Is your feature request related to a problem?
We are exploring an Open OnDemand app for exposing an interLink API server through the OOD portal proxy, and I think this could be a valuable integration for the OOD ecosystem. interLink provides a way to connect Kubernetes-style workload orchestration to remote execution backends through a pluggable API server and provider plugin model.
From an OOD perspective:
- expose remote execution backends through the OOD access model
- let users attach (on-demand) their Kubernetes clusters to resources on HPC batch systems
- keep access to those services behind the OOD portal rather than exposing them separately
- support with all types of cloud-native frameworks beyond traditional browser UIs
Describe the solution you'd like
Unlike a typical Batch Connect app such as Jupyter, the target service here is not primarily a browser UI. It is an HTTP API that needs requests forwarded through the OOD reverse proxy authorized via an Authorization: Bearer ... token.
Afaict OOD’s reverse proxy model works very well for browser-oriented apps, but API-style services seem to need an endpoint/mechanism that can provide an authz mechanism equivalent to the browser one.
Without something along those lines, the proxied service is reachable through OOD, but it is hard to secure it in a way that is natural for programmatic API clients rather than interactive browser sessions.
Am I reading the situation wrongly? Are there any plans? We are open to contributing, in case this is of any interest.
Alternatives considered
No idea, any other option?
Is your feature request related to a problem?
We are exploring an Open OnDemand app for exposing an interLink API server through the OOD portal proxy, and I think this could be a valuable integration for the OOD ecosystem. interLink provides a way to connect Kubernetes-style workload orchestration to remote execution backends through a pluggable API server and provider plugin model.
From an OOD perspective:
Describe the solution you'd like
Unlike a typical Batch Connect app such as Jupyter, the target service here is not primarily a browser UI. It is an HTTP API that needs requests forwarded through the OOD reverse proxy authorized via an Authorization: Bearer ... token.
Afaict OOD’s reverse proxy model works very well for browser-oriented apps, but API-style services seem to need an endpoint/mechanism that can provide an authz mechanism equivalent to the browser one.
Without something along those lines, the proxied service is reachable through OOD, but it is hard to secure it in a way that is natural for programmatic API clients rather than interactive browser sessions.
Am I reading the situation wrongly? Are there any plans? We are open to contributing, in case this is of any interest.
Alternatives considered
No idea, any other option?