1. Docs
  2. SaaS Shield
  3. Vendor API
  4. Deployment

Vendor Bridge

The Vendor Bridge Docker container includes health check endpoints and some configuration options. We also have recommended starting points for computing resources and examples of deployment files that may be helpful in creating your own deployments.


The overview includes instructions for obtaining the Docker container image, obtaining the required configuration, and getting it running in a Kubernetes environment or locally in Docker.


  • RUST_LOG. Default: INFO. Level of logging from the Vendor Bridge. Possible values in decreasing severity: ERROR, WARN, INFO, DEBUG, and TRACE.
  • VAB_REQUEST_TIMEOUT. Default: 30,000 ms. Maximum time (in milliseconds) to wait for a single request. If the time is exceeded, the request will be canceled.

Health and Liveness Checks

The Docker container also exposes endpoints for checking liveness and health of the container. The checks are implemented based on the Kubernetes lifecycle concepts. Both the /health and /live endpoints return a 200 status code if the Vendor Bridge is online and ready to receive requests.

Horizontal Scaling

This container is stateless and can be scaled horizontally.

Failure Modes

Configuration Broker Down

The Vendor Bridge exchanges KMS configurations for tenants with the Configuration Broker (CB). If the CB is inaccessible or down these things will be true:

  • New Vendor Bridge instances will not be able to start up until they can reach the CB to get service account metadata.
  • Any running Vendor Bridge will be unable to communicate with the CB.

Example Kubernetes Deployment

apiVersion: apps/v1 kind: Deployment metadata: name: vendor-bridge spec: selector: matchLabels: app: vendor-bridge template: metadata: labels: app: vendor-bridge spec: securityContext: runAsUser: 2 # Any non-root user will do. runAsGroup: 2 fsGroup: 2 runAsNonRoot: true containers: - name: vendor-bridge image: gcr.io/ironcore-images/vendor-bridge:{CHOSEN_TAG} resources: # See https://ironcorelabs.com/docs/saas-shield/vendor-api/overview/#startup requests: cpu: 2 memory: 512Mi limits: cpu: 2 memory: 512Mi envFrom: - secretRef: # See https://ironcorelabs.com/docs/saas-shield/vendor-api/overview/#startup name: vendor-bridge-secrets env: - name: RUST_LOG value: info # Values are trace, debug, info, warn, error ports: - containerPort: 3000 name: http livenessProbe: httpGet: path: /live port: http readinessProbe: httpGet: path: /ready port: http securityContext: allowPrivilegeEscalation: false

Was this page helpful?