.193:5000"
]
},
"query": [
":12.44.212.322:5050"
]
}
Client removal
If a client is no longer being used, a removal request can be issued to delete the client's certificates from the system.
Removing a client requires an access token that can be retrieved as described here
Below is an explicit example of removing a client using curl
curl https://${INSIGHTS_HOSTNAME}/clientcontroller/leave -H "Authorization: Bearer ${INSIGHTS_TOKEN}" -d '{ "name": "my-client" }'
Example response
{ "message": "success", "detail": "Client removed" }